As extra organizations migrate their information, functions, and workloads to the cloud, securing the infrastructure stays a problem. Safety groups do not at all times know precisely what is occurring inside every cloud surroundings, making it troublesome to detect when safety insurance policies are being violated.
That is the issue Paladin Cloud goals to resolve with its security-as-code platform.
Paladin Cloud’s platform is meant to assist builders and DevOps groups safeguard their functions and information, each in testing and manufacturing. It accomplishes this objective by offering groups with full visibility into the group’s numerous cloud companies and programs. The platform features a plugin-based structure that helps builders connect with and ingest information from sources together with code repositories, menace intelligence programs, container scanning, API gateways, and cloud-based enterprise programs corresponding to Kubernetes.
Supported vendor programs embrace Qualys Vulnerability Evaluation Platform, Bitbucket, Pattern Micro Deep Safety, Tripwire, Venafi Certificates Administration, and Purple Hat. Safety groups can write guidelines based mostly on information collected by these plugins to get an entire image of the group’s cloud safety posture.
“The platform discovers belongings, evaluates coverage, creates points for coverage violations, and prioritizes remediation,” in keeping with a web page on Paladin Cloud’s GitHub repository. If fixes for coverage violations have already been outlined, then the platform can go forward and execute these actions to remediate the problems. This fashion, the platform offers automated detection and remediation of violations corresponding to unauthorized entry, misconfigured programs, and insecure APIs.
Organizations may make the most of the platform’s extensible coverage administration to supervise hybrid clouds, the place the information and functions are hosted on each private and non-private infrastructure.
In accordance with the GitHub web page, Paladin Cloud lists numerous out-of-the-box options on its GitHub web page, together with steady asset discovery, capability to go looking all found sources, customized insurance policies and customized auto-fix actions, dynamic asset grouping to view compliance, exception administration, OAuth2 help, and role-based entry management.
The platform is now typically obtainable for Amazon Internet Providers, Google Cloud, and Microsoft Azure. Together with asserting the platform’s availability, the corporate introduced a $3.3 million seed financing spherical.
