Our latest version, 20.2, is special for many reasons. This is our first major release, DivvyCloud of Rapid7. We look forward to providing you with innovative solutions within the Rapid7 team. Rest assured that we will continue to listen to our customers’ needs and align our common priorities with the product roadmap as it evolves.
This release is also remarkable because it includes our long-awaited new security feature, Infrastructure as Code (IaC). Other features are:
- Organisational development
- Improvements to the compliance indicator system
- NIST 800-53: Update compliance file
As with any problem, we’ve improved the overall level of cloud computing by expanding the support and use of resources in DivvyCloud. These improvements provide our customers with additional visibility, reporting and automation capabilities.
We have developed IaC security to complement our automated recovery capabilities. Instead of identifying problems and responding to them, IaC Security opts for a proactive approach. This enables organizations to implement security controls earlier in the CI/CD process (by dragging and dropping links) and enables compliance and security issues to be addressed before deploying or modifying the cloud infrastructure.
This new feature allows users to use pre-configured infrastructure models from the outset for secure and compatible development. Using DivvyCloud’s in-depth knowledge of the customer’s cloud infrastructure, IaC Security analyzes proposed code changes to determine whether the changes violate security or compliance policies. If you understand all the implications of the change before you start, our customers will be more efficient and better protected.
For more information on this function, see the IaC documentation section.
Extra support for organisations
DivviCloud offers the possibility to add multiple projects or accounts to the organization. With the Organize feature, you can have all cloud-related projects or accounts and ski passes from the organization or folder added automatically. This means less maintenance and better synchronisation. For example, when a project or account is deleted, it is not left in our tool as an obsolete artifact that can generate false positives if it is not respected; instead, the Organizations feature recognizes that the project or account has been deleted and does not generate source information.
The function of our organisations, which was previously only available for PCB projects, has now been extended to DWS. Don’t worry, we’ll add this feature for Azure in the near future. More information about DivvyCloud organizations for PAG and recently added organizations for AWS
Scorecard Compatibility Enhancements We’ve redesigned the scorecard to improve readability while providing an even better view of your overall compatibility chart and dramatically increase your productivity. The redesign is included:
- Extended filter section
- The heat map view The map has been moved to the following filter area
- Additional displays (also improved for readability), including the Gravity Mismatch and Mismatch Resource History displays, which are visible when you scroll down.
We have also retained previous navigation features, including control over page views for views and clouds and the ability to click on an account/cell for more information.
Other improvements to the dashboard include improvements to the Excel downloads, which are translated into a more readable format with additional information about your compliance. Users can more easily analyze the uploaded data, which is now possible:
- For inappropriate means – the seriousness of the problem and when the problem was first discovered
- For exceptions – the maker and the approval exception.
- Clarification of the values reported – the uploaded report now shows four lines with different values explaining the total number of infringed resources, the number of estimated resources, the percentage of resources that do not comply, or the percentage of compliance versus non-compliance. These values are then compared with the color legend of the scorecard.
Dynamic links in Excel also take you back to the DivvyCloud tool to find the exact location of a specific number.
Updated documentation for the concordance indicator card can be found here
The NIST Special Publication 800-53
Updated Compliance Package provides a security and privacy checklist for all U.S. federal information systems with the exception of those related to national security. As laws, regulations and frameworks such as these evolve and change over time, DivvyCloud can help your organization adhere to the rules. With this release, we have updated the NIST 800-53 compliance package to reflect the changes in NIST 800-53 version 4. An old version of the package is still available, but since it will eventually become obsolete, we recommend using an updated version. Read more.
To see the latest changes and additions in action, you can request a demo version. For more information about this release, see the release notes.
Version 20.2 of Post Feature was first released on DivvyCloud.
*** This is DivvyCloud’s syndicated Security Bloggers Network blog, written by Jamie Gale. The original message can be found at the following address: https://divvycloud.com/feature-release-20-2/?utm_source=rss&utm_medium=rss&utm_campaign=feature-release-20-2.