Platform Overview

Ensure Cloud Infrastructure Security
from Deployment Time

CloudCoreo offers a proactive and continuous approach for keeping your public cloud secure.

Most products are focused on reactive security—finding issues in production and then looping back to development to fight for fixes to be prioritized. We think there’s a better way, a proactive security approach that puts insight and responsibility directly in the hands of cloud builders without leaving security in a silo.

In addition to scheduled infrastructure scans, CloudCoreo offers deploy time checks for provisioned or modified cloud objects, enabling you to test infrastructure security as part of your deployment pipeline.

A Better Time for Fixes

Streamline remediation, reduce risk, and lower technical debt.

The best way to eliminate vulnerabilities is to ensure configuration is hardened from the start. With CloudCoreo Deploy Time, provide immediate feedback to your DevOps and cloud deployers by integrating with their process and tools.

  • CloudCoreo Deploy Time provides scoped audit results inline for cloud deployers, focusing on the cloud objects or hosts created or changed by a run
  • Our Jenkins Plugin integrates cloud infrastructure checks directly into your CI/CD pipeline, enabling you to trigger notifications or fail builds based on the results
  • No changes to your existing development process—works with the tools you’re already using

Cloud Expertise, On Demand

Schedule regular checks of your infrastructure and our powerful rules engine will inventory what’s in your cloud accounts, and find out if there are any misconfigurations that are putting you at risk.

Out of the box rulesets including security, best practice checks, and industry benchmarks, can be customized to meet your organization’s internal standards and policies.

    • Target any group of servers and run critical security controls across your infrastructure

      Example Hardening Profiles and Checks
      Apache 2 Baseline E.g. Ensure insecure HTTP-methods are disabled
      MySQL Baseline E.g. Detect ‘skip grant tables’ which can inadvertently open DB access to the world
      PostgreSQL Baseline E.g. Limit non-trusted procedural languages to protect OS-Level access permissions
      SSH Baseline E.g. Test enabled protocol versions (SSLv3, TLSv1.1, etc)
      PHP Baseline E.g. Disable Global Variables to reduce the risk of PHP injection attacks
      Nginx Baseline E.g. Ensure cross-site scripting filter is enabled
      CIS Docker 1.12.0 Benchmark E.g. Check for use of privileged containers or secrets stored in Dockerfiles
      CIS Kubernetes 1.1.0 Benchmark E.g. Disable anonymous requests to the federation API server

      Example Hardening Profiles and Checks
      Linux Hardening Baseline E.g. Tcp_syncookies enabled (protection against SYN flood attacks)
      CIS Distribution Independent Linux 1.0.1 Benchmark E.g. Ensure iptables is configured with a default deny policy
      Windows Hardening Baseline E.g. Strong Encryption for Windows Remote Desktop Required
      Windows Patch Baseline E.g. All important updates are installed

      Insights for the Entire Organization

      CloudCoreo provides a single, shared view, providing both DevOps and security teams with full visibility into high risk violations. Historical dashboards highlight trends to track progress across teams, cloud accounts, and builds so everyone can see where things are getting better (or worse).

      Slice your infrastructure by app, project team, tag, or whatever key dimension you work in for results that complement the way you work

      Streamline suppression approval and workflow

      Built for Modern Cloud Applications

      Rulesets are managed like software—code-driven and git controlled

      API enabled inspections check both cloud based services and their hosts

      We support AWS and Azure, with Google Cloud coming soon