Application security, Asset Management, Vulnerability Management, Cloud Security, Compliance Management, Patch/Configuration Management, Container security, Malware, Incident Response, Patch/Configuration Management, Security Operations, Vulnerability Management

Securing, Monitoring, and Remediating Immutable Infrastructure

We’ve all heard the term Immutable Infrastructure, especially with cloud deployments, but what does it really mean?  What are the security and compliance impacts of Immutable Infrastructure?

Let’s start with a quick overview of Immutable Infrastructure.  Simply defined, Immutable Infrastructure means that the state of networks, servers, applications, etc. are not subjected to change in production, as they are built to an exact specification.  If a change to a specification is required, then a whole new set of infrastructure is provisioned based on the updated requirements, and the previous infrastructure is taken out of service as it is obsolete.

In theory, this is a great concept, but in reality it is much more complex.  What if I have a security vulnerability or incident that needs to be resolved immediately to prevent a breach of data?  Do we actually rebuild the environment or do we apply the patch or modify a setting in production?  You probably modify the environment in production, which means you just broke immutability.  Now then, how should we actually secure, monitor, and remediate our Immutable Infrastructure to get all of the benefits implied in leveraging this approach?

This is where Accurics has a holistic approach.  Instead of focusing on one area of Immutable Infrastructure, Accurics looks at the entire lifecycle, including:

  • Identifying misconfigurations of your Infrastructure as Code during the development of your templates
  • Validation of security configurations through policies during the build process
  • Monitoring of security configurations in production once the infrastructure has been deployed
  • Alerting on security configuration drift between the build templates and the actual runtime environments, and
  • Defining remediation steps needed to re-align the build templates with the actual running infrastructure

Accurics provides Immutable Security for Immutable Infrastructure by offering:

  • Policy as Code
  • Security as Code
  • Remediation as Code
  • Drift as Code

It is the most complete solution to secure your Immutable Infrastructure.  To see a demo of Accurics, watch the technical segment on Application Security Weekly here, watch their webcast here, or visit securityweekly.com/accurics for more information or to download TerraScan, a free tool to scan your templates.

Matt Alderman

Chief Product Officer at CyberSaint, start-up advisor, and wizard of entrepreneurship.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.