Wednesday, October 21, 2015

ScriptRock offers free vulnerability testing. Or what to do when AWS eats (some of) your lunch

When Amazon Web Services (AWS) introduces Inspector vulnerability detection gives your re: Invent conference a few weeks ago, there was an audible sigh as a number of partners AWS saw its addressable market evaporate before their eyes. This is a scenario often repeated - An AWS partner spends time and money in building a solution that threatens the basic single AWS AWS services have introduced a similar product later. Not that AWS is particularly predators - is, however, the nature of the platform providers looking to expand their platform. (Disclosure: AWS is an analysis of the diversity of customers, but I have not advised of the inspector.)

One company has decided to be pragmatic and today is announcing that their own vulnerability scanning engine (which comes as part of its wider choice) will now be free. Perhaps overlook the obvious commercial realities resulting ad AWS, ScriptRock competitor is positive about what this offer for customers. "Vulnerability assessment as a concept is not new, but historically, it could cost a lot, and invested both money and reports generated were almost incomprehensible time. In ScriptRock, our goal has always been important but complex information We easy to visualize, understand and act. We are now doing this for data vulnerability, "said Alan Paul Sharp, cofounder ScriptRock. Well, yes, but I would say that this movement is what happens as a direct result of their own ad vulnerability AWS, I put this Sharp-Paul and his co-founder Mike Baukes and ask for the time and the justification for the announcement on the new AWS. The couple had valid points to make in this regard, perhaps more justified concern that the inspector AWS is only a useful tool for AWS own body and therefore have no real value in a hybrid framework. Like most modern organizations using hybrid environments, offering ScripRock covering entire infrastructure it is more valuable. This is not a problem for pure AWS-shops, but as a point in the duo, there are fewer of them hybrids.

Besides, ScriptRock stressed that the inspector does not really help migration to and from AWS. As they see it, companies need visibility and validation / testing throughout the migration process. AWS tools can not help with the side of AWS, which is only half the battle. As noted, ScriptRock can help with the rest. They also highlight a platform for discovery, monitoring and analysis of the wide range ScriptRock footprint for the entire infrastructure of an organization. As such, the vulnerability of the test solution is useful, but much more useful in combination with the other parts of the ScriptRock platform.
This is true, but also has a double-edged argument, since it could be argued that the infrastructure of AWS, with an offer of AWS-native vulnerability is more valuable than a third vulnerability supplements tested. Horses for courses I suppose.

Finally, ScriptRock was keen to stress that any ScriptRock is available through its REST API - meaning they can be integrated and communicate with AWS through its API. ScriptRock theoretically could trigger scans AWS inspector (AWS via the API) and eat whatever inspector vulnerability data and display it on the user interface ScriptRock back with all other offerings ScriptRock data platform, giving users a single crystal or a single console to manage all their systems (AWS + all others).
Everything is logical, but there is no denying that ScriptRock has lost at least part of its market opportunity. That said, the losing party is a relatively low value and should be compensated by increasing the depth of the ScripRock political features - Once created, a policy can continuously validate a specific set of criteria to ensure that any server, or fleet servers, maintain compliance. If a test fails to comply, the team is alerted and given the option to delegate a task remediation. This ensures settings can not derive and misconfiguration errors ever cause loss of time or money.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.