CloudHealth Secure State

Build a unified security monitoring approach for AWS, Azure, and Google Clouds to understand how a minor configuration change can elevate risk across all connected objects

• Monitor ephemeral cloud resources and detect security events within minutes without excessive API calls to cloud
• Visualize cloud resource relationships and associated misconfigurations, threats, metadata, and change activity
• Explore inventory with typeahead search and investigate risks with powerful visualization capabilities for navigating cloud topology
• Audit configuration changes and track progress developers are making in resolving security violations

Establish organizational-wide standards while enabling flexibility through exceptions and policy customization

• Educate developers on security and compliance risks and how to harden configurations according to CIS, NIST, SOC2, GDPR, HIPAA, and PCI controls
• Define custom security policies and frameworks to precisely express unique business, cloud environment, or application needs
• Allow exceptions to security policies by suppressing controls or specific findings that are not applicable to the environment, cloud account, or team
• Focus on cloud resources or controls with maximum security exposures by prioritizing violations based on quantified risk

Resolve existing and new misconfigurations with flexible, in-account remediation

• Automate actions across cloud environments without sharing write access privileges with CloudHealth Secure State monitoring service
• Engage and contribute new custom remediation jobs to the open-source community to help service users resolve findings faster
• Remediate existing violations by targeting actions to resources and enabling developers to automate changes based on published actions
• Proactively auto-remediate new violations with guardrails that help developers avoid critical mistakes and reduce security risk

Drive security and compliance improvements by distributing insights across stakeholder teams

• Centrally define security baselines while enabling developers to monitor and fix security violations in their environments through role-based access controls
• Continuously verify security verification within CI/CD pipelines and notify developer and operations teams with real-time Slack alerts
• Streamline visibility for security operations teams by integrating cloud misconfiguration insights within Splunk app
• Intelligently monitor threats by correlating AWS GuardDuty insights with resource misconfigurations, relationship context, and change activity