Fugue Releases Best Practices Framework
November 07, 2019

Fugue announced the release of the Fugue Best Practices Framework to help cloud engineering and security teams identify and remediate dangerous cloud resource misconfigurations that aren’t addressed by common compliance frameworks.

Users can deploy the Fugue Best Practices Framework within minutes to improve the security posture of their Amazon Web Service (AWS) cloud environments.

The Fugue Best Practices Framework is designed to complement standards such as the CIS Foundations Benchmark to provide additional protection against today’s advanced misconfiguration attacks.

“Enterprise cloud and security teams are recognizing that their current cloud security posture leaves them vulnerable to newer and more sophisticated misconfiguration attacks,” said Phillip Merrick, CEO of Fugue. “The Fugue Best Practices Framework gives cloud teams a simple tool to quickly identify these misconfigurations in their cloud environment and the most comprehensive security against cloud misconfiguration risk when used in combination with a framework like the CIS Foundations Benchmark.”

The Fugue Best Practices Framework includes rules covering the following cloud vulnerabilities:

- Identity and Access Management (IAM) misconfigurations that can provide bad actors, including malicious insiders, with the ability to move laterally and discover resources to exploit

- S3 bucket policy misconfigurations that can be exploited in order to take data exfiltration actions

- VPC Security Group rule misconfigurations that can enable malicious access via Elasticsearch, etcd, and MongoDB services

Fugue will continue to add new rules to the Fugue Best Practices Framework as new misconfiguration attack vectors are identified.

The Fugue Best Practices Framework joins a growing number of out-of-the-box cloud compliance frameworks Fugue provides, including CIS Foundations Benchmarks, GDPR, HIPAA, ISO 27001, NIST 800-53, PCI, and SOC 2. Fugue also supports custom rules using Open Policy Agent, an open source policy as code engine, making it easy for enterprise cloud teams to create cloud infrastructure policies tailored to meet their specific use cases and security requirements.

The Fugue Best Practices Framework is available now for all Fugue customers.

Share this

Industry News

July 09, 2020

ShiftLeft released a new version of NextGen Static Analysis (NG SAST), including new workflows, purpose-built for developers that significantly improve security, while enhancing productivity.

July 09, 2020

RunSafe Security announced a partnership with JFrog that will enable RunSafe to supercharge binary protections via a simple plugin that JFrog users can deploy within their Artifactory repositories and instantly protect binaries and containers.

July 09, 2020

LeanIX closed $80 million in Series D funding led by new investor Goldman Sachs Growth.

July 08, 2020

Afi.ai introduced Afi Data Platform, a cloud-based replication and resiliency service that helps to monitor, predict downtime and recover K8s applications.

July 08, 2020

D2iQ announced the release of Conductor, a new interactive learning platform that enables enterprises to access hands-on cloud native courses and training.

July 08, 2020

SUSE entered into a definitive agreement to acquire Rancher Labs.

July 07, 2020

Micro Focus announced AI-powered enhancements to the intelligent testing capabilities of the UFT Family, a unified set of solutions designed to reduce the overall complexity of automating the functional testing processes.

July 07, 2020

Push Technology announced the launch of a new Service API capability for Diffusion Cloud, Push’s Real-Time API Management Cloud Platform.

July 07, 2020

Lightrun exited stealth and announced $4M in seed funding for the first complete continuous debugging and observability platform for production applications.

July 01, 2020

JFrog announced the launch of ChartCenter, a free, security-focused central repository of Helm charts for the community.

July 01, 2020

Kong announced a significant upgrade to open source Kuma, Kuma 0.6, available today.

July 01, 2020

Compuware Corporation, a BMC company, announced new capabilities that further automate and integrate test data and test case execution, empowering IT teams to achieve high-performance application development quality, velocity and efficiency.

June 30, 2020

Couchbase announced the general availability of Couchbase Cloud, a fully-managed Database-as-a-Service (DBaaS).

June 30, 2020

Split Software announced new capabilities designed to accelerate the adoption of feature flags in large-scale organizations.

June 30, 2020

WhiteHat Security announced a discounted Web + Mobile Application Security bundle to help organizations secure the digital future.