Fugue Releases Best Practices Framework
November 07, 2019

Fugue announced the release of the Fugue Best Practices Framework to help cloud engineering and security teams identify and remediate dangerous cloud resource misconfigurations that aren’t addressed by common compliance frameworks.

Users can deploy the Fugue Best Practices Framework within minutes to improve the security posture of their Amazon Web Service (AWS) cloud environments.

The Fugue Best Practices Framework is designed to complement standards such as the CIS Foundations Benchmark to provide additional protection against today’s advanced misconfiguration attacks.

“Enterprise cloud and security teams are recognizing that their current cloud security posture leaves them vulnerable to newer and more sophisticated misconfiguration attacks,” said Phillip Merrick, CEO of Fugue. “The Fugue Best Practices Framework gives cloud teams a simple tool to quickly identify these misconfigurations in their cloud environment and the most comprehensive security against cloud misconfiguration risk when used in combination with a framework like the CIS Foundations Benchmark.”

The Fugue Best Practices Framework includes rules covering the following cloud vulnerabilities:

- Identity and Access Management (IAM) misconfigurations that can provide bad actors, including malicious insiders, with the ability to move laterally and discover resources to exploit

- S3 bucket policy misconfigurations that can be exploited in order to take data exfiltration actions

- VPC Security Group rule misconfigurations that can enable malicious access via Elasticsearch, etcd, and MongoDB services

Fugue will continue to add new rules to the Fugue Best Practices Framework as new misconfiguration attack vectors are identified.

The Fugue Best Practices Framework joins a growing number of out-of-the-box cloud compliance frameworks Fugue provides, including CIS Foundations Benchmarks, GDPR, HIPAA, ISO 27001, NIST 800-53, PCI, and SOC 2. Fugue also supports custom rules using Open Policy Agent, an open source policy as code engine, making it easy for enterprise cloud teams to create cloud infrastructure policies tailored to meet their specific use cases and security requirements.

The Fugue Best Practices Framework is available now for all Fugue customers.

Share this

Industry News

Progress Unveils Native Next.js Support in Sitefinity, Offering Maximum Flexibility to Create and Scale Digital Experiences
November 21, 2024

Progress announced new powerful capabilities and enhancements in the latest release of Progress® Sitefinity®.

Red Hat Enterprise Linux 9.5 Released
November 21, 2024

Red Hat announced the general availability of Red Hat Enterprise Linux 9.5, the latest version of the enterprise Linux platform.

Securiti AI Introduces Security for AI Copilots in SaaS Apps
November 21, 2024

Securiti announced a new solution - Security for AI Copilots in SaaS apps.

Spectro Cloud Raises $75m Series C Funding
November 20, 2024

Spectro Cloud completed a $75 million Series C funding round led by Growth Equity at Goldman Sachs Alternatives with participation from existing Spectro Cloud investors.

CNCF Expands Certification to Platform Engineering and More
November 20, 2024

The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, has announced significant momentum around cloud native training and certifications with the addition of three new project-centric certifications and a series of new Platform Engineering-specific certifications:

Red Hat OpenShift AI 2.15 Announced
November 20, 2024

Red Hat announced the latest version of Red Hat OpenShift AI, its artificial intelligence (AI) and machine learning (ML) platform built on Red Hat OpenShift that enables enterprises to create and deliver AI-enabled applications at scale across the hybrid cloud.

Salesforce Introduces Agentforce Testing Center
November 20, 2024

Salesforce announced agentic lifecycle management tools to automate Agentforce testing, prototype agents in secure Sandbox environments, and transparently manage usage at scale.

OpenText Releases Cloud Editions 24.4
November 19, 2024

OpenText™ unveiled Cloud Editions (CE) 24.4, presenting a suite of transformative advancements in Business Cloud, AI, and Technology to empower the future of AI-driven knowledge work.

Red Hat Developer Hub Upgraded
November 19, 2024

Red Hat announced new capabilities and enhancements for Red Hat Developer Hub, Red Hat’s enterprise-grade developer portal based on the Backstage project.

Pega GenAI Blueprint Adds AI-Driven Legacy Discovery Capabilities
November 19, 2024

Pegasystems announced the availability of new AI-driven legacy discovery capabilities in Pega GenAI Blueprint™ to accelerate the daunting task of modernizing legacy systems that hold organizations back.

Tricentis Enhances Tosca Cloud Capabilities
November 19, 2024

Tricentis launched enhanced cloud capabilities for its flagship solution, Tricentis Tosca, bringing enterprise-ready end-to-end test automation to the cloud.

Rafay Debuts New Platform Capabilities
November 19, 2024

Rafay Systems announced new platform advancements that help enterprises and GPU cloud providers deliver developer-friendly consumption workflows for GPU infrastructure.

Apiiro Introduces Code-to-Runtime
November 19, 2024

Apiiro introduced Code-to-Runtime, a new capability using Apiiro’s deep code analysis (DCA) technology to map software architecture and trace all types of software components including APIs, open source software (OSS), and containers to code owners while enriching it with business impact.

Zesty Launches Kompass
November 19, 2024

Zesty announced the launch of Kompass, its automated Kubernetes optimization platform.

Orka macOS Virtualization Now Available on Prem with Orka Engine
November 18, 2024

MacStadium announced the launch of Orka Engine, the latest addition to its Orka product line.

More Industry News