Compliance Engine (CE) provides automation to analyze and rectify your cloud infrastructure using rules and actions you define. CE leverages CMDB to evaluate all infrastructure resources across all clouds. CMDB is used to gather cloud operations, identify risks, and take action—again, according to the policies and rules you define—to alert, mitigate, or remediate problems.
• Out of the box CIS Benchmarks for AWS, Azure and GCP
• 450+ custom policies engineered for optimizing spending and security
• Policies can make evaluations based on any data in CMDB
• Develop custom policies using standard programming language
• Advanced exception handling process
• Integrations with ticketing systems like JIRA, ServiceNow and ServiceDesk
• Violation routing and escalation workflows.
Key Differentiators and Competitors
Cloudaware CE competes primarily with products like:
• Compliance as a service. If CE does not contain a compliance policy you need, we deliver it in 48 hours or less.
• Uses CMDB data to route violations to appropriate teams
• Allows policy creation not just based on the data from cloud provider but also based on customer imported and other CMDB data.
• Provides programming language environment for users to develop their own custom policies.
• Requires minimal API calls to the cloud provider. This eliminates cost overhead and API throttling issues.
• Only compliance engine on the market that has exemption handling workflows.
Violation Routing and Exemption Handling
Security teams are overwhelmed with security violations and alerts. Current products on the market further exacerbate this problem by burdening security teams with yet more event data. CE takes a different approach – violations are routed immediately to the responsible teams, account owners, account security contacts, etc.
Non-Cloud Provider Data
Current solutions on the market can make compliance evaluations only based on the data returned from the cloud provider. CE makes compliance engine based on its rich CMDB database that contains not only data from cloud providers, but also from operating systems and over 100 other API integrations, such as Tenable and NewRelic.
Because of enhanced CMDB data, it is possible to create policies that take into consideration installed software, presence of known security vulnerabilities or billing data to make compliance decisions.
Compliance As A Service
Users can request Cloudaware support to deliver any custom compliance engine policy in 48 hours or less. Additionally, users can develop their own policies using open programming language based on Java.
Some buckets are meant to be public and some servers are meant to have sensitive ports open to the world. In order to maintain security without sacrificing functionality, compliance exemption handling is essential, especially for large organization with 100+ AWS accounts, where number of violations can quickly climb into thousands including false positives.
Supported Compliance Engine Policies
List of policies is updated on a weekly basis. You can find them here.
Note: You will need to start your own trial to access the list of the most recent policies.
Supported Ticketing Systems
CE offers stateful ticketing integration, meaning it will not only open tickets when violations are opened, but can update and close the tickets when it identifies that the violation has been resolved.
CMDB and CE are built on top of powerful Einstein Analytics from Salesforce. Here, customers can easily visualize compliance reports and remediation trends.