PureSec is broadening the scope of its cloud security offerings with today’s announcement that PureSec Serverless Security Platform is now generally available after the end of its beta period, which started in April.
“The adoption of serverless architectures on cloud providers like AWS Lambda and Microsoft Azure is growing exponentially, at an estimated rate of 700% a year,” the PureSec team wrote in the announcement. “Organizations adopting serverless are still responsible for designing robust applications, and making sure that application code doesn’t introduce application-layer vulnerabilities. However, since organizations that use serverless architectures do not have access to the physical (or virtual) server or its operating system, they cannot deploy traditional security layers such as endpoint protection, host-based intrusion prevention, web application firewalls, or RASP (runtime application self-protection) solutions.”
RELATED CONTENT: Survey finds frequent critical vulnerabilities in serverless open-source applications
This new release is designed specifically for serverless applications, defending against application-layer attacks like “NoSQL/SQL injections, remote code execution, attempts to subvert function logic and unauthorized malicious actions,” the company said. The company lists the many features of the new platform:
- Fully automated & customizable serverless runtime file-system hardening, process execution monitoring and network access controls
- Serverless application firewall, capable of detecting and preventing event-based injection attacks (such as SQL Injection, XSS, Local File Inclusion, Runtime Code Injection, etc.)
- Intelligent machine-learning based behavioral protection engine, capable of detecting unknown attacks and 0-days
- Visibility & control through a SaaS dashboard
- Serverless-centric static analysis for detecting & mitigating vulnerabilities during the CI/CD. The analyzer can detect & fix over-privileged IAM roles and permissions, known vulnerabilities in 3rd party libraries, and detect application secrets stored insecurely in the code
- Hassle-free deployment process – from zero to secure within 15 minutes
- Seamless integration into any CI/CD environment
- Seamless integration with cloud-native logging facilities, Splunk and other SIEMs