Resource Center

Fugue Cloud Security and Compliance

Fugue’s SaaS product and open source tools provide immediate visibility into AWS, Azure, and Google Cloud environments, and identify potential misconfiguration and compliance violations - before and after resources are deployed.

Fugue Visualizer

With the Fugue visualizer, DevOps teams, security engineers, and compliance analysts can auto-generate visual diagrams of their cloud resources.

Fugue for AWS

AWS IaaS and PaaS tools have created challenges for teams responsible for managing compliance and security risks.

Fugue for Azure

Fugue ensures that your Azure infrastructure stays in continuous compliance with enterprise security policies.

Fugue for Google Cloud Platform

Cloud Infrastructure Security and Compliance for Google Cloud

PCI Compliance Made Easy With Fugue

If your organization accepts or processes payment cards, PCI DSS applies to you.

SOC 2 Compliance with Fugue

Developed by the AICPA, SOC 2 is designed to address how organizations should design systems of internal controls to address the security, availability, processing integrity, confidentiality, and privacy of customer data.

NIST 800-53 Compliance

Fugue can enforce NIST 800-53 compliance for cloud infrastructure and reduces time-to-ATO to enable speed-to-mission and improve operational efficiencies.

Building a Highly Secure S3 Bucket Part I

In this masterclass, you'll gain a deeper understanding of S3 and how to think critically about cloud security for your specific use cases.

Building a Highly Secure S3 Bucket Part II

In this Cloud Security Masterclass, Fugue digs deeper into three critical components of S3 security to help you think critically about security for your unique AWS use cases.

Locking Down the Security of AWS IAM

For enterprise cloud environments, AWS IAM security can become quite complex. Recent high-profile cloud-based data breaches have involved advanced cloud misconfiguration attacks exploit IAM misconfigurations that compliance controls and security professionals often miss.

A Conversation with Greg McCord (CalAmp)

A discussion with Greg McCord, Global Head of Information Security at CalAmp, about the Internet-of-Things (IoT), cloud-native architecture, and edge computing, and how they affect IT cloud security.

A Live Chat with Red Ventures/ AWS and Fugue

In this talk, James Huston (Red Ventures), Jon Myer (AWS), and Josh Stella (Fugue) discuss how cloud-native architectures that leverage AWS services such as Lambda and Step Functions can minimize your cloud attack surface, streamline security audits, and benefit your end customers.

Cloud Security for Newly Distributed Engineering Teams

Tips and strategies on how to avoid the common pitfalls of remote teams.

Automating Cloud Security with Open Policy Agent

In this webinar, you will learn how to utilize Open Policy Agent (OPA), an open source policy as code framework, to secure your cloud environments.

Open Source Policy-as-Code for all the Things

Open Policy Agent (OPA) has emerged as a leading framework for policy-as-code. In this webinar, you will learn how OPA works and the myriad of advantages of choosing OPA.

Live Simulation of Cloud Misconfiguration Attacks

Advanced attacks that exploit a common cloud misconfiguration vulnerabilities with VPCs, IAM, and other services are easily missed by security teams and compliance frameworks.

Integrating Infrastructure Security and Compliance into CI/CD

Application teams are increasingly moving security and compliance checks earlier in the software development life cycle (SDLC), when corrective changes are easier and faster to make.

Remediating Cloud Security Issues: Automation Scripts vs. Self-Healing Infrastructure

This webinar focuses on two common approaches to automated remediation: lambda functions vs. self-healing infrastructure and their effectiveness in managing cloud misconfiguration risk, impact on cloud operations, and ROI.

Shifting Left on Infrastructure Security and Compliance

This webinar explores using cloud environment baselining as the mechanism for shifting left on infrastructure security and compliance.

[Fugue + CSA] Preventing AWS Misconfiguration and the Risk of Data Breaches

Watch this webinar to learn how to secure critical data and ensure that your AWS environments always adhere to policy—without deploying an army of cloud security engineers.

Cloud Misconfiguration Risk: What You Need to Know to Prevent Critical Breaches

Watch this webinar to gain a better understanding of cloud infrastructure misconfiguration, a major risk to any enterprise adopting the cloud and scaling cloud operations.

Unraveling the Pitfalls of Soc 2 Audits

SOC 2 standard applies to any organization that stores or processes customer data in the cloud. How can organizations best prepare for their SOC 2 audit?

Security Threats Posed by Orphaned Cloud Resources

Orphaned cloud resources represent significant risks of misconfiguration and data breaches. A long-forgotten EC2 instance or VPC may contain OS vulnerabilities that hackers can use to gain access to your cloud environments.

Simulating Misconfiguration Attacks: S3 Exploits

Amazon S3 object storage service is easy to use, extremely reliable, and incredibly popular, but it’s also a service that’s easy to get wrong.

Simulating Cloud Misconfiguration Attacks: AWS IAM

AWS Identity and Access Management (IAM) misconfiguration has become a primary attack vector for bad actors seeking to breach data on AWS. Even the most security-conscious cloud engineers can inadvertently misconfigure IAM services resulting in privilege escalation attacks or unauthorized account access.

Simulation of Insider Threat Attacks on AWS

Misconfigured cloud resources can empower malicious insiders with the ability to do real damage to your organization. Ill-intentioned employees and contractors have an added advantage over outsiders: better means of discovering, accessing, and exploiting cloud resources.

Simulating Cloud Misconfiguration Exploits: Hacking Database Snapshots on AWS

Securing production databases on AWS is a top priority for cloud and security teams, but less attention is paid to preventing the kinds of alternative attack vectors we've seen in the news recently. One scenario involves building new databases from backup snapshots to steal data without detection.

Live Simulation of an Advanced Cloud Misconfiguration Exploit

Recent high-profile cloud breaches involve advanced tactics that took advantage of multiple resource misconfigurations to gain entry to environments, discover resources, move laterally, and extract data—all without detection. They don’t typically break compliance rules, and security teams won’t likely recognize them as vulnerabilities.