Click here to close now.

Welcome!

@MicroservicesE Blog Authors: Elizabeth White, Liz McMillan, Pat Romanski, Lori MacVittie, XebiaLabs Blog

Related Topics: @CloudExpo, Java IoT, @MicroservicesE Blog, IoT User Interface, Agile Computing, Cloud Security

@CloudExpo: Article

Security Posture Management Enters the Cloud

A “pure” cloud-based IT security monitoring and compliance management product

When eGestalt of Santa Clara, CA, announced in November they were launching a cloud-based security and compliance solution, it set the stage to change the way enterprise businesses could cope with complex compliance and security issues.

The solution, powered by Rapid7 scanning technology, was to deliver a "pure" cloud-based IT security monitoring and compliance management product that worked in real time without requiring any hardware, "a first of its kind solution," say the vendors.

Called Aegify, the technology delivers Security Posture Management (SPM), which first measures the security status of all assets within a network, then delivers a report that can be used to remediate problems, strengthen security, and create and manage compliance policies. It leverages the compliance and security engine of eGestalt's SecureGRC (governance, risk management and compliance) product with Rapid7's Nexpose vulnerability management technology.

Aegify uses a patent-pending expert systems technology from eGestalt to automatically map the security vulnerabilities to compliance mandates, thereby automating the task of security posture management and compliance management, which is manually done today. The tool can import data from other standard vulnerability scanners in the industry as well.

The advantage of using a cloud-based solution to perform this type of sophisticated network diagnoses is a vast reduction in complexity and time, said Anupam Sahai, President of eGestalt.

"Currently, you do this with on-site hardware," Sahai explained. "You run a scan and get a report. Then the IT person has to study it and perform the needed remediation. That takes time, and then once this is performed the network settings change" and you can fall back out of compliance and into a weakened security state all over again.

With a cloud-based solution like Aegify, scanning and remediation can be run in perpetuity, and IT administrators can "see results on the fly," said Sahai. The cloud solution does the work, and you get SPM and/or the compliance posture in real time, or you can schedule it.

"You don't need specialized IT resources to understand and interpret the results or have to deal with remediation," Sahai explained.

The combined solution from eGestalt and Rapid7 performs a massive amount of work, combining asset discovery with vulnerability analysis and compliance mandates. This gives even the largest company an easy way to identify exactly what they have operating in their network, check the level of their exposure to a potential threat, and make any adjustments that have them falling out of compliance. It can identify 28,000 vulnerabilities and perform over 85,000 checks across physical and virtual networks.

"It's a completely multi-tenant solution," said Sahai, who adds that the cloud-based approach and the integration of the security, compliance, and scanning system in Aegify solves the cumbersome, time consuming and inefficient method of approaching the task with separate, siloed applications that don't communicate well with one another.

Aegify will be marketed to the customer and partner bases of both eGestalt and Rapid7. Sheldon Malm, senior director of Strategic Partners and Alliances at Rapid7, said the alliance creates "a very complementary offering that will benefit our joint customers."

On the compliance side, Aegify covers practically every industry that falls under compliance regulations. The cloud solution can control and manage compliance across more than 400 regulations, from the commonly known ones such as PCI, HIPAA/HITECH, SOX, FISMA, and GLBA, to compliance rules from other countries outside the U.S.

An added advantage of Aegify being a cloud solution is that an IT reseller or consultant can manage it remotely for customers and present the reporting wrapped with upsell and cross-sell offerings. And Aegify can be white-labeled with a reseller's or consultant's own branding, said Sahai.

Public cloud services like Aegify are predicted to grow five times faster than traditional on-premise IT, at a growth rate of 19 percent through 2015, according to a study by MarketBridge. The reason for this growth is multi-faceted. The simplicity that cloud computing offers by moving the complexity away from the customer also means customers no longer have to maintain upgrades or version enhancements. The capital expense of purchasing additional server or storage capacity is also greatly reduced with a cloud-based service.

Still, traditional legacy IT networks dominate the computing landscape, which is why Aegify is such an effective solution for reaching out to these networks and keeping them secure and in compliance. In a press release, Bryan Britz, a research director at Gartner, said a mixture of cloud solutions and traditional networks "will permeate most organizations in the coming years."

Sahai of eGestalt agrees and pointed out that a residual effect of Aegify is helping preserve the investment a company has in its traditional IT network.

"Many customers claim they have no security or compliance issues," Sahai said, adding that this makes Aegify community edition, a free tool downloadable from the web (www.egestalt.com), a conversation starter with customers - a conversation that can lead to the purchase of traditional network equipment, or more cloud services.

"We are solving a number of problems by making networks cheaper, better, and more effective by delivering it to the cloud," he said.

More Stories By Dan Neel

Dan Neel is an award-winning journalist who has covered technology trends and best practices for over 15 years working with leading technology publications like Infoworld, CRN, VARbusiness and Investment Management Weekly. He led the direction of technology channel content at United Business Media, and is the recipient of 9 industry awards, including Best News Story for 2000 from the American Society of Business Press Editors.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@MicroservicesExpo Stories
Containers have changed the mind of IT in DevOps. They enable developers to work with dev, test, stage and production environments identically. Containers provide the right abstraction for microservices and many cloud platforms have integrated them into deployment pipelines. DevOps and Containers together help companies to achieve their business goals faster and more effectively. In his session at DevOps Summit, Ruslan Synytsky, CEO and Co-founder of Jelastic, reviewed the current landscape of...
Explosive growth in connected devices. Enormous amounts of data for collection and analysis. Critical use of data for split-second decision making and actionable information. All three are factors in making the Internet of Things a reality. Yet, any one factor would have an IT organization pondering its infrastructure strategy. How should your organization enhance its IT framework to enable an Internet of Things implementation? In his session at @ThingsExpo, James Kirkland, Red Hat's Chief Arch...
Overgrown applications have given way to modular applications, driven by the need to break larger problems into smaller problems. Similarly large monolithic development processes have been forced to be broken into smaller agile development cycles. Looking at trends in software development, microservices architectures meet the same demands. Additional benefits of microservices architectures are compartmentalization and a limited impact of service failure versus a complete software malfunction. ...
Manufacturing has widely adopted standardized and automated processes to create designs, build them, and maintain them through their life cycle. However, many modern manufacturing systems go beyond mechanized workflows to introduce empowered workers, flexible collaboration, and rapid iteration. Such behaviors also characterize open source software development and are at the heart of DevOps culture, processes, and tooling.
SYS-CON Events announced today that JFrog, maker of Artifactory, the popular Binary Repository Manager, will exhibit at SYS-CON's @DevOpsSummit Silicon Valley, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Based in California, Israel and France, founded by longtime field-experts, JFrog, creator of Artifactory and Bintray, has provided the market with the first Binary Repository solution and a software distribution social platform.
The cloud has transformed how we think about software quality. Instead of preventing failures, we must focus on automatic recovery from failure. In other words, resilience trumps traditional quality measures. Continuous delivery models further squeeze traditional notions of quality. Remember the venerable project management Iron Triangle? Among time, scope, and cost, you can only fix two or quality will suffer. Only in today's DevOps world, continuous testing, integration, and deployment upend...
Conferences agendas. Event navigation. Specific tasks, like buying a house or getting a car loan. If you've installed an app for any of these things you've installed what's known as a "disposable mobile app" or DMA. Apps designed for a single use-case and with the expectation they'll be "thrown away" like brochures. Deleted until needed again. These apps are necessarily small, agile and highly volatile. Sometimes existing only for a short time - say to support an event like an election, the Wor...
Sharding has become a popular means of achieving scalability in application architectures in which read/write data separation is not only possible, but desirable to achieve new heights of concurrency. The premise is that by splitting up read and write duties, it is possible to get better overall performance at the cost of a slight delay in consistency. That is, it takes a bit of time to replicate changes initiated by a "write" to the read-only master database. It's eventually consistent, and it'...
"Plutora provides release and testing environment capabilities to the enterprise," explained Dalibor Siroky, Director and Co-founder of Plutora, in this SYS-CON.tv interview at @DevOpsSummit, held June 9-11, 2015, at the Javits Center in New York City.
The most often asked question post-DevOps introduction is: “How do I get started?” There’s plenty of information on why DevOps is valid and important, but many managers still struggle with simple basics for how to initiate a DevOps program in their business. They struggle with issues related to current organizational inertia, the lack of experience on Continuous Integration/Delivery, understanding where DevOps will affect revenue and budget, etc. In their session at DevOps Summit, JP Morgenthal...
Data center models are changing. A variety of technical trends and business demands are forcing that change, most of them centered on the explosive growth of applications. That means, in turn, that the requirements for application delivery are changing. Certainly application delivery needs to be agile, not waterfall. It needs to deliver services in hours, not weeks or months. It needs to be more cost efficient. And more than anything else, it needs to be really, dc infra axisreally, super focus...
Discussions about cloud computing are evolving into discussions about enterprise IT in general. As enterprises increasingly migrate toward their own unique clouds, new issues such as the use of containers and microservices emerge to keep things interesting. In this Power Panel at 16th Cloud Expo, moderated by Conference Chair Roger Strukhoff, panelists addressed the state of cloud computing today, and what enterprise IT professionals need to know about how the latest topics and trends affect t...
DevOps tends to focus on the relationship between Dev and Ops, putting an emphasis on the ops and application infrastructure. But that’s changing with microservices architectures. In her session at DevOps Summit, Lori MacVittie, Evangelist for F5 Networks, will focus on how microservices are changing the underlying architectures needed to scale, secure and deliver applications based on highly distributed (micro) services and why that means an expansion into “the network” for DevOps.
Containers are changing the security landscape for software development and deployment. As with any security solutions, security approaches that work for developers, operations personnel and security professionals is a requirement. In his session at DevOps Summit, Kevin Gilpin, CTO and Co-Founder of Conjur, will discuss various security considerations for container-based infrastructure and related DevOps workflows.
Summer is finally here and it’s time for a DevOps summer vacation. From San Francisco to New York City, our top summer conferences list is going to continuously deliver you to the summer destinations of your dreams. These DevOps parties are hitting all the hottest summer trends with Microservices, Agile, Continuous Delivery, DevSecOps, and even Continuous Testing. Move over Kanye. These are the top 5 Summer DevOps Conferences of 2015.
Cloud Migration Management (CMM) refers to the best practices for planning and managing migration of IT systems from a legacy platform to a Cloud Provider through a combination professional services consulting and software tools. A Cloud migration project can be a relatively simple exercise, where applications are migrated ‘as is’, to gain benefits such as elastic capacity and utility pricing, but without making any changes to the application architecture, software development methods or busine...
Many people recognize DevOps as an enormous benefit – faster application deployment, automated toolchains, support of more granular updates, better cooperation across groups. However, less appreciated is the journey enterprise IT groups need to make to achieve this outcome. The plain fact is that established IT processes reflect a very different set of goals: stability, infrequent change, hands-on administration, and alignment with ITIL. So how does an enterprise IT organization implement change...
While DevOps most critically and famously fosters collaboration, communication, and integration through cultural change, culture is more of an output than an input. In order to actively drive cultural evolution, organizations must make substantial organizational and process changes, and adopt new technologies, to encourage a DevOps culture. Moderated by Andi Mann, panelists discussed how to balance these three pillars of DevOps, where to focus attention (and resources), where organizations migh...
At DevOps Summit NY there’s been a whole lot of talk about not just DevOps, but containers, IoT, and microservices. Sessions focused not just on the cultural shift needed to grow at scale with a DevOps approach, but also made sure to include the network ”plumbing” needed to ensure success as applications decompose into the microservice architectures enabling rapid growth and support for the Internet of (Every)Things.
Mashape is bringing real-time analytics to microservices with the release of Mashape Analytics. First built internally to analyze the performance of more than 13,000 APIs served by the mashape.com marketplace, this new tool provides developers with robust visibility into their APIs and how they function within microservices. A purpose-built, open analytics platform designed specifically for APIs and microservices architectures, Mashape Analytics also lets developers and DevOps teams understand w...