Fugue Releases Best Practices Framework
November 07, 2019

Fugue announced the release of the Fugue Best Practices Framework to help cloud engineering and security teams identify and remediate dangerous cloud resource misconfigurations that aren’t addressed by common compliance frameworks.

Users can deploy the Fugue Best Practices Framework within minutes to improve the security posture of their Amazon Web Service (AWS) cloud environments.

The Fugue Best Practices Framework is designed to complement standards such as the CIS Foundations Benchmark to provide additional protection against today’s advanced misconfiguration attacks.

“Enterprise cloud and security teams are recognizing that their current cloud security posture leaves them vulnerable to newer and more sophisticated misconfiguration attacks,” said Phillip Merrick, CEO of Fugue. “The Fugue Best Practices Framework gives cloud teams a simple tool to quickly identify these misconfigurations in their cloud environment and the most comprehensive security against cloud misconfiguration risk when used in combination with a framework like the CIS Foundations Benchmark.”

The Fugue Best Practices Framework includes rules covering the following cloud vulnerabilities:

- Identity and Access Management (IAM) misconfigurations that can provide bad actors, including malicious insiders, with the ability to move laterally and discover resources to exploit

- S3 bucket policy misconfigurations that can be exploited in order to take data exfiltration actions

- VPC Security Group rule misconfigurations that can enable malicious access via Elasticsearch, etcd, and MongoDB services

Fugue will continue to add new rules to the Fugue Best Practices Framework as new misconfiguration attack vectors are identified.

The Fugue Best Practices Framework joins a growing number of out-of-the-box cloud compliance frameworks Fugue provides, including CIS Foundations Benchmarks, GDPR, HIPAA, ISO 27001, NIST 800-53, PCI, and SOC 2. Fugue also supports custom rules using Open Policy Agent, an open source policy as code engine, making it easy for enterprise cloud teams to create cloud infrastructure policies tailored to meet their specific use cases and security requirements.

The Fugue Best Practices Framework is available now for all Fugue customers.

Share this

Industry News

April 08, 2020

JFrog is launching the FrogCare program for companies and organizations who are actively researching and fighting COVID-19.

April 08, 2020

Split Software announced a pre-built integration with mParticle, a customer data platform for enterprise B2C brands.

April 08, 2020

SmartBear announced the acquisition of Test Management for Jira (TM4J), an user-rated QA and test management app in Jira for enterprise teams, from London-based Adaptavist.

April 07, 2020

Docker has open sourced the Compose Specification into a standalone organization on GitHub with open governance.

April 07, 2020

AppGyver, a Finnish software company, is unveiling its new Composer Pro product to the public after four years of quiet development.

April 07, 2020

Red Hat named Paul Cormier as President and CEO of Red Hat.

April 06, 2020

Alcide announced that the Alcide Kubernetes Security Platform now supports HIPAA compliance scans.

April 06, 2020

Copado announced the immediate availability of free access to its platform for anyone working on applications to fight COVID-19.

April 06, 2020

JourneyApps will open its low-code app development platform at no charge to state governments, healthcare agencies and NGOs fighting the rapidly-spreading COVID-19 pandemic.

April 02, 2020

VMware announced the general availability of VMware vSphere 7, the biggest evolution of vSphere in over a decade.

April 02, 2020

Grafana Labs announced that Cortex v1.0 is generally available for production use.

April 02, 2020

IT Revolution announced new dates, extended pricing and its first round of confirmed speakers for DevOps Enterprise Summit Las Vegas 2020. Hosted at The Cosmopolitan of Las Vegas, DevOps Enterprise Summit will now take place November 9-11, 2020.

April 01, 2020

Compuware Corporation announced new capabilities that enable application development teams to automate performance tests early in the development lifecycle, helping large enterprises speed time to market and improve application performance—while decreasing the significant and unnecessary cost of wasted time.

April 01, 2020

PlanetScale released the newest version of PlanetScaleDB, a multi-cloud database.

April 01, 2020

Datawire announced the newest release of Ambassador Edge Stack that is designed to speed up the inner development loop.