Amid the avalanche of research and product news emerging from this year’s Black Hat USA 2015 conference, held in Las Vegas this week, at least one vendor is attempting to advance a new solution aimed at empowering DevOps architects to streamline and improve security workflow.
Houston-based Alert Logic announced the release of its Cloud Insight solution on Tuesday, positioning the offering as a cloud-native vulnerability and configuration management package designed for customers running on Amazon Web Services (AWS). Cloud Insight promises to integrate with AWS native security features, providing an integrated view of potential host and application-level vulnerabilities.
By empowering operational teams, including DevOps architects, to identify and move to remediate vulnerabilities before affected applications code is pushed into production, company officials claim, the solution promises to both improve the configuration of resulting infrastructure and remove obstacles related to traditional cloud security management.
“This solution is specifically aimed at helping AWS users who are not security professionals, such as operations and DevOps teams who deploy the infrastructure, address inherent security issues,” said Rahul Bakshi, Senior Director of Product Management at Alert Logic.
“When you think of rolling security into the existing model, typically it interrupts the notion of continuous deployment, as historically it hasn’t integrated via the application or plugged into automated orchestration systems, becoming a hindrance,” Bakshi said. “That’s where this approach introduces a significant advantage, allowing organizations to identify and fix high risk vulnerabilities before the code gets pushed to production.”
Unlike traditional vulnerability management specialists, such as Qualys or Tenable Network Security, which require users to manually configure and review data and provide only a “partial” view of cloud platforms such as AWS, Alert Logic claims that Cloud Insight lends critical automation to involved processes and allows ops teams to gain far deeper visibility into AWS services level security.
Alert Logic has already won some customers over with its ability to enable greater control over applications security in the cloud. Speaking at the annual AWS Summit, held in San Francisco in April, Colin Bodell, Chief Technology Officer at publishing giant Time Inc., highlighted some of the work his company has done leveraging the vendor’s existing Security-as-a-Service offerings.
“AWS is great for physical security, or for network security, but when you’re building an application you need to own security of the application yourself,” Bodell said. “AWS doesn’t know how you’re building things and you can build them in any weird and whacky way that you like; Alert Logic has been an amazing partner.”
In the recent report, “Market Overview: Cloud Workload Security Management Solutions – Automate or Die”, published in June, analysts at Forrester Research highlighted the specific need for new security methodologies that integrate and automate processes to stem potential DevOps bottlenecks.
“One of the key benefits of DevOps is to enable continuous integration of code and continuous delivery of apps and infrastructure,” the Forrester report notes. “To keep up, [security and risk management] pros must make security processes more embedded, faster, and more continuous – otherwise, security will slow down code release.”
In terms of bringing Cloud Insight – which exists as a solution, rather than a SaaS service offering – to market, Alert Logic claims that it is successfully appealing to organizations’ hopes to embed AWS vulnerability management further within operations, despite introducing an altogether new and unfamiliar approach.
“Beta customers seem very positive as we’re reducing the security workload and time related to remediation handoff for cloud architects,” Bakshi said. “There’s always a continuum for education, but with the culture of responsibility [for AWS security] evolving, we think that we’re meeting demand at just the right place.”
Dan Raywood, Analyst at 451 Research, said that Alert Logic could take advantage of related demand by leveraging the combination of its existing cloud security expertise along with capabilities added via its January 2015 acquisition of Critical Watch.
“I think it’s a very interesting move for them as even though they did have something offering this type of scanning previously; the acquisition of Critical Watch added the engine to do continuous scanning and change management,” said Raywood. “The major bugs of the last year have driven business to assess and respond immediately, and having something which tells you if you are vulnerable or not a few clicks away is a really useful tool for businesses.”
About the Author/ Matt Hines
Matt Hines has over 18 years as an IT marketing/communications professional at companies ranging from ground-floor startups to established industry leaders with emphasis on advancing broader understanding of key technology industry trends, market drivers, customer requirements and innovative products to highlight value, increase awareness and drive revenue growth. Additionally Matt has a decade-plus writing in IT journalism covering leading trends for a wide array of industry-leading business technology publications including eWeek, InfoWorld, CNet and TechTarget. You can reach him on LinkedIn