Modern and agile companies are increasingly adopting a “cloud-first” strategy. This requires advanced security tools to ensure the secure integration of applications into an ever-changing landscape.
The majority of the time, vulnerability and penetration testing (VAP) is a manual operation performed at the end. It lacks the repeatability and process hygiene associated with SDLC. In the CI/CD world, the existence of a manual security testing procedure creates significant operational inefficiencies.
Prancer has developed an automated pentest solution that uses its patented technology to model actual attack behaviors as code. This new technology offers earlier detection than manual penetration tests and more accurate results in less time! It provides risk-based insights into vulnerabilities and threats so companies can take action before it’s too late.
Built on top of Prancer’s CSPM and static code analysis engine, PAC extensively reduces security analysts’ time on false positives by co-relating actual vulnerability findings with cloud configuration settings in real-time. The Cyber Budgets are reduced significantly since PAC can detect potential risks more efficiently than humans ever would! This helps minimize duplication efforts across a wide range of native & third-party tools for cloud security products to make it easier than ever before to get accurate information about your organization’s risk exposure via automation.
Prancer delivers PAC in a serverless way and seamlessly integrates with your CI / CD pipelines to pentest your applications at the development time, shifting left the offensive security. PAC empowers App Dev teams to validate their application’s attack surface which is critical for effective risk management. PAC also reduces the Pentest time significantly, automating Pentest tasks and enabling Pentesters to focus on higher-value activities. This brings together application development and security into one process, to ensure the secure delivery of cloud applications.
PAC uses prancer’s CSPM engine to auto-learn the application and service endpoints hosted in your cloud networks. PAC seamlessly runs authenticated and unauthenticated testing out of the box from trusted or untrusted networks. PAC provides custom capabilities for injecting custom threats vectors into code to test both Whitebox and BlackBox scenarios giving you a fully rounded Pentesting experience.
PAC codifies and validates your cloud resources against the zero-day vulnerabilities and latest cyber security threats in real-time to build an attack-ready cloud. PAC accelerates Pentesting to provide actionable Pentest Reports within minutes of the Pentest finish instead of weeks or months. PAC is an essential part of Prancer’s Shift Left strategy and Security as Code offerings.
Infrastructure as Code Security
The best practice to deploy resources to the cloud is to leverage the power of Infrastructure as Code (IaC). That includes declarative templates, custom-built scripts, the use of available provisioning engines, and custom automation frameworks.
In a typical workflow, the DevOps engineer will author the cloud resource templates. Then she should deploy the resources to the cloud to get feedback on her work. This increases the process’s time and results in many back and forth between the DevOps engineer responsible for the cloud resource creation and the SecOps team responsible for the cloud security.
Prancer platform shifts security to the left and gives the DevOps engineer early feedback on her codes. The security compliance policies available out of the box can show the misconfigurations to the cloud engineer with every commit she is making to the code repo. It also can provide automatic remediation on the code and file a PR on behalf of the user to fix the issue. This increases the speed of deployment while maintaining high-security standards. SecOps team can make sure all of their policies are in place and the code is verified and validated before even the provisioning process starts.
For IaC security, Prancer currently supports Azure ARM templates, AWS Cloud formations, Google Deployment templates, Kubernetes Objects, Terraform and custom json and yaml files. We have a comprehensive database of policies based on industry compliance frameworks like CIS , NIST 800, PCI, HIPPA, HITRUST, CSA CCM and ISO 27001. Moreover, it is possible for the SecOps team to write their custom policies based on enterprise requirements.
Cloud Continuous Compliance
Cloud implementations could grow exponentially over time. For an average company, there are thousands of resources available in the cloud. Maintaining these resources and make sure they are secure is a difficult task.
Also, cloud providers introduce new features and configurations to their cloud resources every week, and it is hard to keep up with these changes from the security and compliance standpoint.
Moreover, cloud security is a dynamic, ever-growing technical field. Usually, it is hard to find professionals who have technical depth in cloud security. And those professionals should keep themselves up to date to make sure they understand all the details and complexities in the cloud.
On top of those, it is very possible that configuration drifts happen in your cloud environment. Cloud engineers using the cloud portal change the configurations on a needed basis, and sometimes, this could introduce security vulnerability to the environment. Due to the scale of resources in the cloud, it is usually hard to find these configuration drifts right away.
Prancer Platform has a continuous compliance scanning engine that can connect to your environment and scan the cloud environment in real-time. Prancer platform can drastically increase your cloud security posture management (CSPM).
Prancer Platform identifies configuration drifts on cloud resources and provides auto-remediation for non compliant resources. From Prancer Portal interface, SecOps team can easily find anomalies in their environment and auto remediate security problems with a click of a button.
Currently, Prancer platform supports Azure, AWS and Google cloud along with Kubernetes clusters. Prancer has implemented the Policy as Code concept for its workflow. We have a comprehensive database of policies with more than 1000 policies based on industry compliance frameworks such as CIS , NIST 800, PCI, HIPPA, HITRUST, CSA CCM and ISO 27001. Moreover, it is possible for the SecOps team to write their custom policies based on enterprise requirements.
Prancer professional services are always available to help you through public channels and private consulting sessions for your security needs.