Address Security & Compliance Violations in Cloud Environments

Enforce Security & Compliance Policies Across Your Organization

Automated Remediation

Fugue is a cloud infrastructure automation and security solution that enforces security and compliance policies across the organization. Fugue ensures that an enterprise’s cloud resources are always provisioned according to a single source of truth—and stay that way throughout the resources’ lifetime.

  • Revert Back to Baseline

    Fugue creates a baseline of your cloud infrastructure from what is provisioned. Fugue detects all infrastructure changes within seconds and reverts all changes back to the baseline.

  • Complete Infrastructure Coverage

    Fugue performs automated remediation on all infrastructure changes: server, network, database, containers, IAM, security groups, serverless functions, etc.

  • Monitoring-Only Mode

    Users can disable automated remediation and work in monitoring-only mode. Fugue generates events communicating what has changed but lets users handle remediation.

Compliance Validation

Fugue applies content libraries as policy as code to validate whether infrastructure is in compliance with regulations or standards such as NIST 800-53, HIPAA, CIS Benchmark, and GDPR.

Fugue performs validation at compile/design time and runtime to ensure that no infrastructure violating policy is deployed to production.

Policy As Code Example
####################################
# Example Library to Validate Region
####################################
 
import Fugue.AWS as AWS
 
fun noCaCentral1(region: AWS.Region) -> Validation:
  case region of
  | AWS.Ca-central-1 -> Validation.error {message: "Region Ca-central-1 prohibited"}
  | _                -> Validation.success
 
validate noCaCentral1

Orchestration Engine

Fugue Conductor

Fugue’s Conductor is the orchestration engine that provisions and instantiates infrastructure specified by definition files. Each file runs on the Conductor as a process that can be suspended, resumed, or killed similar to OS processes.

The Conductor architecture is highly secure—the Conductor does not listen on any open ports and all outbound traffic is sent only to Cloud Provider APIs. All traffic is encrypted and executed by queuing services or notification services.

Fugue Conductor Diagram

Fugue Composer

Fugue Composer is an application that scans your AWS accounts and generates an accurate visualization of your cloud infrastructure resources and their relationships.

Fugue Composer also visually displays how your resources may violate compliance or security policies. Noncompliant resources are clearly tagged and the violations are marked in infrastructure definition files.

Fugue Composer

Secure Your Cloud

Find security and compliance violations in your cloud infrastructure and ensure they never happen again.