(SAN FRANCISCO Jan. 25, 2023) - Mondoo, the SaaS-based security, compliance, and asset inventory tool, today announced the release of its new open cloud security posture management (CSPM) solution built on security as code (SaC), designed to help security and platform engineers secure their cloud environments.
Mondoo's CSPM is based on a trusted open source foundation and runs in the most secure and privacy-aware environments, making it ideal for use-cases in finance, healthcare, and the federal sector. With the ability to deploy and use in minutes, it covers AWS, GCP, Azure, and VMware and focuses on misconfigurations and vulnerabilities. It is also part of its xSPM SaaS solution, which includes cloud native application protection (CNAPP), Kubernetes security posture management (KSPM), SaaS security posture management (SSPM), cloud workload protection platform (CWPP) and more, to protect workloads and services as well as your cloud configurations.
“This announcement comes at an important time, as the recent release of Azure and GCP solutions complements its existing AWS coverage,” said Soo Choi, co-founder and CEO of Mondoo. “Features include managed integration in minutes with continuous scanning and extended resource coverage for GCP and Azure. We're thrilled to now have over 100 policies and 4200 checks and controls including CIS AWS, Azure and GCP benchmark coverage, which extends the existing CIS, NIST, and BSI policies.”
What sets Mondoo apart is its ability to test the entire workflow. Modern CSPM starts with Terraform automation and security as code covers the software delivery chain. Mondoo adds testing to CI/CD, where entire environments are spun up via Terraform and tested in the pipeline, before they reach production. This means that developers can integrate Mondoo's GitHub action into their project and enable automated security tests for their developers. Additionally, a CLI is available for developers to use locally, in test environments, and in automation.
Mondoo is also highly customizable and extensible, making it perfect for security and platform engineers. The open query engine allows users to use existing policies or write their own.
About Mondoo
Mondoo is a powerful security, compliance, and asset inventory tool that helps businesses identify vulnerabilities, track lost assets, and ensure policy compliance across their entire infrastructure. Its extensible security posture management (xSPM) platform is built on open source components like cnquery and cnspec, giving customers complete transparency and control over how their data is processed. With Mondoo, you can easily integrate security into your developer workflows and protect your organization's assets while minimizing the risk of security incidents.