Mission: Secure Infrastructure by providing end-to-end agentless visibility and compliance across any cloud.
Problem: Cloud has transformed the way infrastructure and applications get built with end-to-end automation. While this has resulted in greater business agility, security teams have been left with limited visibility of their cloud environments. That coupled with smarter attacks results in blind spots and eventually breaches. Yesterday’s approach and tools are not adequate to secure today’s dynamic and multi-cloud infrastructure environments.
“As a former CISO at global organizations such as LinkedIn, Atlassian, and Yahoo, I witnessed first-hand three challenges on a daily basis,” says Ganesh Krishnan, co-founder and CTO of Avid Secure. The first, according to Krishnan, was inadequate visibility of the cloud environment that evolved by the minute, let alone hours or days. Visibility sounds simplistic but getting it consistently across the board, all the way from the security posture of servers to users accessing the cloud using an access key, is a hard problem. Visibility is not only essential for security (you can’t secure what you can’t see) but also crucial in instilling confidence that your infrastructure is being secured at the same rate it is evolving. Attackers are using AI and automation to make attacks smarter, so deep and consistent visibility is key.
The second challenge is that cloud compliance is a chore and is obsolete the moment an audit is complete due to the rapid pace of infrastructure changes. To make things worse, compliance is still being done on spreadsheets while infrastructure and code changes are continuous and automated. Once-a-year or quarterly static compliance processes are no longer suitable for today’s dynamic cloud environments and agile software development processes.
Lastly, cloud security lacks end-to-end automation. Cloud is driving significant infrastructure transformation with organizations using multi-cloud, containers, and serverless computing. That coupled with software development transformation including microservices and CI/CD processes means developers control the end-to-end environment and a single error can expose your entire infrastructure. Therefore, security teams need to have end-to-end automation built into development processes so issues can be detected early in the development cycle all the way from when the infrastructure is getting coded to when it’s deployed and running.
The above challenges magnify themselves as qualified cybersecurity professionals are hard to come by. Organizations, including multibillion-dollar public companies, operate with a handful of resources who work in security. With enterprises struggling to keep their head above water, any solution in this space that tries to solve the visibility, compliance, and “bridging the gap between DevOps and security operations” problem has to make life easier for the security teams, in not just identifying but addressing the issues at hand.
Solution: Avid Secure. This San Francisco, CA-based company was founded by industry veterans, Nikhil Gupta, Ganesh Krishnan, Praneet Khare, and Deepak Yadav, who have held leadership roles at some of the biggest technology companies, including VMware, Cisco, ForeScout, McAfee, Intel Security, LinkedIn, Atlassian, and Yahoo. “When we set out, one of the first questions we asked ourselves was ‘How do we go about transforming cloud security in a process-efficient way for the security professionals who are still adjusting to the new cloud era?’” explains Nikhil Gupta, co-founder and CEO of Avid Secure. The answer that sprung out was an easy-to-use platform that leverages technologies such as AI and machine learning to process billions of events to make cloud infrastructure more secure and in the process, simplifies collaboration between SecOps, DevOps, and compliance teams. “Avid Secure is the only platform that provides end-to-end security from the development to the production environments and fosters collaboration between DevOps and the security teams,” adds Krishnan.
With a three-pronged approach, Avid Secure tackles the security problem end to end. Starting with AI-based security analytics and monitoring, it simplifies the life of the security operations and engineering teams. The platform provides real-time intelligent visibility from static resources such as security group usage, all the way to dynamic access information of the AWS key usage pattern. The second pillar of the solution is cloud compliance automation which leverages security analytics information. The solution empowers compliance teams to reduce their cost by up to 40 percent. Last but not the least, the DevSecOps solution proactively prevents the incorrect configuration that can lead to security catastrophes. “Given that a company’s infrastructure is subject to constant change, we have built our platform keeping people, process, and technology in mind,” says Gupta.
Avid Secure’s AI-powered cloud security and compliance platform provides us with real-time cloud workload protection right at our fingertips,” Aaron Peck, CISO at Shutterfly
In an effort to complement their all-round protection strategy, the company provides its compliance collaboration function where compliance is integrated into various customer processes like their ticketing system, Slack, ServiceNow, JIRA, or other CRM tools. “The integration feature enables compliance so that it becomes a part of their process, making their life a lot easier,” adds Gupta.
True End-to-End Security
To truly transform security, a holistic end-to-end approach is essential, which entails leveraging security monitoring to make compliance more automated, so issues can be found proactively at the development stage as well as in the production environment in case of potential hacks or for development issues that sneak through. For instance, if the production environment that Company ABC uses is built as code—IaC— using Terraform, Avid Secure continuously scans the Terraform templates that ABC is building the infrastructure with, in the development environment in addition to monitoring the production environment, making the whole process proactive and end-to-end.
The company leverages AI-based security analytics and monitoring to ensure that adherence to compliance mandates like PCI and GDPR is continuous and customizable. “In many cases, we’ve had customers who want to apply customized compliance policies to certain systems,” explains Krishnan.
This is where the Avid Secure team works hand in hand with the client to customize and personalize their solution in minutes.
Taking automation to the next level, Avid Secure has built its solution in such a way that even the onboarding and deployment is automated. It takes less than five minutes for the deployment, and customizations such as adding or removing integration with third-party tools can be done by customers at the click of a button.
" Our goal is to transform the multi-cloud security in a process-efficient way, by leveraging AI and machine learning "
Along with Gupta and Krishnan, Praneet Khare, VP of Engineering and Deepak Yadav, Chief Architect, constantly drive and contribute to the company’s unique value proposition in the cloud security industry. Within a short span of time, the company has become the solution of choice for customers like Shutterfly Inc. and IDT Corporation among several others.
In Times of Increasing Public Cloud Adoption
When Shutterfly, the large digital-media company was trying to move 70 petabytes of data to the public cloud, they had to overcome issues of inadequate visibility and security across their multi-cloud environment. “Agility was a key use case for public cloud adoption,” says Shutterfly’s Aaron Peck, VP and CISO. Shutterfly zoomed in on Avid Secure owing to its comprehensive one-stop solution for their needs. It took only five minutes to deploy the Avid Secure platform and analyze the cloud configuration data along with the logs, to provide a comprehensive assessment of the entire public cloud environment. “Avid Secure’s AI-powered cloud security and compliance platform provides us with real-time cloud workload protection right at our fingertips. This is critical for our migration of several petabytes of data and many of our services to AWS and Azure,” adds Peck.
For businesses that undergo an M&A venture with another company that operates a different public cloud environment, it becomes a practical challenge to secure the infrastructure and set up the venue for the new conglomerate. Avid Secure can help in such cases, where their security team assists in 80 percent of the simplification and automation of their security tasks, and the 20 percent can be taken care of by the in-house security teams of the client.
In close tandem with AWS, the company monitors the newest features and functionalities that AWS releases, and provides all the support and updates for its customers. An advanced technology partner of AWS, Avid Secure makes continuous investments in enhancing their platform and also innovating new solutions down the path. To keep pace with the innovations made in the software development industry—where earlier, only one release would be rolled out in a year, and now, there are two releases in just one week—the company is working toward making security all-inclusive and real time. “Our goal is to transform the multi-cloud security in a process-efficient way, by leveraging AI and machine learning,” says Gupta. Driven by customer needs, the organization is focused on investing more in R&D and rolling out more sophisticated solutions in time. “The next-gen of security companies will be built around process efficiencies and making life easier for security teams. That is exactly what we are delivering now and are planning to institutionalize across the business world,” states Krishnan.