How to detect security and compliance risks on an ongoing basis and streamline audit processes for AWS resources
Fugue Infrastructure as Code
Secure your infrastructure as code (IaC) in development and CI/CD —and use the same policies to secure your cloud runtime.
Fugue Cloud Security and Compliance
Fugue’s SaaS product and open source tools provide immediate visibility into AWS, Azure, and Google Cloud environments, and identify potential misconfiguration and compliance violations - before and after resources are deployed.
Fugue for AWS
AWS IaaS and PaaS tools have created challenges for teams responsible for managing compliance and security risks.
Fugue for Google Cloud
Prove cloud infrastructure compliance, eliminate cloud misconfiguration, and Shift Left on cloud security in Google Cloud.
With the Fugue visualizer, DevOps teams, security engineers, and compliance analysts can auto-generate visual diagrams of their cloud resources.
PCI Compliance Made Easy With Fugue
If your organization accepts or processes payment cards, PCI DSS applies to you.
Engineer's Primer on Cloud and IaC Security
A practical guide for understanding the nature of cloud vulnerabilities and threats and thinking critically about securing your unique cloud use case at every stage of the development lifecycle.
The State of Cloud Security 2021 Report
The cloud security landscape is changing rapidly, challenging the teams responsible for keeping environments secure. Cloud environments are growing in scale and complexity.
Engineer's Handbook on Cloud Security
This handbook is a comprehensive guide for understanding misconfiguration and why it’s so pervasive — and how hackers exploit these often hidden vulnerabilities.
Guidebook to Achieving SOC 2 Compliance for Cloud Infrastructure
For any organization that holds, stores, or processes customer data in the cloud, SOC 2 compliance is necessary. Why is it important? How is it different than SOC 1 compliance? How do you achieve SOC 2 compliance?
An Enterprise Guide to PCI Compliance
In this guidebook, we are going to break down the complexities associated with PCI and discuss the requirements for enterprises to be PCI compliant.
Executive Guide to Cloud Security
This guide discusses how the cloud’s programmable nature fundamentally changes how one should think about cloud security. It requires executives to have a different mindset and understanding of computing.
Best Practices to Ensuring Compliance with Baselines
As organizations increase their cloud footprint, they will need continuous visibility into their cloud environments to prevent unauthorized changes from causing security breaches. One of the ways to gain visibility into your cloud infrastructure is with baselines.
An Introduction to Fugue with Josh Stella
Take a look into the heart of Fugue with CEO Josh Stella. Learn how Fugue can bolster security across CI/CD and runtime, and about the engines that make it possible.
Introduction to Fugue Infrastructure as Code
Introducing Fugue Infrastructure as Code. Get a feel for the platform and its capabilities in this video with Fugue Solutions Engineer Ricardo Green.
Fugue in 3 minutes
Watch our short 3-minute video to see how Fugue can simplify your cloud security and compliance.
AWS Environment Discovery and Visualization
How to use Fugue to discover and visualize all the cloud resources you have running and how they are configured.
Baselining Your AWS Environment & Detecting Drift
How to use Fugue to baseline your cloud configurations and detect drift.
In cloud environments, enterprises face an increased likelihood of configuration and policy compliance violations—which may lead to security breaches, system downtime, and data loss.
Infrastructure as Code Security with Regula
Fugue’s Curtis Myzie (VP Engineering) and Chris Suen (VP Product) will walk through how you can use Regula to identify policy violations in Terraform and AWS CloudFormation to save time and prevent cloud misconfiguration right from the start.
How Hackers Exploit Dev and Test Environments
Join us as Josh Stella shows how hackers exploit common dev and test cloud environment vulnerabilities to steal production data.
Building a Highly Secure S3 Bucket Part I
In this masterclass, you'll gain a deeper understanding of S3 and how to think critically about cloud security for your specific use cases.
Locking Down the Security of AWS IAM
Recent high-profile cloud-based data breaches have involved advanced cloud misconfiguration attacks exploit IAM misconfigurations that compliance controls and security professionals often miss.
In this Cloud Security Masterclass session, we dig into how security is different for serverless cloud infrastructure environments —and what hasn’t changed.
A Conversation with Greg McCord (CalAmp)
A discussion with Greg McCord, Global Head of Information Security at CalAmp, about the Internet-of-Things (IoT), cloud-native architecture, and edge computing, and how they affect IT cloud security.
A Live Chat with Red Ventures/ AWS and Fugue
In this talk, James Huston (Red Ventures), Jon Myer (AWS), and Josh Stella (Fugue) discuss how cloud-native architectures that leverage AWS services such as Lambda and Step Functions can minimize your cloud attack surface, streamline security audits, and benefit your end customers.
Cloud Security for Newly Distributed Engineering Teams
Tips and strategies on how to avoid the common pitfalls of remote teams.
Automating Cloud Security with Open Policy Agent
In this webinar, you will learn how to utilize Open Policy Agent (OPA), an open source policy as code framework, to secure your cloud environments.
Open Source Policy-as-Code for all the Things
Open Policy Agent (OPA) has emerged as a leading framework for policy-as-code. In this webinar, you will learn how OPA works and the myriad of advantages of choosing OPA.
Integrating Infrastructure Security and Compliance into CI/CD
Application teams are increasingly moving security and compliance checks earlier in the software development life cycle (SDLC), when corrective changes are easier and faster to make.
Remediating Cloud Security Issues: Automation Scripts vs. Self-Healing Infrastructure
This webinar focuses on two common approaches to automated remediation: lambda functions vs. self-healing infrastructure and their effectiveness in managing cloud misconfiguration risk, impact on cloud operations, and ROI.
Shifting Left on Infrastructure Security and Compliance
This webinar explores using cloud environment baselining as the mechanism for shifting left on infrastructure security and compliance.
Cloud Misconfiguration Risk: What You Need to Know to Prevent Critical Breaches
Watch this webinar to gain a better understanding of cloud infrastructure misconfiguration, a major risk to any enterprise adopting the cloud and scaling cloud operations.
Unraveling the Pitfalls of Soc 2 Audits
SOC 2 standard applies to any organization that stores or processes customer data in the cloud. How can organizations best prepare for their SOC 2 audit?
Security Threats Posed by Orphaned Cloud Resources
Orphaned cloud resources represent significant risks of misconfiguration and data breaches. A long-forgotten EC2 instance or VPC may contain OS vulnerabilities that hackers can use to gain access to your cloud environments.
Simulating Cloud Misconfiguration Attacks: AWS IAM
AWS Identity and Access Management (IAM) misconfiguration has become a primary attack vector for bad actors seeking to breach data on AWS. Even the most security-conscious cloud engineers can inadvertently misconfigure IAM services resulting in privilege escalation attacks or unauthorized account access.
Simulation of Insider Threat Attacks on AWS
Misconfigured cloud resources can empower malicious insiders with the ability to do real damage to your organization. Ill-intentioned employees and contractors have an added advantage over outsiders: better means of discovering, accessing, and exploiting cloud resources.
Simulating Cloud Misconfiguration Exploits: Hacking Database Snapshots on AWS
Securing production databases on AWS is a top priority for cloud and security teams, but less attention is paid to preventing the kinds of alternative attack vectors we've seen in the news recently. One scenario involves building new databases from backup snapshots to steal data without detection.
Live Simulation of an Advanced Cloud Misconfiguration Exploit
Recent high-profile cloud breaches involve advanced tactics that took advantage of multiple resource misconfigurations to gain entry to environments, discover resources, move laterally, and extract data—all without detection. They don’t typically break compliance rules, and security teams won’t likely recognize them as vulnerabilities.
Bringing Your Cloud Into Compliance and Proving It
In this masterclass session, Fugue co-founder and CTO Josh Stella and Dave Williams, Cloud Architect at New Light Technologies, walk through a tried-and-true process for achieving cloud compliance that works for any cloud team, any cloud environment, and any compliance regime.
Whitepaper & Reports
The State of Cloud Security 2021 Report
Fugue surveyed 300 cloud professionals to gain insights into misconfigurations and cloud security during the COVID-19 crisis.
Cloud Infrastructure Security and Compliance Report
Download this survey for insights into what 300 organizations feel about their cloud operations, level of maturity, and security and compliance challenges as they migrate their infrastructure to the cloud.
4 Benefits to Visualizing Your Cloud Infrastructure
4 benefits to visualizing your cloud infrastructure
DevOps Teams: Beware the Security Risk of Cloud Zombies
Zombie cloud resources, by definition, are not tracked by cloud and security teams, and pose real security misconfiguration risk.
Cloud Security: Four Key Practices to Get Started
Best practices for securing your cloud infrastructure
Approaches to Cloud Security
An increasingly common approach to speed up remediation is to use AWS Lambda or Azure Functions. In this infographic, we explore another approach.
7 Things to Remember About Baselines
Baselines are another way to manage cloud configuration drifts. Here are 7 things to remember about baselines.
Best Practices for Preventing Cloud Misconfiguration
Five best practices for preventing cloud misconfiguration
"I'm seeing a lot of cloud configuration errors in the real world - and it's scaring the hell out of me."