Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

How to Secure Public Cloud and DevOps? Get Unified Visibility.

One of the most transformative changes in the IT industry over the last decade has been the adoption of public cloud (IaaS) services such as AWS, Azure and GCP.

Public clouds are more than “just” running servers in a remote data center. They’re all about using infrastructure as code. This means that the various building blocks they offer – storage services, virtual machines and containers – as well as the underlying network can all be modified via calls to the public cloud APIs. Companies using public clouds gain enormous velocity and elasticity advantages, which have, in turn, fueled the emergence of DevOps.

For all its advantages, public cloud and DevOps adoption also means the use of many new technologies – and a drastic increase in the velocity of change across the attack surface. This leads to reduced visibility into the infrastructure itself and often more complexity, which tends to be the enemy of security.

Cybersecurity starts with cyber hygiene

We believe that security starts with effective cyber hygiene – making sure every bit of the computing infrastructure is accounted for, configured properly and up-to-date. Keeping an eye on the state of the infrastructure and making sure it’s up-to-date reduces the cyberattack surface dramatically. After all, 99% of vulnerabilities exploited today are ones known by security for at least 12 months.

However, cyber hygiene is difficult to maintain in the dynamic world of public cloud. Many security teams we’ve talked to don’t know what’s running, let alone how up-to-date and tightly configured these components are.

Look no further than the many problems stemming from the misuse of public cloud infrastructure, such as default SSH credentials.

Public cloud is a boon to security

In spite of these high-profile incidents, we consider the disciplined use of public cloud as a boon to security – as long as DevOps methodologies and technologies are used wisely. Immutable containers, microservices and automated security testing can actually improve an organization’s level of security.

But, many security solutions are built with physical, on-premise data centers in mind – not with the vital levels of scale and visibility required for public cloud. Security teams need this scale and visibility to keep track of what’s happening in their public cloud infrastructure. It also provides the necessary background and data to properly engage with the DevOps teams – enabling what many in the industry refer to as DevSecOps.

Cyber Exposure: Providing greater visibility into cloud security

The discipline of Cyber Exposure will help security leaders embrace DevSecOps principles to manage and measure the cyber risk of public cloud infrastructure. Traditional vulnerability management practices must evolve to provide greater visibility into cloud security through:

  • Live discovery and continuous monitoring of cloud assets
  • Integration between the static and dynamic scanning of cloud assets across the software development lifecycle
  • Automated, seamless workflow integration with DevOps

Today, we’re excited to announce new and important product capabilities in Tenable.io to help you embrace the use of public cloud:

  • New Cloud Connectors for Microsoft Azure and Google Cloud Platform: Continuously discover and track asset changes in Azure and GCP cloud environments to ensure all cloud workloads are known and assessed for vulnerabilities. Together, with the existing Cloud Connector for AWS, these new connectors provide a unified view of cybersecurity risks across the top three most widely deployed public cloud (IaaS) platforms.
  • New container runtime scanning in Tenable.io Container Security: Gain visibility into the Cyber Exposure of containers running in production. This important product enhancement is enabled by the combination of Tenable.io Container Security and Tenable.io Vulnerability Management working together to seamlessly integrate security into the end-to-end DevOps process – from build to production.
  • New web application discovery in Tenable.io Web Application Scanning: Identify web applications owned and deployed across an organization, including previously unknown applications, to understand Cyber Exposure throughout your web application estate. This new capability solves a critical visibility challenge – the number of web applications deployed is often much higher than what the security team is aware of.

We’re thrilled with the growing use of DevOps, and believe it can really help security when done right. Public cloud is a pillar of DevOps. With the right insight and seamless integration, security teams can enable DevSecOps to provide the necessary guardrails for any organization to use these new technologies safely and responsibly.

Resources: How to secure public cloud infrastructure

For more information:

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training