As information assets grow – as well as more and more data leaks – a flurry of new products are hitting the market dedicated to identifying publicly exposed data.
Tripwire is one of the many organisations offering new solutions. Yesterday (April 16) it announced the debut of its Container Analyzer Service; a DevOps solution for scanning vulnerabilities in the build phase that is now available for beta customers.
During the build phase, it can be used to perform complete vulnerability analysis of Docker images, systematically approving images or preventing further use of them.
Its new File Integrity Monitoring (FIM) capabilities meanwhile offer container vulnerability assessment for AWS S3 and Azure Blob. (Its security configuration and integrity monitoring also spans Google Cloud Platform and Oracle Cloud).
“We’ve expanded our capabilities to help organisations keep their cloud environments properly configured and prevent inadvertent exposure of their data” said Tim Erlin, vice president of product management and strategy at Tripwire.
He added that this is critical as “environments grow more complex with the adoption of hybrid and multi-cloud models.”
Computer Vision to Spot Pixel Level Info
Others are also pushing similar new products. A new AI-powered governance and data protection solution: MinerEye’s Data Tracker was launched last week. It has also been developed to help users identify, organize, track and protect vast information assets “including undermanaged, unstructured and dark data”.
“Companies cannot protect, manage or utilize information they can’t find,” said the company’s CEO Yaniv Avidan. “MinerEye fuses computer vision and machine learning to track information at the byte and pixel level, which no other solution has achieved.”
Just one single virtual machine manages 120 terabytes throughout its lifecycle, Avidan adds. The technology can be maintained “with no local agent, an insignificant network and CPU footprint” said MinerEye, which is demonstrating the new technology in the Security Shark Tank® during this week’s RSA 2018 Conference in San Francisco.
The launches come as organisations are increasingly deploying software to both servers and end user devices that make use of cloud services.
This may be an explicitly stated feature of the product (such as cloud storage for data backup or synchronisation between devices), an implicit function (such as a line-of-business application reporting usage statistics to the developer), or an anti-malware product using a cloud service to analyse suspicious files.
As the UK’s NCSC has highlighted: “It’s easy to overlook the nature of these cloud interactions, and the security implications.”