iCompaas
Automate Cloud Security & Cost Savings
Start new thread
Jaya Polumuru

iCompaas - Cloud infrastructure compliance and security as-a-service

by
iCompaas
iCompaas provides a suite of tools and services to maintain the Compliance and Security posture of your cloud infrastructure. We automate services of a Cloud Security Specialist, a Compliance Analyst, and a Cloud Architect all rolled into one product.

Add a comment

Replies

Best
Jaya Polumuru
Maker
Hello Producthunters! We are happy to launch our cloud infrastructure security and compliance product - iCompaas! Our team has experience working in mid-sized and large enterprises where automating security and compliance is painstaking and really expensive. Even after the advent of cloud IAAS, most companies continue to struggle with securing their application stack due to a lack of good automation tools. And we wanted to fill that gap with our product. We believe companies of all sizes should get the benefit of top quality security and compliance software at a low cost. This is our mission and we are launching on producthunt.com today to get your feedback. Here are some of our product highlights: Security - We provide cloud infrastructure security where we cover AWS Well-Architected Framework, checking if Interfaces and APIs are Insecure, validate configurations, User and Permissions Management(RBAC), Authentication events, check for Malicious Insiders and Account Hijacking attempts. Compliance - Real-time monitoring of compliance changes with resource-level details, along with report generation. We offer compliance solutions such as CIS Level 1 & 2 and HIPAA; Coming soon with GDPR, PCI DSS, NIST CSF, NIST 800-53, SOC 2, ISO 27001, and CSA CCM. Cost Optimization - We monitor usage patterns and provide a breakdown of cost using various dimensions like services, type of operation, and regions. Our tool will find unused and hidden resources that can be decommissioned to potentially save Capex and Opex costs. We also offer cost forecasting and reduction recommendations, and also recommendations based on usage(CPU, Memory, Storage). Looking forward to engaging with the community; our team of makers is available all day (and night) to answer any of your questions. Cheers! JP
Jaya Polumuru
Maker
Forgot to mention, we currently only support AWS infrastructure only but Azure and GCP are coming soon.
praveenhotha
How are you automating security?
Jaya Polumuru
Maker
@praveenhotha Thanks for your question! We have created backend engine that calls AWS APIs to retrieve the metadata; we then process the data to see if our security policies are being violated. Thats where we check configurations, user permissions, cloudtrail events, just to name a few. Hope that answers your question. Please checkout our website where we provide more details.
praveenhotha
How is this product different from the paid technical support that aws provides?
Jaya Polumuru
Maker
@praveenhotha Great question! So the paid technical support AWS provides is very expensive and it's also manual. Our mission is to reduce cost through automation of security, compliance, and cost optimization of your application stack. We intend to keep building more features/tools that will help keep our customer's infrastructure secure.
Yashwanth Reddy
Does your product have machine learning integrated?
Jaya Polumuru
Maker
@yashwanth_reddy4 Thanks for the Question! Yes, we have been training our ML models to enhance our Security Threat Analysis. As we gather more data, it's going to improve our models significantly. Also, we have plans to use ML for several other aspects including cost optimization.
Sathish Simhachalam
HI ICompass Team, I have been through the technical write up in the above sections and also through your website , I liked the idea of planning a single solution for Security , Compliance and also providing some architecture guidance with cost effective product to small/mid and large enterprise which are the need of hour and it is really commendable. I would like to understand more on this product and its capabilities , below are few queries - Is this product suitable for any kind of AWS models/architectures.. EC2 or ECS ..??? - How are the vulnerabilities tracked by your product specific to an EC2 instance .. do you need any plugin or client running on the EC2 instances to fetch this information - What kind of permissions IAM roles does your icompass product needs for customers AWS account..??
Jaya Polumuru
Maker
@sathish_simhachalam We support all AWS application architectures (EC2 and ECS). The policy checks we run are on AWS infrastructure metadata. We do not run any plugin or client running on EC2.
Cs Srinivasa Rao
How can you help with cost savings ?
Ravi Prakash
Maker
@cs_srinivasa_rao Thank you for a very important query Srinivasa Cost is a primary factor for all customers using IaaS. Using Cloud service providers services for analysing the costs levied may not be a smart thing to do(Ideally assessee and assessor should be different as part of any assessment). You may have observed that the cost information shared with you, related to the cloud account is generally ambiguous, shielding the most important information affecting your infrastructure costs. iCompaas tries to level the playing field with empowering the customer with multiple dimensions that will give you a better understanding of your infrastructure. This info has been gathered by running more than 60 cost related checks. Our cost saving feature is a default one and helps customers analyse this information. You can sign up and see this information NOW !!!(30 day free trial, No strings attached) and understand and interpret your cloud infra costs. I know this was an elaborate answer but considering the importance, we believe this was necessary. Hope this answers your query and we want to see you register with us !!! Cost management in the cloud is one of the key concerns as per 300 enterprise CIOs and IT executives(Details below). Challenges in managing IT spend Info @ https://www.flexera.com/blog/elo...
Cs Srinivasa Rao
@ravi_polumuru thank you . The product looks good 👍
Nishant Thorat
What is a resource? Can you share list of resources you scan?
Ravi Prakash
Maker
@nishantt Thank you for your question, It's great to see interest from a possible competitor(Druva) checking out our product :D We are considering any configuration created by the customer as a resource. We scan for most of the AWS services.
Nishant Thorat
@ravi_polumuru Thanks for reply. Not sure what do you mean competitor, Druva is in Data protection space. Anyway I was checking in my personal capability. Still not clear by "configuration created by the customer as a resource". Do you have a list?
Ravi Prakash
Maker
@nishantt Apologies for the delay and thank you for being candid. @ iCompaas, we define a resource as any config that has been created by the customer in the cloud infrastructure. Regarding the list of services, we would love to answer all your questions in detail, it would be great if we could connect for 30 minutes to walk you through our product demo. You could book the calendar at your convenience @ https://calendly.com/icompaas/demo
Ravi Prakash
Maker
Proud to be part of iCompaas solution thats helps fellow Ops guys to feel `secure in the cloud` #SharedResponsibility #RethinkSecurity I want to share my Angle of an Infrastructure Operations Guy: Having worked as an admin and in management roles for over a decade, have noticed many a times, critical challenges would often drill down to security and compliance deviations. Over the past few years, cloud security has been the cause, leading to the need of a tool like iCompaas, which has multiple capabilities which can answer the questions: What do we protect? - Understanding that firewalls and endpoints as our potential attack surfaces How many resources do we have? - Consolidation of cloud asset/resource inventory and management How many of them are patched and up to date? - Vulnerability assessment of resources Has anything changed? - New cloud technologies that may cause security issues that were previously not considered We rounded up an array of all annoying things that we could find in security/compliance and automated it in one place, so no one would have to solve the same problem again. I have met several entrepreneurs, who are creating awesome products and services, but are not aligned with security and compliance right at the outset. The clomplexities in creating ad-hoc scripts and catering to increasing number of new services could be one of the factors for not focusing on security issues, that may lead to difficulties while we move to production. We are happy to answer any questions you might have on our offerings, I Look forward to hear your feedback... Cheers !!!
Jagadeesh Aj
If you detect a compliance issue, how will you remediate that?
Ravi Prakash
Maker
Hi Jagadeesh, Appreciate your query on this. We think it is an important to clarify that when customers signup with iCompaas and add the cloud account, they are approving a Read-Only Trust relationship. (Step by step process is outlined here: https://www.icompaas.com/#learn). So the short answer is, we don't remediate compliance issues that are identified, we report them. And the long answer is, we provide you Violation and Evidence reports that would give you detailed info about the associated "Resource" that is in violation and also share "Remediation Steps" to fix the violation. You can check out our iCompaas Knowledge Base for more extensive details (https://support.icompaas.com/sup...).
Ravi Kumar Penugonda
Does your product adapt to customized security requirements as per any specific organization standards?
Jaya Polumuru
Maker
@ravi_kumar_penugonda Thanks for the question. We plan to support "user" (organization) customized security requirements in the future; currently only support standard requirements like CIS Level 1 & 2 and HIPAA; Coming soon with GDPR, SOC 2, PCI DSS, NIST CSF, NIST 800-53, ISO 27001, and CSA CCM.
12
Next
Last