Why Another Cloud Security Tool?
Cloud is a rapidly growing market, and there are many open source and commercial cloud security tools. The commercial tools address a large number of problems, which make them powerful but complicated (and priced accordingly). The open source tools tend to address a subset of those same problems, but can be difficult to deploy and operate.
In looking at and working with the options, it seemed there were various solutions targeting a range of use cases, but still an opportunity for something different.
The Abridge vision & key features
The initial idea behind Abridge was the visualization feature - the ability to render various "x vs y" comparisons for related cloud resource attributes. It started as a single-page JS/D3-rendered visualization and expanded from there.
Abridge is intended to:
- Automatically extract data from various cloud provider APIs.
- Aggregate and normalize data across accounts/regions.
- Render visualizations that allow straightforward comparison and identification of outliers/variance across datasets.
- Make it easy to search for cloud resources across accounts/regions.
- Filter views based on user preference.
Abridge has been built on modern cloud services and open source software, and is intended to be a cost-effective solution.
Things Abridge is not
Abridge is focused on the set of features noted above, and there are many problems it does not attempt to solve.
Compared to other solutions, Abridge:
- Is not a source of checklist-oriented reports, and will not email you when something is wrong. It's primary use case is not to provide you with a list of things to go fix, although you'll likely use it for that purpose to some degree.
- Is not a generator of architecture diagrams. There are other options for doing that and - realistically - diagrams like that only get you so far.
- Does not do automated remediation. It is intended to help you find outliers/misconfigurations, but you know better how to fix those things than an automated tool or already manage your cloud with infrastructure-as-code.
- Does not expose not real-time data. There are clever solutions for integrating into realtime configuration streams, but this is not that solution.
- Is not a high-complexity, high-cost solution. It's relatively simple in nature and can be provided for relatively low cost.