CloudHealth Secure State 2021 What's New | 18 NOV 2021

Check for additions and updates to these release notes.

Interconnected Kubernetes Security Posture Management

December 16, 2021

Today, CloudHealth is announcing General Availability of CloudHealth Secure State’s Interconnected Kubernetes Security Posture Management (KSPM) for cloud managed services. This enables you to gain visibility of Kubernetes resources running in the cluster and understand how it’s connected to your public cloud resources. Secure State provides continuous, real-time security monitoring based on CIS benchmark controls from AWS EKS v1.0.1, Azure AKS v1.0.0, and GCP GKE v1.1.0 along with rules developed by our research team that span cloud and Kubernetes. In total, there are 200 Secure State native rules for Kubernetes across the three public cloud environments.

It’s easy to get started. Once you have attached your cloud accounts to Secure State, we will auto discover Kubernetes clusters running on public cloud managed services. Attaching the cluster is as simple as running a kubectl command in your cluster. To get started please review the documentation here.

We will begin counting Kubernetes nodes as a billable resource beginning January 1, 2022. We will also soon start supporting self-managed Kubernetes deployed in one of the supported clouds or in your own data center. If you’re interested in learning more, please contact your Customer Success Team.

Alerts and Integrations - General Availability

December 16, 2021

CloudHealth Secure State Alerts and Integrations service is now generally available. The Alerts and Integrations service builds on previous experience with features that enable customers to centralize security findings from third-party sources on CloudHealth Secure State or integrate CloudHealth Secure State into their existing collaboration and communication tools.

With the general availability, we have released the following additional enhancements:

  • You can now receive email alerts in real-time or summary. Summarize them by resource or by rules and schedule delivery at hourly or daily intervals.
  • API documentation is now available, review the Alerts and Integrations API documents respectively.

You can learn more about the Alerts and Integrations service in our documentation.

Webhook Integration - Public Beta

December 16, 2021

We’re pleased to announce the public beta of Webhook integration. You can now configure Webhook integration under CloudHealth Secure State Integrations. A Webhook is a simple HTTP call back that sends a POST request to another service or application when triggered by an event. This opens a plethora of services to integrate with for messaging, ticketing, or SIEM. You can now receive real-time alerts for findings in CloudHealth Secure State in your existing collaboration and communication tools, automatically without having to query CloudHealth Secure State APIs.

Additional features in the webhook integration include:

  • Ability to send a request to any URL or application.
  • Ability to customize request headers to include with your request, so you can now add authorization or content headers.
  • Customize the payload by creating a customer JSON, HTML, XML template and dynamically populate values from findings in your alert using input variables.
  • Or, choose from a list of pre-defined templates from the dropdown. We provide a template from Microsoft Teams.

Please refer to our documentation for further instruction on configuring Webhook and the allowed list of input variables.

Azure Government Subscription Support

December 09, 2021

We are excited to extend our real-time visibility and detection capabilities to Azure Government environment. You can now onboard an Azure Government subscription to Secure State. You can do this by setting your "Account Type" as "Government" when onboarding your subscription.

Remediation for Azure Government subscriptions are currently not available. If you are interested in remediation, please reach out to your Technical Account Manager.

You can follow our Azure onboarding documentation for specific instructions and visual examples of the process.

Jira Cloud Integration - Public Beta

November 18, 2021

We are excited to announce ticketing integration using Jira Cloud Integration in Public Beta. You can now configure and automate your ticketing system and integrate it with your existing workflow. Based on set criteria in alerts, Secure State can trigger and forward findings to Jira as an issue.

You can connect Secure State with your Jira Cloud by going to the integrations page and selecting Add New from the integration card. Follow the setup documentationto complete your integration.

Finally, create an alert with a specific set of criteria to forward findings to Jira Cloud integration. For additional setup instructions, review the alert user guide.

All New Findings Detail Page

November 18, 2021

The findings detail page is intended to be the place to learn about a specific finding, combining details from the triggering rule, resource configuration, and additional context to help determine root cause on the finding and act on it. We recently redesigned this page to make more information accessible so you can share and fix findings faster. Here are some notable improvements:

  • Finding age: Previously, we only showed the First Observed date for a finding, but now we’re also presenting the age of the finding for ease of use.
  • Available actions: We more clearly show what action can be taken on a finding such as suppression, remediation, and sharing.
  • Account owner details: If you’ve populated the account owner and account owner email, it’s shown in the Account details tab. This helps the security team more easily identify the person that can resolve the finding.
  • Rules details in the finding: Previously, you needed to open a KB link to see details about a rule. Now the rule description and suggested actions are now a part of the finding page for quick reference.

While you get familiar with the new findings detail page, we have temporarily retained the legacy findings page view. It’s accessible by toggling the View Old Finding Details Page switch. Work with your Technical Account Managers to let us know what you think of the new redesign. As always, we appreciate and look forward to your feedback.

Resource Models - General Availability

November 4, 2021

We’re excited to announce that CloudHealth Secure State Resource Models are now generally available. This feature enables you to quickly understand the following:

  • Which services and resource types do we support?
  • What are the possible properties and relationships of each resource type?
  • How many resources of each type do you have in your cloud inventory?

To make your inventory searches even easier, you can now create SSQL queries from the Resource Models by clicking on a property and adding it as a filter. This query building capability covers all the major search use-cases for filtering and aggregating resources as well as finding resources by relationships.

Read more about Resource Models here.

Inventory Views - Public Beta

October 28, 2021

We’re excited to announce the public beta of CloudHealth Secure State Inventory Views. Inventory Views enable you to better understand your cloud inventory by browsing resources based on cloud provider, service, and resource type. You can view the inventory for your entire organization or apply a filtered view based on tag, environment, region, or cloud account.

For each resource type, you can easily see how resources are distributed based on creation date, region, or cloud account. This is the first release in a series of updates to improve the visibility of your cloud inventory and its security posture.

Alerts and Integrations - Public Beta

October 7, 2021

We are excited to announce public beta for our next generation of Alerts and Integrations. As part of the public beta, we will automatically migrate all your Integrations and Alerts to the next generation of Integrations and Alerts framework today, October 7th. Legacy Alerts and Integrations will be disabled and removed from UI, and any new configuration or edits should be done under Alerts or Integrations 2.0. You can read more about creating Integrations and setting up alerts.

To review what’s new in Alerts and Integration, please review the beta release document. If you need support or would like to share feedback with the product team, please reach out to our support team or join the CloudHealth Secure State Slack channel.

Interconnected Kubernetes Posture Management – Public Beta

October 07, 20201

Kubernetes is the basis of many new modern applications and in many cases these workloads are running in the cloud on top of cloud managed services like Amazon EKS, Azure Kubernetes Service, and Google Kubernetes Service. Users are taking advantage of simpler Kubernetes management and are able to leverage more public cloud managed services.

We’re excited to announce the public beta of Interconnected Kubernetes Posture Management. CloudHealth Secure State has been supporting users by securing the managed Kubernetes configuration for over a year. With our new Kubernetes support, we’re introducing visibility into the Kubernetes cluster and connecting it back to the cloud managed service and other cloud services such as security groups, identity access management, and numerous managed services in the cloud. This visibility is critical to understand how misconfigurations may affect your vast resources deployed in the cluster and in the cloud.

Getting started with Secure State’s Interconnected KSPM is easy and powerful. Once you’ve connected your cloud account, Secure State will auto discover your cloud managed Kubernetes clusters. Attaching the cluster is as simple as running a kubectl command in your cluster. We immediately kick-off real-time continuous security monitoring based on AWS EKS v1.0.1, Azure AKS v1.0.0, and GCP GKE v1.1.0 CIS benchmarks. Additionally, we have introduced unique security rules that span the cloud environment and the Kubernetes cluster. In total, we have authored over 180 rules in the beta. Moreover, use Explore to visualize the resources in your Kubernetes clusters and how they’re connected to cloud services. Learn more about attaching your cluster through the web console or through APIs here. To learn more about what’s currently in beta please review our user documentation.

New Suppressions - General Availability

September 23, 2021

Suppressions allows account owners to identify and request exceptions to rules. Approved Suppression excludes findings from views and reports, while giving users the ability to track to the exceptions. Last June, we introduced a major improvement to Suppressions as a private beta. We believe these improvements will help security teams better collaborate with account owners and engineering teams. Here are some of the new capabilities introduced:

  • Bulk suppression requests and bulk disposition of suppressions.
  • Suppression policies that enable automatic suppression for findings based on criteria like accounts, rules, regions, environments, and cloud tags.
  • Expanded workflows for suppressions. You can now:
    • Re-submit denied suppressions.
    • Extend a suppression.
    • Update an active suppression.
  • Create a custom reason template for all suppressions in your organization to better communicate business requirements.
  • All actions are now supported through public Findings APIs.

Learn more about the next generation of Suppressions functionality.

Deprecation of "action-criteria" API from Remediation

August 31, 2021

We plan to deprecate the "action-criteria" API calls under the remediation service API listed below by Sept 30th 2021. This affects the following endpoints:

action-criteria 
GET​/actions​/{actionId}​/criteria 
POST​/actions​/{actionId}​/criteria 
GET​/actions​/{actionId}​/criteria​/{criterionId} 
PUT​/actions​/{actionId}​/criteria​/{criterionId} 
DELETE​/actions​/{actionId}​/criteria​/{criterionId}

Going forward, the "actions" API call supports nested value for criteria as input. As an example, you can see the criteria nested in this "create actions" API request:

POST​/actions  
{   
"autoRemediate": true, 
"createdAt": 0, 
"criteria": [ 
{ "actionId": "string", 
"createdAt": 0, 
"id": "string", 
"key": "string", 
"operator": "string", 
"orgId": "string", 
"type": "string", 
"updatedAt": 0, 
"values": [ 
"string" 
] 
} 
]..

Bulk Operations in Rule Management

August 30, 2021

The rule management page just received some important improvements related to bulk management of rules. You can quickly disable or enable multiple rules if you consider them not relevant to your organization's security policy, so that no findings will be recorded for them.

New Explore Search now available

The next generation of Explore Search functionality has reached General Availability. It enables additional scenarios like tag management, orphaned objects discovery, and certificate expiration monitoring.

The new Explore Search introduces a few new search types in addition to the already familiar relationship search. These are:

  • List search - Find a list of unrelated resources that match certain criteria.
  • Text search - Find resources that contain a keyword in any of their properties or tags.
  • Aggregation search - Find the count of results based on specific property or tag.
  • Inverted relationship search - Find resources that don't have a relationship to other resources.

Each of these query types has extended capabilities to find the relevant results:

  • Tag-based search to find resources that have or don't have certain tags.
  • Date and time search that allows comparison between dates and uses functions like daysAgo() and weeksAgo() to return results based on simple time measurements.
  • Special functions to check for the existence of a specific property or value.
  • Wildcard search to match resources that follow a specific pattern.

We are also introducing multi-account search for non-relationship search types and a handy first-time experience guide with sample queries. You can find all this information and more in the new Explore Search documentation.

Saved Searches in Explore

August 26, 2021

The ability to save search queries in Explore Search is now available. This feature lets you easily run searches you have saved previously or searches other users have created and shared with you.

Saved searches can be created either in the scope of the organization or in the personal scope. Keep in mind that searches in the organization scope can be executed by other users and modified by your admins.

New Alerts and Integration Beta

August 26, 2021

We are excited to announce the private beta for a new Alerts and Integration service on Secure State. This upgraded Alerts and Integration service builds on the previous experience with features that enable customers to centralize security findings from third-party sources on Secure State, or integrate Secure State into their existing collaboration and communication tools.

Below are some of the new integration features:

  • New and improved user interface that makes it easy to add available integrations and view existing ones.
  • Available integrations now include native cloud security tools such as Amazon Guard Duty and Azure Security Center to aggregate findings into Secure State and provide additional context on risk score for your cloud resources.
  • New, more convenient user workflow for creating integrations with messaging services like email, Slack, Splunk and Amazon SQS.
  • You can now enable or disable a configured integration at your convenience, ending any associated alerts.
  • Configure organization or project-specific integrations.

Below are some of the new alerts features:

  • Better-streamlined user experience that allows you to view and gather operation details at a high level.
  • Ability to configure custom messages in an alert. You can use these to tag or create workflow in your messaging platform.
  • Ability to create alerts at an organization level, project level, or account level. You can now customize alerts based on different projects and integrate with project workflow.
  • Ability to enable or disable specific alerts. You can now temporarily disable specific alerts if you know an infrastructure change is about to happen and you want to reduce noise in your channel.

If you are interested in participating in private beta, please fill out the enrollment form. You can read more about creating integrations here, and creating and setting up alerts here.

Splunk App update available

August 13, 2021

A new version of CloudHealth Secure State Splunk App is now available. As of January 2020, the Splunk platform has deprecated python version 2.x. In this new update, Secure State Splunk App has a Python 3.x compatible script.

Requirements for the app:

You can download the new app on the Splunkbase.

For more info on setting up deploying and installing CloudHealth Secure State Splunk App, refer to the documentation.

New Remediation Jobs for AWS now available

August 12, 2021

We have extended our remediation capabilities in AWS by adding 19 additional jobs. Newly added remediation jobs now cover the below rules for AWS.

New AWS Remediation Jobs

  • Configure the EBS volume snapshot as private (ebs_private_snapshot) RuleId - 2cdb8877-7ac3-4483-9ed0-1e792171d125
  • Enable automatic minor version upgrade for RDS DBInstance (rds_enable_version_update) RuleId - 5c8c264a7a550e1fb6560c4c
  • Disable public access to RDS DBInstances (rds_remove_public_endpoint) RuleId - 5c8c26467a550e1fb6560c48
  • Encrypt Kinesis data stream (kinesis_encrypt_stream) RuleId - ce603728-d631-4bae-8657-c22da6e5944e
  • Set minimum password length for an AWS account (aws_iam_password_policy_min_length) RuleId - 5c8c260b7a550e1fb6560bf4
  • Set Password Reuse Prevention Policy for an AWS Account (aws_iam_password_reuse_prevention) RuleId - 5c8c26107a550e1fb6560bfc
  • Delete Expired IAM Server Certificate (aws_iam_server_certificate_expired) RuleId - 7fe4eb28-3b82-11eb-adc1-0242ac120002
  • Configure default Security Group to restrict all access (aws_ec2_default_security_group_traffic) RuleId - 5c8c25f37a550e1fb6560bca
  • Close Port 1433 for all Security Groups associated with an EC2 Instance (ec2_close_port_1433) RuleId - 5c8c26417a550e1fb6560c3d
  • Close Port 1521 for all Security Groups associated with an EC2 Instance (ec2_close_port_1521) RuleId - 5c8c26417a550e1fb6560c3e
  • Close Port 20 for all Security Groups associated with an EC2 Instance (ec2_close_port_20) RuleId - 5c8c263d7a550e1fb6560c39
  • Close Port 21 for all Security Groups associated with an EC2 Instance (ec2_close_port_21) RuleId - 5c8c263d7a550e1fb6560c3a
  • Close Port 23 for all Security Groups associated with an EC2 Instance (ec2_close_port_23) RuleId - 5c8c263e7a550e1fb6560c3b
  • Close Port 27017 for all Security Groups associated with an EC2 Instance (ec2_close_port_27017) RuleId - 5c8c26427a550e1fb6560c40
  • Close Port 3306 for all Security Groups associated with an EC2 Instance (ec2_close_port_3306) RuleId - 5c8c26427a550e1fb6560c41
  • Close Port 5439 for all Security Groups associated with an EC2 Instance (ec2_close_port_5439) RuleId - 5c8c26447a550e1fb6560c44
  • Close Port 5601 for all Security Groups associated with an EC2 Instance (ec2_close_port_5601) RuleId - 4823ede0-7bed-4af0-a182-81c2ada80203
  • Close Port 8080 for all Security Groups associated with an EC2 Instance (ec2_close_port_8080) RuleId - 5c8c26407a550e1fb6560c3c
  • Close Port 9200, 9300 for all Security Groups associated with an EC2 Instance (ec2_close_port_9200_9300) RulesId - 04700175-adbe-49e1-bc7a-bc9605597ce2

The new jobs are publicly available as of August 6th, 2021. To update your remediation worker with the latest remediation jobs available, please re-deploy your worker node with the latest docker image.

For more info on setting up the remediation worker, please refer to the documentation here.

Improved Amazon GuardDuty Findings Support and New Azure Security Center Alerts

July 15, 2021

We’re excited to announce improvements and expansions to Secure State’s support for third-party findings. By incorporating third-party findings, security and project teams can review and correlate threats with native Secure State findings from one source. Previously, Secure State accomplished this by ingesting findings from a service like Amazon GuardDuty and mapping them to rules created in Secure State. While effective, this approach required resources to create new rules whenever GuardDuty had an update and had an implementation delay.

As of today, Amazon GuardDuty is an inbound integration with Secure State, which allows all findings to be ingested and displayed immediately. This means you no longer need to wait to see findings when the cloud provider updates finding types.

This new, streamlined approach to third-party findings also makes it easier to add new sources. Case in point, we are announcing support for Azure Security Center (ASC) alerts. Those using ASC services like Azure Defender will be able to review their findings in Secure State. You'll be able to see how ASC threats impact the risk score of resources in use and build a more comprehensive risk portfolio.

To ensure a smooth migration to this new approach for third-party findings, the GuardDuty integration is automatically enabled for currently onboarded cloud accounts. You can review the status of your individual cloud accounts at Secure State Integrations.

Explore 2.0 Public Beta

June 25, 2021

The next generation of Explore functionality is now available as public beta. It introduces a few new search types in addition to the already familiar relationship search. These are:

  • List search - Find a list of unrelated resources that match certain criteria.
  • Text search - Find resources that contain a keyword in any of their properties or tags.
  • Aggregation search - Find the count of results based on specific property or tag.
  • Inverted relationship search - Find resources that don't have a relationship to other resources.

Each of these query types has extended capabilities to find the relevant results:

  • Tag-based search to find resources that have or don't have certain tags.
  • Date and time search that allows comparison between dates and uses functions like daysAgo() and weeksAgo() to return results based on simple time measurements.
  • Special functions to check for the existence of a specific property or value.

We are also introducing multi-account search for non-relationship search types and a handy first-time experience guide with sample queries.

The Explore 2.0 beta enables additional use cases like tag management, orphaned objects identification, and certificate expiration monitoring.

Switching between the beta functionality and the existing feature set is seamless, so don't hesitate to turn it on and explore the new stuff.

If you'd like to share your feedback directly with the product team, we'd be happy to see you in our beta slack channel, which you can join at https://bit.ly/join-chss-beta-slack.

Suppressions Improvements and Streamlined Experience – Private Beta

June 25, 2021

We’re excited to announce major improvements to Secure State’s suppressions feature. Suppressions let you manage exceptions to the findings that Secure State detects. For example, you may have a finding that will be remediated later, or isn’t applicable to a specific resource. Improvements in this release make it easier and faster to request and approve suppressions. The streamlined experience allows you to better track the status of a suppression and update active suppressions with changes to the criteria or expiration date. It also provides new criteria to create suppressions with, such as Cloud Tag, Region, and Environment.

These updates are currently in private beta, with more capabilities coming in the next few weeks, including public APIs. If you’re interested in switching to the new version now to provide your input, please request access to the beta.

Secure State Achieves SOC 2 Type 1 and ISO 27001 Certifications

CloudHealth Secure State has achieved SOC 2 Type 1 and ISO 27001, ISO 27107, and ISO 27108 certifications. External auditors have completed and certified that the Secure State platform and its operating procedures meet the controls specified by the above SOC and ISO standards. These standards are widely recognized by enterprises worldwide for their commitment to adhering to privacy and security requirements. For more information, please visit the VMware Trust Center.

CloudHealth Academy Access

All CloudHealth Secure State users can now access CloudHealth Academy - a library of training materials that includes introductory courses, on-demand videos, and live webinars.

CH Academy is available from the new Help menu in Secure State and does not require additional credentials. First-time users are guided through a brief registration process and existing CH Academy users can login directly.

Please visit the new Help menu to also discover valuable resources like product and API documentation, terms and privacy, and what's new for Secure State.

Secure State Achieves SOC 2 Type 1 Certification

As of April 15, 2021, the Secure State platform is SOC 2 Type 1 certified. This is only the beginning of our certification journey, but it is an important milestone that demonstrates our ongoing customer commitment to building more secure operations and meeting privacy standards. SOC 2 is established by the American Institute of CPAs and is widely recognized by US companies.

To learn more about SOC please visit the VMware Trust Center.

Explore 2.0 Beta

April 28, 2021

Explore 2.0 takes searching your cloud account for resource misconfigurations to the next level and enables more efficient incident investigation. The following new features are now available in private beta:

  • List view - Presents a list of resources in a tabular format.
  • Aggregation search - Counts the number of results based on a specific property.
  • Text search - Search for an exact keyword match in all properties and tags.
  • Results export - The results of the list and aggregation searches can be exported as CSV.
  • New SSQL grammar that enables property search, tag search, and traverse relationships between expressions.

For more details and examples, see the Explore 2.0 Overview.

To get these features enabled for your organization, please complete the Explore 2.0 Beta enrollment form.

New Framework for SOC Teams — MITRE ATT&CK Cloud v8 for Microsoft Azure

April 1, 2021

Secure State now supports MITRE ATT&CK Cloud Matrix Version 8 as a new compliance framework. This new framework helps security teams that follow and implement their program based on MITRE ATT&CK extend their operations to the cloud.

For this release, we defined the MITRE ATT&CK tactics and techniques that apply to Microsoft Azure and associated them with nearly 100 Azure rules in Secure State. You can review the framework in Secure State here. You can report on and filter on the new framework where the framework filter is available. This is also available on the Compliance Dashboard for high level monitoring. Learn more about MITRE ATT&CK.

Look out for support for AWS and Google Cloud coming very soon.

Cloud Account Service APIs for AWS, Azure and Google Cloud

March 11, 2021

Cloud Accounts Service APIs are now available for all three cloud providers supported by Secure State. The Cloud Account Service (CAS) APIs allow customers to manage cloud accounts and credentials, providing a consistent way to retrieve, update, onboard, and retire cloud accounts and credentials in Secure State for AWS, Azure and Google Cloud.

Several prominent features of the CAS APIs include:

  • Cloud account query endpoint, used to gather critical cloud account metadata including account name, status, associated credential, provider, assigned project, cloud tags, environment, and so son.
  • Cloud account update, create, and delete endpoints, used to ensure that all accounts in the public cloud are monitored and current in Secure State.
  • Cloud credential update, create, and delete, endpoints, used to add, modify, remove, and associate cloud accounts to the respective credentials used for resource collection.
  • Bulk update API, used to group multiple operations into a single request to perform a large volume of changes, especially in the case of bulk account onboarding.

For more information about other CAS API endpoints and common use cases, see the Cloud Accounts Service documentation.

Introducing Remediation APIs

March 11, 2021

Aligned with our API-first development approach, new Remediation APIs are now publicly available. These APIs can be used to run remediations, create new or update existing remediation actions, and even view the statuses of worker groups or remediation runs.

Auto-remediation, previously available only through the UI, is now fully supported through the Remediation API. A SecOps team can use the APIs to integrate remediation capabilities with automated response playbooks and scripts, while developers can add a cloud security layer to their deployment pipelines using the Findings APIs to detect misconfigurations and the Remediation APIs to run rollbacks and actions.

Go to the Remediation API Swagger documentation to get started.

Legacy Account Management CLI Deprecation

March 11, 2021

We plan to deprecate the Secure State CLI on June 11, 2021. Going forward, all CLI functionality will instead be handled through our public APIs. Any customers currently using the CLI must transition over to the public APIs if they want to use the latest features of Secure State, as the CLI will not receive any further updates or support after the deprecation date. Please reach out to your Account Managers for any questions or assistance regarding this change.

To help you with the transition, an API Onboarding Guide has been introduced with API-based examples for use-cases related to onboarding. Example Python scripts for retrieving cloud accounts and bulk account onboarding through the APIs will also be provided soon.

Custom Compliance Frameworks -- General Availability

March 11, 2021

We’re excited to announce the general availability of CloudHealth Secure State Custom Compliance Frameworks. As customers continue to use Secure State to accelerate and monitor their compliance to industry standards like CIS, NIST, PCI, and more, Custom Compliance allows them to extend those natively supported industry standards and create their own custom frameworks in Secure State. Customers can also use Custom Compliance to scope to the areas or levels of governance they want to focus on. Since the beta release last fall, in response to user feedback, we’ve added features for cloning frameworks and viewing the change history of resources in a framework. We hope you enjoy these new features to help you manage and organize the Secure State rules into a compliance model that fits your needs.

To learn more about Compliance Management please read the documentation. You can also refer to this blog post to learn more about how Custom Compliance can help you organize your compliance program.

ISO/IEC 27001 Compliance Framework Support

February 25, 2021

We’re excited to announce that Secure State has added the ISO/IEC 27001 framework to its compliance library and can provide continuous monitoring of cloud resources against the ISO/IEC 27001 version 2013 technical controls. The ISO/IEC 27001 framework is recognized worldwide for managing information systems, and is supported in Secure State for AWS, Azure, and GCP cloud accounts. To review the controls and roles, log into Secure State, navigate to Governance > Compliance and choose ISO IEC 27001.

Improved Explore Rendering and View Neighboring Resources

February 25, 2021

We are releasing two usability improvements to the way Explore graph results are rendered later this week. The first change maintains separation between groups of related resources so you can more easily identify them. Second, we are adding the ability to discover neighboring resources interactively in the rendering. We hope these updates improve your ability to investigate and refine queries.

Auto-remediation – General Availability

February 19, 2021

Support for auto-remediation is now generally available! After adding several updates, including improvements to the user flow, new remediation jobs, and enhanced dashboard metrics, we are releasing our open-sourced remediation framework that supports AWS and Azure with general availability.

This release includes several additions to the main dashboard and remediation pages to monitor the status of worker groups and remediation runs. The extensible framework now supports 19 native jobs along with user-authored custom jobs, and more jobs are planned to release over the next several weeks. All remediation jobs can be deployed at scale as guardrails that fix misconfigurations in real-time, while providing read-only permissions to the Secure State platform.

Read more about how to get started with auto-remediation.

Introducing Support NIST SP-800-53 Revision 5 Compliance Framework

February 11, 2021

Secure State can now help you audit security and privacy controls for NIST Special Publication 800-53 revision 5. This framework is supported for all three cloud providers: AWS, Azure, and GCP. You can see all the details, including control groupings, individual controls, and associated Secure State rules, at the NIST SP 800-53 framework page at Governance > Compliance on the Secure State platform.

Google Cloud Support – General Availability

February 1, 2021

Secure State now supports Google Cloud Platform for all customers. We have added many enhancements to the user experience for the Google Cloud since the private beta and are excited to offer GCP security and compliance monitoring as a general service!

In addition to the common cloud visibility and graph-based exploration capabilities available for all three cloud providers, GCP features new org-based onboarding workflows. With GCP, you can onboard either a single project or a group of projects under a single organization by following a setup wizard.

This release includes support for 77 GCP rules and complete coverage of controls from CIS Foundations Benchmark v1.1.0, spanning services like Identity & Access Management, Logging & Monitoring, Networking, Virtual Machines, Storage, Cloud SQL, MySQL, SQL Server, and BigQuery. Google Kubernetes Engine, App Engine, and Cloud Functions are on deck and planned for availability over the next several weeks.

Secure State capabilities such as dashboards, suppressions, integrations, alerts, reports, and so on now include GCP. As of this release, customers using GCP in Secure State will begin getting billed for key resource types.

Learn more about how to get started with protecting your Google Cloud environment.

Suppressions Improvements: Suppress findings based on rule and account criteria

January 28, 2021

You can now target specific cloud account(s) to automatically suppress findings based on a rule. Previously, you could perform this action only at the organization level. Now you can create custom rules and apply them to specific accounts. We also fixed several bugs and added the ability to enter a specific suppression end date.

Compliance Management and Custom Frameworks now in Public Beta

January 14, 2021

We're excited to announce compliance management is now in public beta, with many thanks to our private beta users for all the testing and feedback they provided. We've resolved a number of issues and added new enhancements based on the feedback, including improvements to navigation, better user experience, and the ability to clone existing frameworks. We expect the public beta period to be short, but would like all of our users to have a chance to try these new features out before general availability.

For more information on compliance management, please refer to the documentation.

CIS Microsoft Azure 1.2.0 and CIS Amazon Web Services 1.3.0

January 7, 2021

CloudHealth Secure State has introduced support for the latest CIS benchmarks for AWS and Azure, CIS AWS Foundation 1.3.0 and CIS Microsoft Azure 1.2.0. We have created and associated many new rules to the applicable controls identified in each framework. You can find all of the currently supported frameworks and the new frameworks on the compliance dashboard.

check-circle-line exclamation-circle-line close-line
Scroll to top icon