Cloud

11/21/2017
03:29 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

FireMon launches Intelligent Policy Automation for Cloud at AWS re:Invent 2017

IPA for Cloud to reduce breaches attributed to security misconfigurations in the cloud.

OVERLAND PARK, KANSAS & DALLAS, TEXAS – FireMon, the leader in Intelligent Security Management, will debut Intelligent Policy Automation (IPA) for Cloud at this year’s AWS re:Invent in Las Vegas, Nov 27 – Dec 1, 2017. With IPA for Cloud, the company extends its industry-leading change automation framework to security controls in AWS.

FireMon’s vision for a faster, more intelligent way to implement changes to network access centers on the impact of changes on risk and compliance to reduce the time and number of errors associated with more traditional approaches to change management. According to Gartner analysts Adam Hils and Rajpreet Kaur in their report One Brand of Firewall Is a Best Practice for Most Enterprises, “Through 2020, 99% of firewall breaches will be caused by firewall misconfigurations, not flaws in the firewall.”* With recent headlines, it seems this trend will affect more than traditional firewalls as enterprises more to the cloud.

“IPA for Cloud from FireMon essentially allows any organization the ability to gain control of its configuration fate with real-time analysis of controls across the enterprise and an intelligent automation framework that reduces the likelihood of human error,” said Matt Dean, VP of Product Management, FireMon. “We’ve seen these misconfigurations affecting many organisations where information is left inadvertently exposed.”

“IPA for Cloud complements the Amazon service and offers organizations added assurance that their configurations are accurate, secure and compliant in a timely matter, so organizations can take advantage of the nimble nature of cloud platforms,” he explained.

FireMon’s IPA delivers cloud security assurance. Beginning with access requests, forms can be customized to capture the complete requirements upfront to ensure the designed change achieves the intended outcome. From there, IPA’s workflow takes over providing checks for accuracy and compliance along the way, including a pre-change impact simulation based on fully customizable control assessments.

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Veterans Find New Roles in Enterprise Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/12/2018
Empathy: The Next Killer App for Cybersecurity?
Shay Colson, CISSP, Senior Manager, CyberClarity360,  11/13/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Post a Comment
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-15759
PUBLISHED: 2018-11-19
Pivotal Cloud Foundry On Demand Services SDK, versions prior to 0.24 contain an insecure method of verifying credentials. A remote unauthenticated malicious user may make many requests to the service broker with different credentials, allowing them to infer valid credentials and gain access to perfo...
CVE-2018-15761
PUBLISHED: 2018-11-19
Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arbitrary scopes that escalates their privileges...
CVE-2018-17190
PUBLISHED: 2018-11-19
In all versions of Apache Spark, its standalone resource manager accepts code to execute on a 'master' host, that then runs that code on 'worker' hosts. The master itself does not, by design, execute user code. A specially-crafted request to the master can, however, cause the master to execute code ...
CVE-2018-1841
PUBLISHED: 2018-11-19
IBM Cloud Private 2.1.0 could allow a local user to obtain the CA Private Key due to it being world readable in boot/master node. IBM X-Force ID: 150901.
CVE-2018-18519
PUBLISHED: 2018-11-19
BestXsoftware Best Free Keylogger 5.2.9 allows local users to gain privileges via a Trojan horse "%PROGRAMFILES%\BFK 5.2.9\syscrb.exe" file because of insecure permissions for the BUILTIN\Users group.