Ensure Cloud Infrastructure Security
from Deployment Time
CloudCoreo offers a proactive and continuous approach for keeping your public cloud secure.
Most products are focused on reactive security—finding issues in production and then looping back to development to fight for fixes to be prioritized. We think there’s a better way, a proactive security approach that puts insight and responsibility directly in the hands of cloud builders without leaving security in a silo.
In addition to scheduled infrastructure scans, CloudCoreo offers deploy time checks for provisioned or modified cloud objects, enabling you to test infrastructure security as part of your deployment pipeline.
A Better Time for Fixes
Streamline remediation, reduce risk, and lower technical debt.
The best way to eliminate vulnerabilities is to ensure configuration is hardened from the start. With CloudCoreo Deploy Time, provide immediate feedback to your DevOps and cloud deployers by integrating with their process and tools.
Cloud Expertise, On Demand
Schedule regular checks of your infrastructure and our powerful rules engine will inventory what’s in your cloud accounts, and find out if there are any misconfigurations that are putting you at risk.
Out of the box rulesets including security, best practice checks, and industry benchmarks, can be customized to meet your organization’s internal standards and policies.
Apache 2 Baseline E.g. Ensure insecure HTTP-methods are disabled
MySQL Baseline E.g. Detect ‘skip grant tables’ which can inadvertently open DB access to the world
PostgreSQL Baseline E.g. Limit non-trusted procedural languages to protect OS-Level access permissions
SSH Baseline E.g. Test enabled protocol versions (SSLv3, TLSv1.1, etc)
PHP Baseline E.g. Disable Global Variables to reduce the risk of PHP injection attacks
Nginx Baseline E.g. Ensure cross-site scripting filter is enabled
CIS Docker 1.12.0 Benchmark E.g. Check for use of privileged containers or secrets stored in Dockerfiles
CIS Kubernetes 1.1.0 Benchmark E.g. Disable anonymous requests to the federation API server
Linux Hardening Baseline E.g. Tcp_syncookies enabled (protection against SYN flood attacks)
CIS Distribution Independent Linux 1.0.1 Benchmark E.g. Ensure iptables is configured with a default deny policy
Windows Hardening Baseline E.g. Strong Encryption for Windows Remote Desktop Required
Windows Patch Baseline E.g. All important updates are installed
S3 All authenticated AWS users can write the affected bucket
IAM Account using inline policies
EC2 Instance has improper or no tags
EC2 Security group allows unrestricted traffic
ELB ELB is using old SSL policy
RDS RDS is publicly accessible to the world
RDS RDS not set to automatically upgrade
Insights for the Entire Organization
CloudCoreo provides a single, shared view, providing both DevOps and security teams with full visibility into high risk violations. Historical dashboards highlight trends to track progress across teams, cloud accounts, and builds so everyone can see where things are getting better (or worse).