Evident.io Zeros in on Configuration Checks to Automate Cloud Security, Compliance
After setting up the cloud for Adobe Systems, Evident.io co-founders Tim Prendergast and Justin Lundy set out to create a cloud-native security platform accessible to companies of all sizes.
It couldn’t be solely about blocking unfamiliar IP addresses or using network-based agents to monitor traffic, Evident CEO Prendergast explained in an interview with Richard Stiennon, chief research analyst with security-focused IT-Harvest.
“You have these rich services doing storage, data warehousing, workflow management, real-time stream processing and there’s no IP address for any of those things. So you can’t place a host-based agent on them, you can’t put an IDS-type of product in front of them, you need something that interfaces and brings those capabilities through the API, where those services live and manage, and have security context delivered the same way,” Prendergast said.
For now focused solely on supporting clients on Amazon Web Services, Evident offers continuous monitoring and security automation while enforcing security and compliance policies. Its focus on the control plane is Evident’s biggest differentiator, according to John Martinez, Evident vice president of customer solutions.
Without consensus in the marketplace about cloud security standards at that time, the company was launched in 2013, built upon the AWS Security Best Practices whitepaper. Martinez said he sat on the committee with AWS and the Center for Internet Security that just over a year ago released the CIS AWS Foundations Benchmark, a set of security configuration best practices for AWS.
“There are no agents to install. Do not require opening of any network ports. There’s no sidecar appliance to install. It’s completely API driven. We consume the cloud provider’s API data and analyze the security configurations of it,” he said.
Through continuous monitoring, Evident can assess risk across the more than 50 AWS services, and aggregate data into a single dashboard or stream of data that’s easily transportable to partners such as Splunk or Sumo Logic for further analysis. In all, it performs more than 110 security best-practice checks. These analyses are basically configuration checks, according to Martinez.
Configuration errors have been blamed for a growing number of high-profile breaches, including a MongoDB error that exposed the personal information on 93.4 million Mexican voters, and breaches with HealthCare.gov, and database maintenance at Hello Kitty parent Sanrio.
Evident asks customers to give access into their AWS environments, Martinez explained. The customer creates a third-party role within their accounts and Evident assumes this role Amazon’s security token service
“We ask customers to give us an AWS managed security audit policy so we can ask AWS to provide the permissions we need,” he said.
Using the API metadata, it lists and describes every resource discovered in a customer’s account, then runs its security analysis engine on top of that.
Beyond real-time monitoring, it builds hourly reports that go into dashboards built into the SaaS platform.
“In the alerts that we generate, we actually do quite a bit of painstaking research,” Martinez said. “We’ll research not only what it is we need to check, but also provide guided remediation. Here’s what to check, here’s how to fix that, and we’re also giving them the API metadata as part of that. Those alerts can, however, be transported to external systems.”
It has integrations with Splunk and Sumo Logic on logging, Slack on chat, as well as JIRA, and PagerDuty. It can be employed in CI/CD applications as well, Martinez said.
One use case for the technology would be in a templated deployment in AWS. The user could deploy the template, create a subset of that infrastructure, run a report out of Evident, then programmatically go check that the security settings are correct.
On the continuous side, it offers enforcement of security standards. Through an integration, a customer could use AWS Lambda, for example, to auto-remediate specific issues.
And in compliance, it can help customers test for the customer responsibility controls set forth in the AWS Customer Responsibility Compliance document for PCI compliance, for example. Those are just the infrastructure tests for compliance, however, Martinez pointed out.
Even as enterprise workloads are being shifted to cloud, use of private clouds is growing faster than public clouds, according to RightScale’s 2016 State of the Cloud report. It found AWS used by 57 percent of survey respondents. It found, on average, companies using three public clouds and three private clouds, and growing interest in managing hybrid clouds.
https://youtu.be/Nj6Qepg_JBk
Many enterprises have a specific line of business or work set that’s natively in the cloud and have no tie to a data center or legacy systems, cases in which Evident picked up customers quickly, Martinez said. It also offers a self-hosted version of the platform which organizations can deploy and manage within their own, secure AWS environments.
However, over the past year, there’s been a push from the financial sector with ties to legacy systems and data centers, so it has been working in hybrid environments as well.
Mindful of the need to branch out, Evident plans to expand its services to Azure environments in the first half of 2017, followed by Google and other clouds. It recently added a user attributions feature with AWS Cloud Trail, a service that records API calls, so that it can reveal not only what’s wrong with an environment, but who did it, where they did it from and more.
“We think it’s like a game of Clue,” Martinez said.
It also plans to delve deeper into analytics and automation going forward, he said.
The importance of security of the management plane, or ‘cloud console,’ “cannot be understated,” 451 Research said in a report on the company.
While cloud security approaches using agents offer the benefits being cloud- and architecture-agnostic, there are a huge number of external things that could affect the security posture of these instances and the virtual network they use to communicate.
“These elements can only be monitored and addressed through the management plane — arguably one of the key features of cloud infrastructure that makes it so flexible and attractive to businesses,” it states.
It names AWS Trusted Advisor as probably Evident’s chief competitor, with Dome9’s SecOps for AWS in the running. Other vendors such as CloudCheckr, New Relic, Cloudyn, Datapipe and many others overlap to various degrees, it says.
Feature Image via Pixabay.
