Skip to content

Visibility & Enforcement

Visibility

Tool Description
cartography
  • Python tool that consolidates infrastructure assets and the relationships between them in a graph view powered by a Neo4j database (AWS/GCP)
  • Automating Cartography Deployments on Kubernetes: automated process to get Neo4J and Cartography up and running in a Kubernetes cluster, using HashiCorp Vault as a secrets management engine

Enforcement

Tool Description
Cloud Custodian
  • Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
  • Custodian can be used to manage AWS, Azure, and GCP environments by ensuring real time compliance to security policies (like encryption and access requirements), tag policies, and cost management via garbage collection of unused resources and off-hours resource management
  • Usage examples
Cloudkeeper Standalone CLI tool that periodically collects a list of resources in cloud accounts (AWS, GCP, Azure), provides metrics about them, and can clean them up
ForsetiSecurity Rule-based policies to systematically monitor GCP resources
project_lockdown Collection of automated remediation Cloud Functions that react to high risk events in real time