Cloud Security
Tenable | September 11, 2023
Tenable Holdings, Inc. is strengthening its focus on cloud security through the acquisition of Ermetic Ltd., a cloud-native application protection platform (CNAPP) company specializing in cloud infrastructure entitlement management (CIEM). This strategic move aims to enhance Tenable's Exposure Management Platform by providing improved risk visibility, prioritization, and remediation solutions for both cloud and on-premises environments.
Ermetic's CNAPP offers comprehensive contextual analysis, simplifying the identification of critical issues like privileged access to exposed, vulnerable workloads. The integration of Ermetic's capabilities into Tenable One will broaden Tenable's offerings for hybrid environments, addressing the complex challenge of managing identity-based threats in the cloud.
According to the Cloud Security Alliance's 2022 Top Cloud Threats report, identity-based threats are a top concern in cloud security. Tenable's acquisition of Ermetic seeks to simplify the process of understanding access risks and permissions in the cloud, making it more accessible for security professionals with varying levels of expertise.
“We will have an opportunity to put additional market-leading cloud security capabilities into the hands of tens of thousands of customers,” said Amit Yoran, Chairman and Chief Executive Officer, Tenable. “Together, we will be able to deliver a holistic view of the modern attack surface and help organizations reduce exposure and risk, using identity as an essential foundation,” he further added.
[Source: Globe News Wire]
The combined offerings of Tenable and Ermetic will include a unified CNAPP solution for asset discovery, risk analysis, remediation, and compliance, as well as a robust CIEM solution for managing human and service identities in cloud infrastructure. The integration will provide context-aware risk prioritization across all cloud and on-premises resources and simplify the remediation process.
The acquisition, valued at approximately $240 million in cash and $25 million in restricted stock and RSUs, is expected to close in early Q4 2023. Tenable will finance the cash portion of the acquisition using existing funds. However, Ermetic's financial results in Q4 2023 are not anticipated to significantly impact revenue or billings but are expected to increase non-GAAP operating expenses by $4–6 million.
The combination of Tenable and Ermetic is poised to offer unparalleled visibility and value in managing cloud environments, simplifying the complexity of cloud security management.
About Tenable
Tenable is a prominent player in the computer and network security industry, headquartered in Columbia, MD. With a global footprint, the company serves approximately 40,000 organizations worldwide, including Fortune 500 giants, Global 2000 firms, and government agencies. Leveraging its renowned Nessus vulnerability expertise, Tenable offers a pioneering platform for comprehensively securing digital assets across various computing platforms. Its specialties encompass vulnerability management, continuous network monitoring, compliance, and a range of security solutions for web applications, containers, the cloud, industrial technology, IoT, and more.
Read More
Cloud Infrastructure Management
Lacework | September 25, 2023
Lacework, the data-driven cloud security firm, has been selected by TSB Bank, a prominent British banking institution, to safeguard its cloud infrastructure. TSB Bank's decision to choose Lacework as its cloud security provider demonstrates its commitment to protecting sensitive data and ensuring the highest level of security for its customers. With Lacework's expertise in data-driven security solutions, TSB Bank can confidently rely on their cloud infrastructure being safeguarded against potential threats and vulnerabilities.
TSB's Chief Information Security Officer, Paul Branley, expressed his excitement about the development, stating that the Lacework Polygraph data platform would transform the way their security teams operate. He mentioned that it would enable their developers to concentrate on value-added tasks while also substantially reducing security alerts.
TSB, a longstanding player in the banking sector with over two centuries of heritage, is serving over five million customers through various channels, including digital, phone, and branches across the UK. With a growing digital business, TSB needed a unified cloud security platform to support its multi-cloud landscape. Lacework will facilitate secure and innovative cloud scaling, eliminating vulnerabilities across various cloud configurations and applications.
Andreas Schneider, Field-CISO at Lacework, reportedly mentioned,
Partnering with Lacework, TSB will be able to reduce complexity in their tool landscape, and our anomaly detection will allow them to embed security at any speed and scale."
[Source – Cision PR Newswire]
Lacework's platform will enable TSB to automate audit and compliance processes while seamlessly integrating into DevOps and CI/CD pipelines, ensuring security acts as an enabler of innovation velocity. The adoption of Lacework’s technology by TSB Bank may entail integration challenges, risks related to automation, and uncertainties about real-world effectiveness that could affect TSB's security strategy. TSB Bank's selection of Lacework promises improved cloud security, enhanced developer focus, and support for its multi-cloud landscape, with automation and integration into DevOps pipelines to boost innovation.
About Lacework
Lacework, a leading cloud security company, offers innovative and scalable solutions for robust cloud security. Their flagship product, the Polygraph Data Platform, automates security processes, providing comprehensive risk insights for security and development teams. Lacework's unique ability to analyze data across AWS, Azure, GCP, and Kubernetes environments is a significant advantage for businesses worldwide. Founded in 2015 and headquartered in Mountain View, California, Lacework excels in breach detection, audit and compliance, and container security.
Read More
Cloud App Management
Business Wire | September 29, 2023
CoreStack, a global multi-cloud governance provider, today announced the release of CoreStack Assessments, a product that simplifies and streamlines multi-cloud assessments for managed services providers and their enterprise customers. CoreStack Assessments equips MSPs and SIs to run multi-cloud assessments at scale against cloud-native Well-Architected Frameworks as well as custom frameworks, enabling them to quickly and easily identify and resolve issues across security and compliance, cost, and operations.
As organizations progress their cloud transformation, it’s imperative that they continue to operate in an optimized and well-architected manner, said Cyril Belikoff, GM of Azure and Industry GTM at Microsoft. CoreStack Assessments hits the mark by empowering single and multi-cloud customers with a comprehensive evaluation of architectural alignment with industry best practices.
“We are thrilled to introduce CoreStack Assessments to our partners – and to simplify delivery of cloud assessments,” said Saba Arumugam, CoreStack’s Chief Technology Officer. “Armed with these powerful assessment capabilities, our partners will be able to capitalize more quickly on the opportunities that matter and help their customers realize the full potential of their cloud investments. This solution provides our partners a robust, flexible, and streamlined assessment experience so they can help customers embrace cloud best practices in the most efficient way possible.”
Purpose-built for partners, CoreStack Assessments provides out-of-the-box support for Microsoft Azure, AWS, and GCP frameworks. Partners can also import existing custom frameworks, create custom assessment frameworks based on hyperscaler frameworks, or create new frameworks from scratch. With multi-level hierarchy and identity isolation, a clear and centralized workflow, and highly automated issue detection and recommendations, CoreStack Assessments provides MSPs new levels of assessment flexibility and scalability. The solution also provides powerful collaboration, evidence tracking, and reporting features.
“For Cloudelligent, CoreStack Assessments has been a game changer,” said Dwayne Lyle, Chief Revenue Officer at Cloudelligent. “It has reduced the internal costs to deliver a Well-Architected Review and automated many of our manual activities, accelerating delivery of these assessments by 50% and helping us ensure our customers are always well-architected. Ultimately it has improved the customer experience and differentiated us from other AWS Well-Architected Partners who deliver reviews in a more traditional way.”
CoreStack Assessments is offered alongside CoreStack NextGen Cloud Governance, a powerful set of solutions that leverage AI to provide continuous and autonomous governance for FinOps, SecOps, and CloudOps through one unified dashboard. CoreStack NextGen Cloud Governance is designed to help customers leverage best-of-breed cloud platforms with the least friction possible, boosting top-line revenues and bottom-line efficiencies whether they’re running AWS, Microsoft Azure, GCP, OCI, or a combination of cloud providers.
CoreStack was recently named one of the fastest-growing private companies in the U.S., ranking 835th on the Inc. 5000 List for 2023. CoreStack's inclusion on this prestigious list underscores its striking growth and transformative influence within the cloud industry. CoreStack comes in 120th in the Software category and is the 10th best performing company in the Seattle area and 12th in Washington State. CoreStack has also been recognized by Frost & Sullivan, Forrester, Gartner, S&P Global, and IDC as an innovator and leader in cloud management.
About CoreStack
CoreStack provides a NextGen Cloud Governance platform that empowers enterprises to predictably increase top-line revenues, improve bottom-line efficiencies, and gain a competitive edge through AI-powered real-time cloud governance on autopilot. CoreStack's FinOps, SecOps, and CloudOps solutions embrace, enhance, and extend native-cloud capabilities, enabling reporting, recommendation, and remediation and providing single pane-of-glass governance across multi-cloud. Through executive dashboards for comprehensive real-time insights, CoreStack delivers transformative value such as 40% increase in operational efficiencies, 50% decrease in cloud costs, and 100% security assurance and compliance. CoreStack helps 750+ global enterprises govern $2+ billion in annual cloud consumption, and $300 million in cloud cost savings. Frost & Sullivan, Forrester, Gartner, S&P Global, and IDC have recognized CoreStack as an innovator and leader in cloud management. CoreStack is backed by strategic advisors, including the ex-CEO of Wipro and ex-CIO of Microsoft. The company is a Microsoft Azure (Legacy) Gold Partner, Amazon AWS Technology Partner with Cloud Operations Competency, Oracle Cloud Build Partner, and Google Cloud Build Partner. To learn more, visit www.corestack.io
Read More
Cloud App Development
Business Wire | September 15, 2023
On September 14, 2023, CloudBees, a leading enterprise software delivery platform, introduces a groundbreaking cloud-native DevSecOps platform that prioritizes platform engineers and developer experiences. The platform, built on Tekton, employs a domain-specific language akin to GitHub Actions and incorporates feature flagging, security, compliance, pipeline orchestration, analytics, and value stream management (VSM) into a fully managed single-tenant SaaS, multi-tenant SaaS, or on-premise virtual private cloud instance.
A spokesperson for CloudBees stated that the revolutionary platform was the market's most open and extensible DevSecOps solution, capable of orchestrating any tool in the software development toolkit. They added that it redefined DevSecOps by addressing the challenges of delivering secure, compliant, cloud-native software faster than ever.
Meeting the Challenges of Cloud-Native Development
As the rush towards cloud-native application development continues, software development and delivery teams grapple with the complexities of modern cloud-native architectures. This has led to the emergence of platform engineering as an evolution of DevOps practices. Platform engineering unites various roles such as site reliability engineers (SREs), DevOps engineers, security teams, product managers, and operations teams with the shared goal of integrating all organizations’ disparate technologies and tools into a streamlined path for developers. The CloudBees platform is purpose-built for this mission.
The CloudBees Platform: Speed and Security
The CloudBees platform empowers organizations to simplify complex cloud-native development and deployment processes across all DevOps tools, thereby accelerating innovation. It ensures a seamless journey from code development to successful deployment with a focus on:
1. Developer-centric experience: Enhancing developer experience by minimizing cognitive load and making DevOps processes nearly invisible through blocks, automations, and golden paths.
2. Open and extensible: Embracing the DevOps ecosystem, starting with Jenkins, and offering flexibility to orchestrate any other tool, protecting existing tooling investments.
3. Self-service model: Allowing platform engineers to customize the platform, providing autonomy for development teams. Developers can focus on innovation without waiting for automation or resources.
4. Security and compliance: Centralizing security and compliance with out-of-the-box workflow templates containing built-in security measures. Automated DevSecOps is integrated, incorporating checks across source code, binaries, cloud environments, data, and identity.
Michel Lopez, founder and CEO at E2F, noted that the CloudBees platform had significantly reduced the time required for their ISO 27001 compliance audit, from 12 hours to just 60 minutes. He also mentioned that the CloudBees platform provided all controls.
Shawn Ahmed, Chief Product Officer at CloudBees, emphasized,
Our new platform empowers developers, unifies teams, and accelerates innovation while offering unprecedented flexibility and choice.
[Source: Businesswire]
The CloudBees platform promises to enhance developer experiences, streamline processes, and prioritize security, offering organizations a powerful tool to navigate the complexities of modern cloud-native architectures and accelerate innovation.
About CloudBees
CloudBees, headquartered in San Jose, California, has been a software development leader since 2010. The company thrives in an innovation-driven industry by addressing the need for balancing development freedom and regulatory governance through its pioneering end-to-end automated software delivery system. Its robust Software as a Service (SaaS) platform encompasses DevOps, Continuous Integration, Continuous Delivery, and more, ensuring secure and compliant innovation.
Read More