Summit Carbon Solutions
Trend Vision One™ – Cloud Security offers visibility, control, and proactive threat detection.
Brett Tatum
Director of Technology at Summit Carbon Solutions
WHAT IS OUR PRIMARY USE CASE?
“We use Trend Vision One™ – Cloud Security for our cloud security, but we especially love it because we're multi-cloud. We want a single solution that can help us protect, inspect, and gain information about all of our cloud assets, regardless of whether they're in Microsoft Online, Office 365, Azure, or AWS, where we have most of our workload.
We also love that Cloud Security is not just an endpoint solution or a DevSecOps add-on. It also has a source code repository, which allows us to put things in our DevOps pipeline to protect them. Additionally, we can use Cloud Conformity, which is part of Cloud Security, to monitor our posture management.
This means that Cloud Security is not just a reactive solution that runs software on virtual machines or in containers. It can stop problems in the development process before they even happen, even if the code is still on someone's machine or in the pipeline or repository. This helps us protect ourselves in a way that many other solutions cannot.
Before implementing Cloud Security, we were facing all sorts of unknown threats, including third-party vulnerabilities and misconfigurations. We need to protect ourselves from bad actors, but that's only half of it. We also have to protect our infrastructure from ourselves. No one on our team is going to intentionally do anything malicious, but they can make mistakes. And I can't monitor every piece of code or infrastructure that my team writes or has. I need a solution that can monitor our infrastructure continuously and notify us of any misconfigurations or mistakes so that we can fix them before they become major problems.
We deployed Cloud Security 100 percent on the cloud and we use AWS and Azure.”
Cloud Security is not just a reactive solution that runs software on virtual machines or in containers. It can stop problems in the development process before they even happen. This helps us protect ourselves in a way that many other solutions cannot.
HOW HAS IT HELPED MY ORGANIZATION?
“I am satisfied with the protection that Cloud Security provides for our multi-cloud environment. I need a single pane of glass that will give me the information I need quickly and easily. I set up Cloud Security in one afternoon, which I have done before. With one person, it only takes a day or so. Now, it is so simple to get it into any cloud and give it a small permission set to go in there and read our infrastructure, and then get some valuable insights very quickly.
Cloud Security provides us with contextual data, which is especially useful when we are acquiring a company or when I take on a new role and need to quickly understand what they have. Cloud Security also helps me to quickly correlate information in the DevSec process, as it protects everything. There are three times when a security vulnerability can be caught: when we write the code, when we deploy the code, or when the code is running. If a vulnerability is not caught until the code is running, we probably made a mistake. We can then go back and look at the first two steps to see where we should have caught the issue. I am 100 percent satisfied with the context provided by Cloud Security.
Cloud Security protects my cloud workloads. If an attack gets past the first two layers, I still need a way to protect the endpoints, whether they're EC2 instances, virtual machines in Azure, or even on-premises servers. I need a single pane of glass to see all of my endpoints. And let's say there's a zeroday attack, something that no one knew about and couldn't have caught. With Workload Security, I don't need to patch it immediately, even if it's a Windows update. Workload Security can patch it for me and put security tools around it. So we use it for patching and filtering, as well as other security needs. It sits on our virtual machines and whatever cloud we use.
The biggest benefit of Cloud Security is its single pane of glass view. Other cloud providers, such as AWS and Azure, offer similar features, but they require multiple dashboards and reports. With Cloud Security, I have a single pane of glass view of my entire infrastructure. We also use Cloud Security for many security needs, including endpoint protection and Office 365 protection. This gives me a single vendor, a single pane of glass, and a single console to manage the security of all of my platforms.
Cloud Security gives us full visibility and control of our cloud environments.
When I am asked difficult questions, or when I am going through an audit or other process, I use its reporting and dashboarding capabilities to get all the information I need in one place. This saves me from having to correlate data from different sources, and it helps me to resolve audit and compliance workflows more quickly.
Visibility helps us resolve complexity in our environment by providing quick snapshots of an account. This is especially useful when I'm trying to get an overview of a new workload or a new company, as it allows us to take a snapshot of the environment to make it easier to ingest.
We buy our subscriptions through the marketplace because it's easier. I don't want to buy credits, because I can use the marketplace as needed. It also allows us to quickly bill the subscriptions to our existing account, so I don't have to set up another vendor or billing terms. I can just quickly use the marketplace, choose the subscriptions I want, and pay as I go. It's perfect.
Conformity would give me a good overview of what infrastructure we are using and where we can potentially save costs by emphasizing the infrastructure that we do not necessarily need.
Cloud Security protects me in the cloud, protects my registry, and protects my DevOps pipeline. It is not necessary for Cloud Security to protect all of these things. Additionally, Trend Vision in general also protects our Office 365 infrastructure, including SharePoint, Teams, and Outlook.
Protecting all the data across our environment is extremely important these days. No matter what industry we're in, it's crucial to understand our data security protocols, where our data is stored, how it's protected, and how it's accessed. This information gives us a single, overarching view of our data security posture, which helps us to identify and remediate misconfigurations and quickly respond to zeroday attacks or compromises. The sooner we know about a security incident, the fewer repercussions we're likely to experience.”
WHAT IS MOST VALUABLE?
“Detection response and cloud conformity are valuable features. I like how repository scanning helps us to scan our source code. I think these two features have helped me to detect potential threats before they even occur. I have also used cloud conformity when I start working in a new environment, such as a company with cloud infrastructure. Even if I don't know their workloads, I can quickly deploy cloud conformity to get a good understanding of what they have, how secure it is, and where they can improve.”
It's crucial to understand our data security protocols, where our data is stored, how it's protected, and how it's accessed. This information gives us a single, overarching view of our data security posture, which helps us to identify and remediate misconfigurations and quickly respond to zero-day attacks or compromises. The sooner we know about a security incident, the fewer repercussions we're likely to experience.
WHAT NEEDS IMPROVEMENT?
“Documentation on cloud architecture and job architecture would be helpful. It would also be enlightening to know what security context we get. Cloud Security is a really good product overall, including Cloud Security. However, their authorization and authentication could be improved. They have too many different ways to log in to their tools, which can be confusing. It would be better if they had just one or two ways to log in.”
FOR HOW LONG HAVE I USED THE SOLUTION?
“I have been using Cloud Security for six years.”
WHAT DO I THINK ABOUT THE STABILITY OF THE SOLUTION?
“Cloud Security is stable. I have not experienced any outages.”
WHAT DO I THINK ABOUT THE SCALABILITY OF THE SOLUTION?
“Cloud Security is 100 percent scalable.”
HOW ARE THE CUSTOMER SERVICE AND SUPPORT?
“In the few interactions I have had with technical support, it has been a great experience. The only area where technical support could improve is in communication. They need to be more clear because there was a time when they sent us a communication that did not clearly explain how the issue would affect our environment.”
HOW WAS THE INITIAL SETUP?
“The initial deployment was straightforward. The first time I deployed the solution, many years ago, it was a very different product than it is today. However, it was still very easy to deploy back then. We provide the solution with IAM keys in AWS, and it provisions our environment. If it is a Windows workload, we install an agent. This process was also very straightforward.
After that, I knew that manual deployment could be a pain, so we wanted to automate it. As soon as a VM spins up, the agent is automatically installed and checks in. Just as importantly, the agent also spins down the VM when it is no longer needed. This is very important in the cloud because we scale our environment up and down based on usage. Unlike on-premises environments, cloud environments are not static.
I think the solution is very easy to get started with, and it scales up and down as our business needs change.
Two people completed the deployment.”
HOW ABOUT THE IMPLEMENTATION TEAM?
“The implementation was completed in-house.”
WHAT WAS OUR ROI?
“We have seen a return on investment with Cloud Security.”
WHAT'S MY EXPERIENCE WITH PRICING, SETUP COST, AND LICENSING?
“The pricing for Cloud Security is reasonable because my costs scale up and down based on my infrastructure usage. If I scale up my infrastructure, such as by adding a new workload, my AWS and security costs will both increase. However, if I scale down my infrastructure, my security costs will also decrease. This is not the case with other vendors, where I may still have to pay for security even if I scale down my infrastructure.
For example, if I implement traditional security measures, such as gate guards and guns, I will still have to pay for these security measures even if I scale down my infrastructure. However, with Cloud Security, I am charged based on my usage of security features, such as the number of host-based agents I have deployed, the number of times my DevOps pipeline runs, or the amount of data I store in my repository. This means that I can save money on security costs if my team scales down and my DevOps pipeline slows down.”
WHICH OTHER SOLUTIONS DID I EVALUATE?
“I've implemented Cloud Security four times now, with different companies and organizations. I also spent some time directly with AWS, and I did a lot of work with Palo Alto and their firewalls, both in the cloud and with their Prisma Cloud. It was just a pain. It took so much more time to set up and configure, and the mean time to value was insane compared to Cloud Security.
Check Point Firewall in AWS is also a problem. Both of these solutions require us to rearchitect our application, infrastructure, and network design so that we can protect it. That's why we love Cloud Security. It's right on the endpoints, instances, or virtual machines. It's a host-based firewall instead of a gate guards and guns mentality of putting something at the front door.
The big difference between the cloud and on-premises is that our house or data center has one front door, one thing to go in and one thing to go out. The cloud is not the case. It's hard to do that gate guards and guns approach with one firewall in the cloud. It's possible, but from a cost perspective, it just doesn't scale. Instead of having one door, we might now have a hundred or a thousand, and we can't put that same firewall over and over again.
So, we have to change how we do security in the cloud, and that's where I think Cloud Security really excelled early on. Everyone else didn't get it first. And I think everyone is trying to catch up to Cloud Security, but that's why we went with them originally. They changed the way we think about security and how we're going to secure our infrastructure based on our architecture. The other competitors are falling behind, and they're still trying to secure the cloud the same way they secured the data center, which doesn't work from a cost-and-scale perspective.”
WHAT OTHER ADVICE DO I HAVE?
“I would rate Cloud Security nine out of ten.
We have about a hundred users. We are still in the early stages of our cloud journey, but I have used Cloud Security with thousands of users in the past. Thousands of daily users access our information and workflows.
Trend Vision approaches our business like a partnership. That's one of the reasons we keep coming back. Anytime I call or need something, Cloud Security is there hand-in-hand. If they make a mistake, something gets pushed out, or it doesn't go exactly how it should have, they take ownership. That's the only reason I've been a customer for so long: because they take ownership and they care.
It only takes a couple of hours to set up a proof of concept and get it running. I recommend that organizations try Cloud Security for themselves.”
WHICH DEPLOYMENT MODEL ARE YOU USING FOR THIS SOLUTION?
Public Cloud.
IF PUBLIC CLOUD, PRIVATE CLOUD, OR HYBRID CLOUD, WHICH CLOUD PROVIDER DO YOU USE?
Amazon Web Services (AWS)
Join 500K+ Global Customers
Get started with Trend today