Security - We Found a Problem
What happens in your environment when someone detects an issue? I'd like to know. Let me know in the comments or via Twitter.
We found a problem - what now?
Let's assume someone finds a misconfiguration in your cloud environment. A real security issue that, if not dealt with, causes significant risk.
I have seen many teams struggle in those situations as there does not seem to be a clear path ahead.
I suppose we can all agree on the eventual outcome: Fix the issue.
How do you get there?
Here at ARGOS I had dozens of conversations with CISOs of well-known organisations and a majority mentioned they wished they had some way to automatically fix issues. Something that Firewall vendors have been offering their customers for quite some time already.
You find it - You fix it
Auto-remediation of cloud misconfiguration is a capability that can save organisations. If done right.
Remediating an issue and not telling anybody about it is not helpful, as that individual will not learn that something was wrong and will not update their deployment configuration, meaning the issue will come back eventually. Specifically true in environments where a tool like ARGOS is used by a Security team that is not embedded into day to day operations or application / infrastructure development.
Remediating an issue with no way of understanding what the outcome will be or what changed will be a problem if something needs to be rolled back for any reason.
Remediation, in my opinion, needs to happen swift, it needs to notify relevant teams that it happened, it needs to be transparent and even educational. On top of all this it should not cause more work for any team.
What do YOU think? Anything missing from the list?
ARGOS offers remediation capabilities for the majority of its built-in controls, out of the box, no extra charges, without us asking our customers to build and deploy self-managed infrastructure.
ARGOS's remediation feature is simple to understand, integrates into existing processes and is educational at the same time.
We believe in putting SECURITY back into "Cloud Security Posture Management" (CSPM) by ensuring that our customers' environments are not just compliant and standardised, but also actively protected where required.