WithSecure launches Cloud Security Posture Management

Press Release  |  May 23, 2023

WithSecure Elements adds new capabilities to help organizations identify insecure configurations in cloud-based infrastructure platforms.

Helsinki, Finland – May 23, 2023: Security can get left behind as organizations migrate their infrastructure to cloud services provided by third parties. In order to ensure organizations stay secure as they take advantage of the cloud, WithSecure™ (formerly known as F-Secure Business) has launched a new module for its WithSecure™ Elements security platform that identifies insecure cloud configurations attackers use to compromise networks.

It's now become commonplace for organizations to incorporate cloud-based infrastructure-as-a-service (IaaS) offerings into their IT estates. This transformation has many benefits, but also new challenges, particularly in relation to security.

These challenges include the rapid development of IaaS platforms, a scarcity of professionals with cloud security skills and experience, different regulatory considerations, and overall complexity. The fact that many companies use multiple public cloud providers simultaneously only adds to the difficulties in securing such infrastructure.

“The task of securing cloud infrastructure is very hard for several reasons. The cloud typically provides a layer of abstraction compared with traditional infrastructure, meaning that both traditional and could-specific security concerns apply. For many customers, it is very confusing to understand which aspects of security are delivered by the cloud provider and which is the sole responsibility of the user,” said WithSecure™ Head of Product Management Leszek Tasiemski.

The challenges can add up to significant security problems. A 2022 WithSecure™ survey found that nearly 34% of companies detected non-misconfiguration vulnerabilities and 24% detected misconfigurations impacting their cloud platforms in the previous 12 months.*

“There are sometimes vulnerabilities in the cloud layer, like Amazon’s IMDSv1. And cyber criminals do their homework. It’s becoming more common for these configuration errors to be successfully attacked by adversaries in the kind of incidents you hear about in the news,” added Tasiemski.

Cloud Security Posture Management is a new module available for WithSecure™ Elements—a cloud-based security platform that provides organizations with the flexibility to pick and choose the capabilities they need via different modules.

The module is intended to manage risks related to vulnerabilities and misconfigurations in popular cloud-based IaaS platforms. Support for both AWS and Microsoft Azure is provided from the very beginning. Specific benefits include:

  • Cloud security posture scanning that identifies and prioritizes misconfigurations based on risk level with accompanying mitigation instructions.
  • Configuration checks for overly permissive IAM privileges, unencrypted data at rest, cloud instances with access to public IP addresses, whether logging is enabled for incident investigation, and additional existing and emerging cloud security issues.
  • Service powered by consulting expertise and research to ensure checks fit within threat models and add real security value to organizations.
  • Dedicated dashboard where important information that requires attention is provided in easy-to-interpret graphs, such as the evolution of security posture over time, and different security posture insights.
  • Multi-company and multi-cloud management in a single easy-to-use portal along with endpoint security, collaboration protection and vulnerability management products.
  • Specific rules and flagging that help in maintaining compliance with independent standards, namely CIS and NIST CSF.
  • Possibility for partners, like MSPs and MSSPs, to provide CSPM as a managed service to their customers.

The capabilities provided by Cloud Security Posture Management complement WithSecure™ Elements’ endpoint protection, endpoint detection and response, vulnerability management, and collaboration protection modules to ensure organizations migration to the cloud includes security.

WithSecure will present Cloud Security Posture Management at this year’s SPHERE—a cyber security event held annually in Helsinki, Finland—on May 24-25. More information on SPHERE is available at https://thesphere.org/.

Organizations interested in learning more about WithSecure™ Elements Cloud Security Posture Management can visit https://www.withsecure.com/en/solutions/software-and-services/elements-cloud-security-posture-management.

*Source: WithSecure 2022 B2B Market Research. Online survey with 3072 respondents was carried out during May 2022 across 12 countries (UK, France, Germany, Belgium, Netherlands, Denmark, Finland, Norway, Sweden, US, Canada, and Japan). Respondents were decision makers or decision influencers in their organizations for purchase of IT, cloud or network security products and services. 

WithSecure™ media relations
Adam Pilkey

About WithSecure™

WithSecure™, formerly F-Secure Business, is cyber security’s reliable partner. IT service providers, MSSPs and businesses – along with the largest financial institutions, manufacturers, and thousands of the world’s most advanced communications and technology providers – trust us for outcome-based cyber security that protects and enables their operations.

Our AI-driven protection secures endpoints and cloud collaboration, and our intelligent detection and response are powered by experts who identify business risks by proactively hunting for threats and confronting live attacks. Our consultants partner with enterprises and tech challengers to build resilience through evidence-based security advice. With more than 30 years of experience in building technology that meets business objectives, we’ve built our portfolio to grow with our partners through flexible commercial models.

WithSecure™ Corporation was founded in 1988, and is listed on NASDAQ OMX Helsinki Ltd.