Public Cloud Security Provider Dome9 Adds Automatic Remediation To Its ‘Compliance Engine’

Dome9 Security, a public cloud security company offering organizations full visibility and control of their security posture, has added new capabilities to their Dome9 Compliance Engine solution that would extend the scope of the platform’s automation beyond security and compliance monitoring and assessment to active remediation.

Using this new Compliance Engine functionality, enterprises would be enabled to accelerate the resolution of dangerous misconfigurations and minimize the window of vulnerability in their public cloud environments.

“The dynamic nature of the public cloud and its fluid perimeters create a very small window within which any potential issues such as exposed storage buckets need to be found and fixed before they are exploited by malicious actors,” said Zohar Alon, co-founder and CEO of Dome9 Security. “The most effective way to secure public cloud environments is through end-to-end automation and continuous enforcement of a strict security posture.”

The Dome9 Compliance Engine already offers automation to quickly assess the security and compliance posture of cloud environments and identify risks and gaps such as overly permissive security rules and weak passwords. The “unique” open-source CloudBots framework would extend the Dome9 Compliance Engine to bring the power of automation to the entire compliance management lifecycle while still giving security operations teams complete control and flexibility over what actions are taken in their cloud environment.

Open-Source GitHub Repository

CloudBots is a server-less framework that can be deployed with a single click in a few minutes. A cloud security administrator can configure the Compliance Engine to automatically trigger a remediation function when a check associated with a compliance control or security best practice fails. The function, called a CloudBot, is run entirely within the customer’s environment, eliminating the need to grant 3rd party access to sensitive services and permissions. Dome9 has created an open-source GitHub repository for the community to build a library of CloudBots that represent remediation best practices.

“The Dome9 Compliance Engine continuously scans relevant cloud accounts in AWS, Azure and Google Cloud environments for policy violations, and then provides immediate alerts and reports. For some organizations, that is enough,” said Roy Feintuch, CTO, and co-founder of Dome9. “However, in large-scale cloud adoption, organizations prefer to move towards an automatic remediation approach where the system leverages CloudBots to address specific violations. This approach can reduce the workload for security operators and drastically reduce the time to resolve security issues.”