John Rosatti Yachts | John Rosatti Official Blog
It is always better to hear from a professional than just another web user and perhaps that is why people pay heed when John Rosatti speaks about yachts and classic cars. In this blog, John Rosatti reflects on both the passions that built him a fortune. From personal experiences to technical details, he makes sure there is enough to learning.
John Rosatti Yachts | John Rosatti Official Blog

Tripwire monitors hybrid AWS environments for security risks

Tripwire Inc. launched a new service to provide security controls for hybrid cloud environments that use Amazon Web Services Inc. (AWS).
The company announced its Cloud Management Assessor service. This will allow the company to extend the functionality of its Tripwire enterprise solution to the AWS cloud. It reportedly provides real time threat detection and security automation.
The tool targets hybrid enterprise implementations that combine physical, virtual, private, and public cloud environments to provide operational flexibility. This can potentially complicate an organization’s security landscape.
Yesterday’s statement by CTO David Meltzer stated that Tripwire Enterprise with Cloud Management Assessor gives extended visibility and security configuration management to cloud interfaces. The solution also manages this information in a single system that is used to maintain security for on premise environments. This provides a consolidated approach for maintaining cybersecurity best practice and compliance for organizations that adopt Amazon Web Services.
Multiple reports have recently highlighted security vulnerabilities in cloud platforms, including AWS, particularly in the back-end systems that support mobile applications. These vulnerabilities are primarily due to human error, such as user misconfigurations, and not inherent issues with the platforms.
We reported earlier this month that a firm discovered terabytes worth of unencrypted data, including personal information, on cloud back-ends. We also covered a security company that claimed that 82 percent of public clouds databases were not encrypted. These reports were added to the cloud security woes exposed in recent ransomware attacks that took hostage unsecured databases such as MongoDB.
Tripwire did not specifically state that its new AWS service would address these user-error issues. However, the Tripwire Enterprise site states that the solution provides security automation as well as remediations. It also states that configuration errors require corrective measures. Tripwire Remediation Manager provides automation and guidance to quickly repair broken or security misconfigurations. It integrates with SIEMs and IT-GRC, workflow system, change management systems, and other systems.
The topic of configuration was also mentioned in a Tripwire presentation at Infosecurity Europe 2017.
Ben Layer introduces Cloud Management Assessor, an integration to Tripwire Enterprise that allows you to evaluate Amazon Web Services management interfaces and determine if they are secure. Many users are now asking the question, “Is my Amazon Web Services management account secure? If not, what can I do to secure it?” The Cloud Management Assessor allows users to answer these questions using the Center for Internet Security AWS foundations Benchmark policy. The Cloud Management Assessor links in Amazon Web Services configuration monitoring and compliance monitoring alongside the rest of the customers’ Tripwire-monitored assets.
Tripwire announced that Cloud Management Assessor is now available and invited anyone interested to contact them.