Paladin Cloud launches new tool for attack surface discovery and management

Open source, cloud security firm Paladin Cloud has launched a new SaaS-based platform for enterprise cloud attack surface discovery and vulnerability management.

Built on Paladin Cloud’s open source core, the platform has a set of security policies implemented in code to serve as an extended policy management tool that integrates into various enterprise systems, providing a comprehensive view of security across multicloud environments.

“Our cloud security platform helps developers and security teams define their cyber asset attack surface, verify that security controls are providing their intended protection, and extend their security posture over multi and hybrid cloud environments,” said Daniel Deeney, co-founder, and CEO of Paladin Cloud.

Paladin Cloud was initially released in July 2022 on GitHub and is entirely free to download and use. It is a multicloud offering with an enhanced UI/UX interface and integrates with federated identity platforms (e.g., Active Directory).

Attack surface discovery is a code-based security offering

The new cloud security platform is designed to offer continuous monitoring to identify and visualize digital assets while detecting vulnerabilities, misconfigurations, and security risks. It also prioritizes security risks to help DevOps teams drive automated workflow and remediation.

The code-based, agentless cloud monitoring and alerting capabilities on the platform combine with third-party integrations of enterprise systems to allow security teams to validate existing security controls and protections.

The product, for instance, contains a plug-in to Qualys, a vulnerability scanner, where it automatically maps Qualys installations across the asset inventory of AWS Elastic compound cloud (EC2) instances. As a result of this mapping, it’s able to identify blind spots and coverage gaps where Qualys is not installed and therefore not protecting AWS EC2 instances.

“The Enterprise SaaS platform integrates seamlessly with cloud service providers, like AWS, Azure, and Google Cloud, and enterprise systems, like Qualys, Tenable, Aqua, and Red Hat ACS. We are also continuing to add new plug-ins to the platform into widely deployed enterprise systems,” Deeney said.

The platform’s “security-as-code” offering, which refers to several hundred pre-coded security policies sourced from regulatory benchmarks such as CIS and NIST as well as industry best practice policies from other organizational sources, also allows organizations to codify their own security policies.

“It is nice to see a new player in the cloud security posture management and cloud-native application protection platform spaces,” said ESG Senior Analyst Melinda Marks. “The movement to security as code is popular because it’s a way to codify security early in development processes to minimize misconfigurations or coding errors. We see this in the use of open source infrastructure as code, where you have templates that the developers can use to set up their own infrastructure instead of waiting for IT or Ops to set it up for them.”

With prebuilt codes, the offering groups assets and security findings by users, applications, products, business units, and cloud services to affect a granular, continuous view of a customer’s multicloud environments.

Early adoption shows promise

Early customer adoption across financial services, technology, and healthcare has revealed a 30% reduction in attack surface in terms of exposure to vulnerabilities and threats, according to Paladin Cloud.

“Paladin uses plugin connectors to help organizations identify and visualize their assets in cloud environments, assess their cybersecurity protection, including what tools and policies they have in place for those assets, and then they assess any gaps so they can apply the right tools or processes to all of their assets,” Marks said. “It’s an innovative way for organizations to ensure that the applications that they put into cloud environments have the right security processes and tools in place to protect them. It also helps speed remediation with features where you can apply the fixes across groups of assets.”

The platform automates incident management through ticketing integrations like JIRA and Slack, alerts, and notifications. Additionally, it implements reporting across several benchmarks and standards to improve governance and compliance.

Open source security solutions are popular compared to vendor solutions because it makes it easy for organizations to connect and use the solutions, compared to a solution where it might be difficult to obtain a trial version and go through a buying cycle. There is a high adoption rate of many open source security tools, such as testing tools, and then some vendors also use the open source tools to build products around them, Deeney said.