Hi everyone,

We are in serious crunch time as we prepare to compete as a finalist in the RSA Security Conference Innovation Sandbox. For a startup like ourselves it doesn’t get any better. Well, maybe a little better after we win.

As we prepare for RSA we are focused on stability and performance improvements. We also have a bunch of front end work for new capabilities that are in early testing but not released to beta quite yet. Lastly, we are closing in on our general availability release and expanding our beta testing daily.

We are participating in a bunch of activities at RSA if you want to say hello. On Monday I will be moderating a panel at DevSecOps Connect. But right before that is the Innovation Sandbox, including time to come get a demo while we show off our A game. On Tuesday I have my main RSA session, “Lift and Shift don’t Lift and Pray” on strategies for migrating existing infrastructure and applications to cloud. That’s followed by the 11th Annual Securosis Disaster Recovery Breakfast where DisruptOps is one of the sponsors.

Our schedules are nearly full, but we do have a few slots left if anyone wants to sit down and get an in-person demo or meeting. Just email me directly at [email protected]

Core Product Features

  • Back end architectural changes to improve scalability and performance.These are predominantly planned enhancements to prepare us for massive growth as we move out of beta and manage, and ALSO TO remove a couple small bottlenecks we discovered as larger clients started beta testing larger production environments.
  • Inventory event-driven parallelization and efficiency improvements. One major focus is on minimizing our impact on AWS API service limits. These were planned architectural changes to support future dynamic inventory capabilities.
  • Data storage updates to store Op configuration data at the client or policy level. This is required to support dynamic Op configuration features which are near release.
  • Blue/Green testing of delayed actions (front end testing). This will allow you to trigger a notification and create an issue but delay a manual or automated action to allow someone time to respond.
  • Blue/Green testing of delayed exemptions (front end testing). Supports creating an exemption for a limited time period before the Issue returns to the Open list.

New Ops

The following Ops are deployed to production and will start appearing in your library this week:

  • Manage MFA: This Op replaces our _Enforce MFA_ Op. It includes more extensive configuration options and better detection of existing MFA in your accounts. One of our ongoing priorities is designing Ops that can detect and adapt to the myriad ways AWS allows you to implement different controls. In this case we implemented extensive logic to detect different types of MFA enforcement and evaluate your existing MFA policy (if you have one).Keep in mind that this applies to IAM Users only — IAM roles based on a federated identity provider require MFA enforcement on the IDP side of the relationship. This can’t be enforced on the AWS side unless you pass a custom attribute, which is not the default on most IDP tools.
  • Manage IAM Policy Attachments: Per the Center for Internet Security, IAM policies should only be attached to IAM Groups or Roles, and not directly to users. This Op will detect policies attached directly to users and allow you to detach them.

Updated Ops

  • Bug Fixes to the Inactive IAM Users Op: Two bug fixes to the actions associated with the Op.

Leave A Comment

nineteen − sixteen =

About the Author: Rich Mogull

Rich Mogull
With twenty years of experience in information security, physical security, and risk management, Rich is one of the foremost experts on cloud security, having driven development of the Cloud Security Alliance’s V4 Guidance and the associated CCSK training curriculum. In addition to his role at D-OPS, Rich currently serves as Analyst & CEO of Securosis.

Sign-up for Updates!

  • This field is for validation purposes and should be left unchanged.


Related Posts