Bridgecrew Drops New Developer-first Platform, Streamlines Infrastructure Security from Code to Cloud

Bridgecrew | June 09, 2020

  • Bridgecrew transforms how teams secure their public cloud by embedding infrastructure security earlier in development lifecycles.

  • With new run-time and build-time integrations, Bridgecrew equips developers with automated fixes for cloud security issues—and delivers them as code.

  • Infrastructure-as-code allows teams to provision cloud workloads at scale, presenting both a challenge and opportunity when it comes to security.


Bridgecrew transforms how teams secure their public cloud by embedding infrastructure security earlier in development lifecycles. With new run-time and build-time integrations, Bridgecrew equips developers with automated fixes for cloud security issues—and delivers them as code. Public cloud security posture in run-time Bridgecrew connects seamlessly to cloud environments with run-time scanning for AWS, Azure, and Google Cloud. As teams expand their cloud footprints, Bridgecrew automatically identifies run-time issues that expose them to risk.


But unlike compliance and reporting tools, Bridgecrew comes fully equipped with automated playbooks to correct misconfigured resources. Infrastructure-as-code and workload protection in build-time. Infrastructure-as-code allows teams to provision cloud workloads at scale, presenting both a challenge and opportunity when it comes to security. Bridgecrew helps teams keep infrastructure-as-code secure by scanning for issues in Kubernetes, Terraform, and AWS CloudFormation. Bridgecrew also provides fixes at the infrastructure-as-code level—developers can open pull requests through version control system integrations with GitHub and Bitbucket or run code in their local environments.



Read more: NEED FOR EASY IT INFRASTRUCTURE MANAGEMENT IS DRIVING THE ADVANCED STRUCTURED CABLING MARKET

Infrastructure-as-code allows teams to provision cloud workloads at scale, presenting both a challenge and opportunity when it comes to security, Bridgecrew helps teams keep infrastructure-as-code secure by scanning for issues in Kubernetes, Terraform, and AWS CloudFormation.

~ AWS CloudFormation


Developer ecosystem integrations. In addition to providing cloud security posture visibility and automated remediations, Bridgecrew prevents cloud misconfigurations through CI/CD pipeline integrations with GitHub Actions, CircleCI, and Jenkins. Teams get cloud security monitoring as part of every build, ensuring that misconfigurations aren't unknowingly deployed. Ecosystem integrations with Jira, Splunk, and Slack provide real-time alerts where developers need them. Open-source software is key to Bridgecrew's platform and its mission to advance the codified cloud security movement.


Their engineering team supports community-led projects and develop their own tools: Checkov, a static analysis tool for infrastructure-as-code. AirIAM, a least-privilege automation framework for AWS IAM. TerraGoat, a "vulnerable-by-design" Terraform security training tool To empower developers to take a hands-on role in securing their public cloud infrastructure, Bridgecrew's free Community plan now includes both scanning and remediations.


Bridgecrew also provides fixes at the infrastructure-as-code level—developers can open pull requests through version control system integrations with GitHub and Bitbucket or run code in their local environments.


Bridgecrew is the codified cloud security platform trusted by teams from Brex, DataBricks, OneMain Financial, and more. Founded in 2019 by industry leaders Idan Tendler, Barak Schoster Goihman, and Guy Eisenkot, Bridgecrew is based in San Francisco and is backed by top-tier VCs, including Battery Ventures, NFX, and Sorensen Ventures. and is backed by top-tier VCs, including Battery Ventures, NFX, and Sorensen Ventures. Bridgecrew’s developer-first solution allows DevOps and engineering teams to save critical time and money as they address these ongoing security tasks with just the click of a button.


Traditional cloud security tools merely detect gaps in infrastructure security, pushing open issues and violations to DevOps and engineering teams to resolve. This requirement of manual remediation means issues take days or weeks to resolve, leaving a company’s infrastructure vulnerable. It’s also become the main deterrent for companies implementing cloud security and migrating to the cloud. The automated technology is also well-suited for the age of COVID-19 and today’s volatile market environment in which many organizations are trying to automate security and DevOps processes to cut costs and become significantly more efficient.


Read more: CARTESI CREATES LINUX INFRASTRUCTURE FOR BLOCKCHAIN DAPPS

Spotlight

This course covers the knowledge and skills needed to provide an enterprise solution that supports manual and automated server installations in a physical and virtual environment including the supporting file and storage services.

Spotlight

This course covers the knowledge and skills needed to provide an enterprise solution that supports manual and automated server installations in a physical and virtual environment including the supporting file and storage services.

Related News

HYPER-CONVERGED INFRASTRUCTURE, APPLICATION INFRASTRUCTURE, IT SYSTEMS MANAGEMENT

Scala Data Centers launches the largest vertical data center in Latin America

Scala Data Centers | September 02, 2022

Scala Data Centers, the leading Latin American platform of sustainable data centers in the hyperscale market, launches the largest vertical data center in Latin America, SGRUTB04, with a total capacity of 18MW. Located in the Tamboré Campus, the company's complex in Greater São Paulo, Brazil, SGRUTB04 goes into service dedicated to a single hyperscale client, with a commitment to full capacity for more than a decade. With almost 140,000 sqf of total built area, this new Scala data center is 56 meters high, has seven floors, with four dedicated to data halls, which add up to more than 1,500 racks. Developed according to the Leadership in Energy and Environmental Design (LEED) certification, which is focused on sustainable constructions, the single-tenant data center has a modern refrigeration system with indirect free cooling (technology to optimize energy use at low temperatures), a redundant UPS system and very high energy efficiency with PUE (Power Usage Effectiveness) around 1,35, one of the lowest rates in the region. SGRUTB04 is also equipped with meet-me rooms, dock, storage area, and an office fully dedicated to the customer. "Latin America's largest vertical data center, SGRUTB04, is an excellent example of Scala's multi-build approach. With this, we introduce the concept of built-in reserved capacity, bringing unprecedented scalability to the Latin American sector. This approach allows our clients to grow their business in a sustainable way and in record time for decades." Marcos Peigo, CEO of Scala The executive also states that SGRUTB04 materializes Scala's successful commercial strategy, in which the client employed the reserved capacity, doubling the contracted capacity even before the initially planned production start date. "Unlike the market in general, Scala does not just deliver contractual commitments; we actually invest in our clients, positioning ourselves as true partners," he details. To build SGRUTB04, Scala applied a proprietary methodology called One Scala Template, specially designed by Scala's Center of Excellence in Engineering (CoE) to meet the demands of the hyperscale market. An unprecedented initiative in the segment in Latin America, the CoE consists of a specialists' team responsible for the entire chain of design, project, construction, and commissioning of new data centers. By verticalizing all stages, delivery time is reduced, ensuring standardization that leads to gains in scale, and allowing unique levels of customization and unparalleled dedication to projects. Formed by more than 150 professionals, including architects, engineers, and specialists in construction, design, and commissioning, Scala's CoE also develops new technologies to bring more efficiency to the construction and operation of data centers. With the SGRUTB04 delivery, Scala now has five data centers in operation, three of which are in Tamboré Campus, one in São Paulo downtown and another in Campinas, Greater São Paulo. In addition to these data centers, the company continues its accelerated expansion plan, with new projects in course, such as the SGRUTB05, which will have a capacity of 10MW and is scheduled to start operations in early 2023, and the SGRUTB06, with 28MW of capacity for the beginning of 2024. The projects above ensure that Scala's Tamboré Campus has 90MW of hired capacity and 170MW of capacity contractually reserved for hyperscale clients, becoming the largest data center complex in Latin America and one of the largest worldwide already in its first phase of development. Also in Brazil, the company develops projects in Rio de Janeiro, Porto Alegre, Jundiaí, Campinas, and Fortaleza - all anchored by hyperscale clients. In the rest of the region, Scala conducts advanced processes for constructing data centers in Chile, Mexico, Colombia, and Peru. About Scala Data Centers Scala Data Centers is the leading Latin American platform of sustainable data centers in the hyperscale market. Headquartered in Brazil and founded by DigitalBridge, it was developed to meet and exceed the growing demand for digital access in Latin America. Scala has a highly qualified team of over 500 professionals and applies a flexible and innovative approach to providing exceptional quality colocation services to hyperscale clients, cloud-based software and service providers, and large enterprises. We customize state-of-the-art solutions for each client in the construction of the latest generation data centers, with high availability, energy efficiency and superior density. All this combined with best sustainability practices guided by our ESG (Environmental, Social, Governance) program.

Read More

HYPER-CONVERGED INFRASTRUCTURE, APPLICATION INFRASTRUCTURE

Code42 Incydr Supports Leading Desktop-as-a-Service Offerings and Virtual Desktop Infrastructure Solutions

Code42 | September 16, 2022

Code42 Software, Inc., the Insider Risk Management (IRM) leader, today announced its Incydr product fully supports all major Desktop-as-a-Service (DaaS) and Virtual Desktop Infrastructure (VDI) environments. The Code42® Incydr™ product detects when valuable and sensitive files are moved to untrusted locations, including personal email and cloud accounts, and removable media – and allows security teams to quickly respond in order to stop data leaks and theft. According to a recent survey of IT professionals published by Citrix, nearly 70% of organizations are planning to implement VDIs to accommodate hybrid or remote work strategies, with just under 60% accelerating the adoption of cloud tools. Though DaaS and VDI solutions help security teams better protect against vulnerabilities, malicious actors and other external threats, they do little to reduce the risk from insiders, as virtual environments inherently depend on cloud tools. “We’ve seen a notable uptick in the number of teams that have deployed DaaS and VDI solutions throughout their environments. Given the continued popularity of bring-your-own-device (BYOD) and remote work, coupled with an unstable hardware supply chain, we absolutely expect this trend to continue,” said Rob Juncker, CTO of Code42. “In virtual-first organizations where there is pervasive use of cloud collaboration tools, such as Git, Salesforce, GDrive, OneDrive and iCloud, Incydr wraps a layer of protection around data put at risk by insiders, complementing solutions that focus on external threats and malicious actors.” Learn more about Code42’s Insider Risk Management Offering Code42 Incydr: The Industry’s Leading Data Security Product for Exfiltration Detection and Response Incydr is an Insider Risk Management solution that provides the visibility, context and controls needed to stop data leak and IP theft. Organizations utilize Incydr to detect and respond to data exposure and exfiltration from corporate computer, cloud and email systems. It deploys in hours so security teams can address material risk to the business in a matter of days and drive the secure work habits needed to decrease how often employees put data at risk in the future. Code42 Instructor: Education-Led Insider Risk Response The Code42 Instructor™ micro-learning solution improves Insider Risk awareness by focusing on the creation of holistic, security-oriented cultures. The solution delivers actionable, hyper-targeted and bite-sized video lessons to end-users when they’re needed most, helping to change security behavior for the long term. The Instructor solution helps organizations rapidly mature their Insider Risk Management programs by incorporating data-driven Insider Risk behavioral guidance for end-users. Combining the Power of Incydr and Instructor Instructor works in tandem with Incydr, allowing security, compliance and education teams to immediately send corrective video lessons triggered by employee actions that create risk for the business. For example, when Incydr flags file movement to an untrusted location, like an unauthorized cloud application, an Instructor video specifically explaining the correct activity is sent to educate the employee in real-time through the Incydr solution. Code42 Services: Measure, Manage, Mitigate IRM technology is simpler and faster to deploy than other technologies, such as DLP and CASB, but it does require a strategy and mindset shift. Insider Risk Management isn’t only about data – it’s about a company’s employees and culture. Code42 IRM Services are designed to help organizations establish an efficient and effective IRM program rooted in transparency, training and technology. Code42’s services take a collaborative approach to helping organizations develop, operationalize, and mature an end-to-end IRM program. Additional Resources Visit our Incydr and Instructor solution pages to learn more about our offerings. Join the conversation with Code42 on our blog, LinkedIn, Twitter and YouTube. Read our book, Inside Jobs: Why Insider Risk is the Biggest Cyber Threat you can’t Ignore. Learn more about insider risk at the Insider Risk Summit™ event, taking place Sept 27-29, 2022. Register now for the free virtual community event. About Code42 Code42 is the leader in Insider Risk Management (IRM), offering end-to-end data loss detection and response solutions. The Code42 Incydr product is native to the cloud and rapidly detects data exposure, loss, leak and theft as well as speeds incident response – all without lengthy deployments, complex policy management or blocking employee productivity. Accelerating the effectiveness of Insider Risk programs are the Code42 Instructor microlearning solution, and Code42’s full suite of expert services.

Read More

HYPER-CONVERGED INFRASTRUCTURE, APPLICATION INFRASTRUCTURE

Zesty Lands $75 Million Series B to Lead the Evolution to Dynamic Cloud Infrastructure

Zesty | September 14, 2022

Zesty, a pioneer in dynamic cloud infrastructure solutions, today announced a $75 million Series B funding round led by B Capital and Series A investor Sapphire Ventures. Previous investors Next47 and S-Capital also participated in the round. Zesty has raised $116 million in total since its founding in 2019. Zesty's customer base has grown by 127% from 2021 to 2022 and the company has tripled its revenue since its Series A last year. The static nature of cloud infrastructure today encumbers DevOps with the burdensome task of managing cloud resources in a constantly shifting business environment. DevOps teams burn countless hours trying to make predictions and manual adjustments to ensure their infrastructure efficiently meets application demand. Budgets are further strained as cloud infrastructure spend is expected to hit over $90 billion in 2022 – 22% more than in 2021. Zesty's solutions spearhead the evolutionary transition to dynamic cloud infrastructure by automatically adapting compute and storage to meet real-time business needs. As a result, businesses can finally fulfill the promise of the cloud by gaining the flexibility they need to scale up or down. This allows DevOps teams to significantly reduce cloud costs, maintain optimal app performance, and alleviate the stress of managing static infrastructure. Zesty's solutions require zero human input – so engineers no longer waste time monitoring, measuring, predicting, and adjusting resource allocations, and can instead focus on developing new products and features. "The cloud has become the foundation for critical functions for countless companies, but more often than not, DevOps teams are stuck with static infrastructure, like discount program commitments or allocated storage volumes that waste time and money. "This situation is no longer tenable in today's volatile economic environment, or any environment for that matter. DevOps teams shouldn't be wasting their time babysitting the cloud. That's why we're excited to help companies save significant resources, both financial and human. This investment will help us grow our team and further develop our products to meet the exploding demand for greater cloud flexibility." Maxim Melamedov, CEO and co-founder of Zesty Zesty's suite of products are designed with DevOps teams in mind, providing the first automated solutions for resource optimization tasks that are traditionally manual and labor intensive. Their customer base includes hundreds of international companies – including Heap, Gong, Yotpo, Monday, and Wiz. "Despite its enormous value and scalability, the cloud still lacks flexibility and that's holding DevOps back," said Rashmi Gopinath, General Partner at B Capital. "Teams are forced to make impossible predictions regarding future infrastructure needs, which leads to wasted money and is a huge drag on DevOps productivity. Dynamic cloud infrastructure is the game-changer so many businesses have been waiting for, and we're excited to be part of this cloud revolution." "Cloud computing continues to hold huge potential and promise for companies of all sizes and at all stages of the cloud adoption journey," said Casber Wang, Partner at Sapphire Ventures and Zesty board member. "But that promise comes at a high associated cost: management intricacy, cloud waste, margin erosion, imprecise budgeting, and much more. Cloud needs have always been dynamic, and with Zesty's differentiated optimization platform, companies can now see the ROI and stop making such a trade-off, programmatically." About Zesty Zesty helps organizations adapt to changing business needs by making their cloud infrastructure more dynamic. With offerings for compute, block storage, and Kubernetes, Zesty automatically scales resources to meet application demands in real-time. This helps DevOps teams to slash cloud costs, maintain perfect app performance, minimize the hassle of managing infra and fully realize the true flexibility of the cloud.

Read More