Home > News > Trending news > Elastic Security for Cloud Announced by Elastic

Cloud Security

Elastic Security for Cloud Announced by Elastic

Elastic | June 08, 2022

Elastic
As part of Elastic Security for Cloud, the firm behind Elasticsearch has revealed new features for managing cloud risk and posture, as well as safeguarding cloud workloads.

Cloud-native and hybrid environments can now benefit from Elastic Security's infrastructure detection and response (IDR) capabilities, as well as its ability to enforce security postures, thanks to the addition of Elastic Security for Cloud. In addition, the unified Elastic Search Platform allows customers to monitor both deployment and run-time hazards.

Elastic Security Labs, the company's threat research, detection engineering and malware analysis division, provides out-of-the-box rules and machine learning models to identify new threats.

"While cloud security is key to business, it introduces more dependencies on various internal and third-party elements and increases complexity. The result is an environment with fragmented visibility, and you can't secure what you can't see. Such an environment can be difficult to secure, since many elements need to come together cohesively. Elastic aims to reduce this complexity and improve attack surface visibility by delivering Elastic Security for Cloud on a single platform that enables customers to secure their cloud risks while integrating it within their broader security operations," 

Ken Buckler, Research Analyst - Security and Risk Management, Enterprise Management Associates.

By 2025, more than 85% of enterprises will adopt a cloud-first strategy, with 95% of new digital workloads running on cloud-native platforms, according to Gartner. But a recent Elastic study indicated that nearly half (49%) of cloud-native enterprises expect misconfigurations to increase as a root cause of breaches over the next two years.

"To protect applications and workloads in the cloud, security operations teams require deep visibility across their organizations' underlying infrastructure and application data," said Santosh Krishnan, General Manager of Elastic Security, Elastic. "Elastic Security for Cloud provides customers with a single platform to monitor their cloud deployments, manage their cloud posture, and secure their cloud workloads - giving them the visibility they need to prevent, detect, and respond to threats faster."

Spotlight

Cloud object storage with no surprises

Rackspace Object Storage is an S3 data storage service designed to help organizations store, protect and utilize large pools of unstructured data as best fits their needs. All-in, inclusive pricing eliminates egress and API transaction fees, helping organizations make their information actionable and available anyplace, at the right time, with no surprises.


Other News
Cloud App Development

CloudBees Launches Groundbreaking Cloud-Native DevSecOps Platform

Business Wire | September 15, 2023

On September 14, 2023, CloudBees, a leading enterprise software delivery platform, introduces a groundbreaking cloud-native DevSecOps platform that prioritizes platform engineers and developer experiences. The platform, built on Tekton, employs a domain-specific language akin to GitHub Actions and incorporates feature flagging, security, compliance, pipeline orchestration, analytics, and value stream management (VSM) into a fully managed single-tenant SaaS, multi-tenant SaaS, or on-premise virtual private cloud instance. A spokesperson for CloudBees stated that the revolutionary platform was the market's most open and extensible DevSecOps solution, capable of orchestrating any tool in the software development toolkit. They added that it redefined DevSecOps by addressing the challenges of delivering secure, compliant, cloud-native software faster than ever. Meeting the Challenges of Cloud-Native Development As the rush towards cloud-native application development continues, software development and delivery teams grapple with the complexities of modern cloud-native architectures. This has led to the emergence of platform engineering as an evolution of DevOps practices. Platform engineering unites various roles such as site reliability engineers (SREs), DevOps engineers, security teams, product managers, and operations teams with the shared goal of integrating all organizations’ disparate technologies and tools into a streamlined path for developers. The CloudBees platform is purpose-built for this mission. The CloudBees Platform: Speed and Security The CloudBees platform empowers organizations to simplify complex cloud-native development and deployment processes across all DevOps tools, thereby accelerating innovation. It ensures a seamless journey from code development to successful deployment with a focus on: 1. Developer-centric experience: Enhancing developer experience by minimizing cognitive load and making DevOps processes nearly invisible through blocks, automations, and golden paths. 2. Open and extensible: Embracing the DevOps ecosystem, starting with Jenkins, and offering flexibility to orchestrate any other tool, protecting existing tooling investments. 3. Self-service model: Allowing platform engineers to customize the platform, providing autonomy for development teams. Developers can focus on innovation without waiting for automation or resources. 4. Security and compliance: Centralizing security and compliance with out-of-the-box workflow templates containing built-in security measures. Automated DevSecOps is integrated, incorporating checks across source code, binaries, cloud environments, data, and identity. Michel Lopez, founder and CEO at E2F, noted that the CloudBees platform had significantly reduced the time required for their ISO 27001 compliance audit, from 12 hours to just 60 minutes. He also mentioned that the CloudBees platform provided all controls. Shawn Ahmed, Chief Product Officer at CloudBees, emphasized, Our new platform empowers developers, unifies teams, and accelerates innovation while offering unprecedented flexibility and choice. [Source: Businesswire] The CloudBees platform promises to enhance developer experiences, streamline processes, and prioritize security, offering organizations a powerful tool to navigate the complexities of modern cloud-native architectures and accelerate innovation. About CloudBees CloudBees, headquartered in San Jose, California, has been a software development leader since 2010. The company thrives in an innovation-driven industry by addressing the need for balancing development freedom and regulatory governance through its pioneering end-to-end automated software delivery system. Its robust Software as a Service (SaaS) platform encompasses DevOps, Continuous Integration, Continuous Delivery, and more, ensuring secure and compliant innovation.

Read More

Cloud Security

Tenable Acquires Ermetic to Boost Cloud Security with CNAPP and CIEM

Tenable | September 11, 2023

Tenable Holdings, Inc. is strengthening its focus on cloud security through the acquisition of Ermetic Ltd., a cloud-native application protection platform (CNAPP) company specializing in cloud infrastructure entitlement management (CIEM). This strategic move aims to enhance Tenable's Exposure Management Platform by providing improved risk visibility, prioritization, and remediation solutions for both cloud and on-premises environments. Ermetic's CNAPP offers comprehensive contextual analysis, simplifying the identification of critical issues like privileged access to exposed, vulnerable workloads. The integration of Ermetic's capabilities into Tenable One will broaden Tenable's offerings for hybrid environments, addressing the complex challenge of managing identity-based threats in the cloud. According to the Cloud Security Alliance's 2022 Top Cloud Threats report, identity-based threats are a top concern in cloud security. Tenable's acquisition of Ermetic seeks to simplify the process of understanding access risks and permissions in the cloud, making it more accessible for security professionals with varying levels of expertise. “We will have an opportunity to put additional market-leading cloud security capabilities into the hands of tens of thousands of customers,” said Amit Yoran, Chairman and Chief Executive Officer, Tenable. “Together, we will be able to deliver a holistic view of the modern attack surface and help organizations reduce exposure and risk, using identity as an essential foundation,” he further added. [Source: Globe News Wire] The combined offerings of Tenable and Ermetic will include a unified CNAPP solution for asset discovery, risk analysis, remediation, and compliance, as well as a robust CIEM solution for managing human and service identities in cloud infrastructure. The integration will provide context-aware risk prioritization across all cloud and on-premises resources and simplify the remediation process. The acquisition, valued at approximately $240 million in cash and $25 million in restricted stock and RSUs, is expected to close in early Q4 2023. Tenable will finance the cash portion of the acquisition using existing funds. However, Ermetic's financial results in Q4 2023 are not anticipated to significantly impact revenue or billings but are expected to increase non-GAAP operating expenses by $4–6 million. The combination of Tenable and Ermetic is poised to offer unparalleled visibility and value in managing cloud environments, simplifying the complexity of cloud security management. About Tenable Tenable is a prominent player in the computer and network security industry, headquartered in Columbia, MD. With a global footprint, the company serves approximately 40,000 organizations worldwide, including Fortune 500 giants, Global 2000 firms, and government agencies. Leveraging its renowned Nessus vulnerability expertise, Tenable offers a pioneering platform for comprehensively securing digital assets across various computing platforms. Its specialties encompass vulnerability management, continuous network monitoring, compliance, and a range of security solutions for web applications, containers, the cloud, industrial technology, IoT, and more.

Read More

Cloud App Management

Google Cloud Teams Up with StackPath to Expand Edge-Forward Cloud

StackPath | September 20, 2023

StackPath Edge Compute is now accessible via the Google Cloud Marketplace, allowing Google Cloud customers to expand their environment to the internet's edge. StackPath, a leading edge computing platform, has made its Edge Compute Virtual Machines and Containers available on the marketplace, with purchases counting towards users' committed Google Cloud expenditure. StackPath offers cloud computing instances at edge points of presence within 38 major global markets, ensuring proximity to data sources and destinations. This proximity enhances application distribution options. Tom Reyes, Chief Product Officer for StackPath, emphasized the synergy between edge and cloud computing, highlighting the cost and performance benefits of utilizing Google Cloud for latency-neutral workloads and StackPath for latency-sensitive tasks. Dai Vu, Managing Director at Google Cloud, reportedly stated, As a part of their digital transformation strategies, many enterprises are seeking solutions that help them optimize their workflows. With its solutions now available on Google Cloud Marketplace, StackPath is enabling companies of all types and sizes to achieve the speed, security, and efficiency they require. [Source: PR Newswire] Additionally, StackPath recently added support for Virtual Kubelet in StackPath Edge Compute, facilitating seamless integration of StackPath Edge Compute Containers into multi-cloud Kubernetes (K8s) clusters. K8s, born on Google Cloud, remain popular among Google Cloud users. Key features of StackPath Edge Compute include deploying VMs with certified Linux distributions, image capture for autoscaling and rollbacks, deploying compliant container images, and rapid provisioning in StackPath Edge locations. About StackPath StackPath is an edge cloud platform offering cloud services in close proximity to end users compared to core cloud providers. Its edge compute solutions, including virtual machines and containers, along with edge applications such as CDN and WAF, are strategically positioned in densely populated areas. These services are connected through a secure private network fabric and managed through a single system. Clients, ranging from Fortune 50 enterprises to startups, rely on StackPath to optimize the performance, security, and efficiency of their latency-sensitive workloads and applications. Headquartered in Dallas, TX, StackPath was founded in 2015 and specializes in SECaaS, CDN, WAF, and various other cloud-related services.

Read More

Cloud Security

Lacework Unveils Cloud Security Community to Unite Customers and Peers

Lacework | September 07, 2023

Lacework, a trailblazer in data-driven cloud security, has introduced an innovative community platform, expanding its arsenal of cutting-edge technical resources. This dynamic community is a hub for Lacework's customers, support teams, and fellow cloud security experts. The Lacework Community is a multifaceted network comprising discussion forums, comprehensive documentation, a knowledge base, immersive events, and educational resources. Members are empowered to delve into a wealth of documentation through the platform's federated search or initiate unique discussions to glean insights from Lacework experts and industry peers. Jay Parikh, CEO of Lacework, said they were always looking for new ways to help their customers succeed and that the community would connect them with their peers and partners to learn and share faster and more broadly. He also added that customers would experience a new level of support from Lacework through the discussions, documentation, and engagement. Key features accessible to users of the Lacework Community include: Discussion Forums: Covering a broad spectrum of Lacework and cloud security topics Knowledge Base: Hosting numerous articles addressing common support issues How-to Guides: Curated by Lacework's Customer Success Architects Product Updates: Summarizing monthly releases and offering in-depth feature insights Networked Events: Featuring daily office hours and marketing events Integrated Documentation: Housing thousands of articles indexed for seamless federated search functionality John Turner, Senior Security Architect at LendingTree, said that things changed fast in the cloud security world and that companies faced new daily threats and tactics. He also noted that quick learning and peer feedback could significantly affect any company's security posture. He added that Lacework's community would provide that critical input and elevate the cloud security conversation. The Lacework Community is now open to both existing customers and potential prospects. Lacework is a platform providing comprehensive cloud security, including threat detection, anomaly identification, and compliance management across multi-cloud systems, workloads, and Kubernetes. However, it faces challenges for a few users as visibility is lacking and compliance-related metrics and IAM security control could be improved. IAM security management controls and detection of deviations and misconfigurations are critical, but have yet to be developed in Lacework. There is no data governance or data visibility. About Lacework Lacework, a data-driven cloud security platform, automates security at scale with its Polygraph Data Platform. This platform uniquely collects, analyzes, and correlates data across AWS, Azure, GCP, and Kubernetes, pinpointing crucial security events amid vast data streams. Clients rely on Lacework for revenue growth, safer product launches, and consolidated security solutions. Lacework strengthens cloud security, enabling faster innovation by scaling with an organization's dynamic cloud data, including code, identities, containers, and multi-cloud infrastructure. It offers security and development teams prioritized insights on significant risks.

Read More

Cloud App Development

CloudBees Launches Groundbreaking Cloud-Native DevSecOps Platform

Business Wire | September 15, 2023

On September 14, 2023, CloudBees, a leading enterprise software delivery platform, introduces a groundbreaking cloud-native DevSecOps platform that prioritizes platform engineers and developer experiences. The platform, built on Tekton, employs a domain-specific language akin to GitHub Actions and incorporates feature flagging, security, compliance, pipeline orchestration, analytics, and value stream management (VSM) into a fully managed single-tenant SaaS, multi-tenant SaaS, or on-premise virtual private cloud instance. A spokesperson for CloudBees stated that the revolutionary platform was the market's most open and extensible DevSecOps solution, capable of orchestrating any tool in the software development toolkit. They added that it redefined DevSecOps by addressing the challenges of delivering secure, compliant, cloud-native software faster than ever. Meeting the Challenges of Cloud-Native Development As the rush towards cloud-native application development continues, software development and delivery teams grapple with the complexities of modern cloud-native architectures. This has led to the emergence of platform engineering as an evolution of DevOps practices. Platform engineering unites various roles such as site reliability engineers (SREs), DevOps engineers, security teams, product managers, and operations teams with the shared goal of integrating all organizations’ disparate technologies and tools into a streamlined path for developers. The CloudBees platform is purpose-built for this mission. The CloudBees Platform: Speed and Security The CloudBees platform empowers organizations to simplify complex cloud-native development and deployment processes across all DevOps tools, thereby accelerating innovation. It ensures a seamless journey from code development to successful deployment with a focus on: 1. Developer-centric experience: Enhancing developer experience by minimizing cognitive load and making DevOps processes nearly invisible through blocks, automations, and golden paths. 2. Open and extensible: Embracing the DevOps ecosystem, starting with Jenkins, and offering flexibility to orchestrate any other tool, protecting existing tooling investments. 3. Self-service model: Allowing platform engineers to customize the platform, providing autonomy for development teams. Developers can focus on innovation without waiting for automation or resources. 4. Security and compliance: Centralizing security and compliance with out-of-the-box workflow templates containing built-in security measures. Automated DevSecOps is integrated, incorporating checks across source code, binaries, cloud environments, data, and identity. Michel Lopez, founder and CEO at E2F, noted that the CloudBees platform had significantly reduced the time required for their ISO 27001 compliance audit, from 12 hours to just 60 minutes. He also mentioned that the CloudBees platform provided all controls. Shawn Ahmed, Chief Product Officer at CloudBees, emphasized, Our new platform empowers developers, unifies teams, and accelerates innovation while offering unprecedented flexibility and choice. [Source: Businesswire] The CloudBees platform promises to enhance developer experiences, streamline processes, and prioritize security, offering organizations a powerful tool to navigate the complexities of modern cloud-native architectures and accelerate innovation. About CloudBees CloudBees, headquartered in San Jose, California, has been a software development leader since 2010. The company thrives in an innovation-driven industry by addressing the need for balancing development freedom and regulatory governance through its pioneering end-to-end automated software delivery system. Its robust Software as a Service (SaaS) platform encompasses DevOps, Continuous Integration, Continuous Delivery, and more, ensuring secure and compliant innovation.

Read More

Cloud Security

Tenable Acquires Ermetic to Boost Cloud Security with CNAPP and CIEM

Tenable | September 11, 2023

Tenable Holdings, Inc. is strengthening its focus on cloud security through the acquisition of Ermetic Ltd., a cloud-native application protection platform (CNAPP) company specializing in cloud infrastructure entitlement management (CIEM). This strategic move aims to enhance Tenable's Exposure Management Platform by providing improved risk visibility, prioritization, and remediation solutions for both cloud and on-premises environments. Ermetic's CNAPP offers comprehensive contextual analysis, simplifying the identification of critical issues like privileged access to exposed, vulnerable workloads. The integration of Ermetic's capabilities into Tenable One will broaden Tenable's offerings for hybrid environments, addressing the complex challenge of managing identity-based threats in the cloud. According to the Cloud Security Alliance's 2022 Top Cloud Threats report, identity-based threats are a top concern in cloud security. Tenable's acquisition of Ermetic seeks to simplify the process of understanding access risks and permissions in the cloud, making it more accessible for security professionals with varying levels of expertise. “We will have an opportunity to put additional market-leading cloud security capabilities into the hands of tens of thousands of customers,” said Amit Yoran, Chairman and Chief Executive Officer, Tenable. “Together, we will be able to deliver a holistic view of the modern attack surface and help organizations reduce exposure and risk, using identity as an essential foundation,” he further added. [Source: Globe News Wire] The combined offerings of Tenable and Ermetic will include a unified CNAPP solution for asset discovery, risk analysis, remediation, and compliance, as well as a robust CIEM solution for managing human and service identities in cloud infrastructure. The integration will provide context-aware risk prioritization across all cloud and on-premises resources and simplify the remediation process. The acquisition, valued at approximately $240 million in cash and $25 million in restricted stock and RSUs, is expected to close in early Q4 2023. Tenable will finance the cash portion of the acquisition using existing funds. However, Ermetic's financial results in Q4 2023 are not anticipated to significantly impact revenue or billings but are expected to increase non-GAAP operating expenses by $4–6 million. The combination of Tenable and Ermetic is poised to offer unparalleled visibility and value in managing cloud environments, simplifying the complexity of cloud security management. About Tenable Tenable is a prominent player in the computer and network security industry, headquartered in Columbia, MD. With a global footprint, the company serves approximately 40,000 organizations worldwide, including Fortune 500 giants, Global 2000 firms, and government agencies. Leveraging its renowned Nessus vulnerability expertise, Tenable offers a pioneering platform for comprehensively securing digital assets across various computing platforms. Its specialties encompass vulnerability management, continuous network monitoring, compliance, and a range of security solutions for web applications, containers, the cloud, industrial technology, IoT, and more.

Read More

Cloud App Management

Google Cloud Teams Up with StackPath to Expand Edge-Forward Cloud

StackPath | September 20, 2023

StackPath Edge Compute is now accessible via the Google Cloud Marketplace, allowing Google Cloud customers to expand their environment to the internet's edge. StackPath, a leading edge computing platform, has made its Edge Compute Virtual Machines and Containers available on the marketplace, with purchases counting towards users' committed Google Cloud expenditure. StackPath offers cloud computing instances at edge points of presence within 38 major global markets, ensuring proximity to data sources and destinations. This proximity enhances application distribution options. Tom Reyes, Chief Product Officer for StackPath, emphasized the synergy between edge and cloud computing, highlighting the cost and performance benefits of utilizing Google Cloud for latency-neutral workloads and StackPath for latency-sensitive tasks. Dai Vu, Managing Director at Google Cloud, reportedly stated, As a part of their digital transformation strategies, many enterprises are seeking solutions that help them optimize their workflows. With its solutions now available on Google Cloud Marketplace, StackPath is enabling companies of all types and sizes to achieve the speed, security, and efficiency they require. [Source: PR Newswire] Additionally, StackPath recently added support for Virtual Kubelet in StackPath Edge Compute, facilitating seamless integration of StackPath Edge Compute Containers into multi-cloud Kubernetes (K8s) clusters. K8s, born on Google Cloud, remain popular among Google Cloud users. Key features of StackPath Edge Compute include deploying VMs with certified Linux distributions, image capture for autoscaling and rollbacks, deploying compliant container images, and rapid provisioning in StackPath Edge locations. About StackPath StackPath is an edge cloud platform offering cloud services in close proximity to end users compared to core cloud providers. Its edge compute solutions, including virtual machines and containers, along with edge applications such as CDN and WAF, are strategically positioned in densely populated areas. These services are connected through a secure private network fabric and managed through a single system. Clients, ranging from Fortune 50 enterprises to startups, rely on StackPath to optimize the performance, security, and efficiency of their latency-sensitive workloads and applications. Headquartered in Dallas, TX, StackPath was founded in 2015 and specializes in SECaaS, CDN, WAF, and various other cloud-related services.

Read More

Cloud Security

Lacework Unveils Cloud Security Community to Unite Customers and Peers

Lacework | September 07, 2023

Lacework, a trailblazer in data-driven cloud security, has introduced an innovative community platform, expanding its arsenal of cutting-edge technical resources. This dynamic community is a hub for Lacework's customers, support teams, and fellow cloud security experts. The Lacework Community is a multifaceted network comprising discussion forums, comprehensive documentation, a knowledge base, immersive events, and educational resources. Members are empowered to delve into a wealth of documentation through the platform's federated search or initiate unique discussions to glean insights from Lacework experts and industry peers. Jay Parikh, CEO of Lacework, said they were always looking for new ways to help their customers succeed and that the community would connect them with their peers and partners to learn and share faster and more broadly. He also added that customers would experience a new level of support from Lacework through the discussions, documentation, and engagement. Key features accessible to users of the Lacework Community include: Discussion Forums: Covering a broad spectrum of Lacework and cloud security topics Knowledge Base: Hosting numerous articles addressing common support issues How-to Guides: Curated by Lacework's Customer Success Architects Product Updates: Summarizing monthly releases and offering in-depth feature insights Networked Events: Featuring daily office hours and marketing events Integrated Documentation: Housing thousands of articles indexed for seamless federated search functionality John Turner, Senior Security Architect at LendingTree, said that things changed fast in the cloud security world and that companies faced new daily threats and tactics. He also noted that quick learning and peer feedback could significantly affect any company's security posture. He added that Lacework's community would provide that critical input and elevate the cloud security conversation. The Lacework Community is now open to both existing customers and potential prospects. Lacework is a platform providing comprehensive cloud security, including threat detection, anomaly identification, and compliance management across multi-cloud systems, workloads, and Kubernetes. However, it faces challenges for a few users as visibility is lacking and compliance-related metrics and IAM security control could be improved. IAM security management controls and detection of deviations and misconfigurations are critical, but have yet to be developed in Lacework. There is no data governance or data visibility. About Lacework Lacework, a data-driven cloud security platform, automates security at scale with its Polygraph Data Platform. This platform uniquely collects, analyzes, and correlates data across AWS, Azure, GCP, and Kubernetes, pinpointing crucial security events amid vast data streams. Clients rely on Lacework for revenue growth, safer product launches, and consolidated security solutions. Lacework strengthens cloud security, enabling faster innovation by scaling with an organization's dynamic cloud data, including code, identities, containers, and multi-cloud infrastructure. It offers security and development teams prioritized insights on significant risks.

Read More

More Trending news

Spotlight

Cloud object storage with no surprises

Rackspace Object Storage is an S3 data storage service designed to help organizations store, protect and utilize large pools of unstructured data as best fits their needs. All-in, inclusive pricing eliminates egress and API transaction fees, helping organizations make their information actionable and available anyplace, at the right time, with no surprises.

Resources

IDC on cloud benefits and beyond

Whitepaper

Magic Quadrant for Application Performance Monitoring and Observability

Whitepaper

The Total Economic Impact of VMware SASE, Cost Savings and Business Benefits Enabled By SASE

Whitepaper

IDC on cloud benefits and beyond

Whitepaper

Magic Quadrant for Application Performance Monitoring and Observability

Whitepaper

The Total Economic Impact of VMware SASE, Cost Savings and Business Benefits Enabled By SASE

Whitepaper