Evident.io-Corp Overview

Evident.ioCompany Overview

April 18, 2023

©2015 evident.io I confidential I evident.io2

Introductions

AWS/Security Initiatives. Why Evident.io ?

About Evident.io

Agenda

1

2

3


Founded: 2013HQ: Dublin, CAEmployees: 30

Evident.io is the pioneer and leader in security and complianceautomation for public cloud.

Investors Partners Industry Alliances

Our DNA

ADVANCED TECHNOLOGY PARTNER

Patent Pending: ESP is a patent pending technology

About Evident.io


Evident Security Platform for AWS The Evident Security Platform (ESP), helps organizations of all sizes proactively manage security risk and compliance of their entire AWS infrastructure.

Risk Analytics & Threat VisibilityContinuous monitoring and risk-based threat analysis of all AWS Accounts, Services, and Regions.Guided Incident ResponseRapid response and remediation of security incidents detected by ESP.

Continuous ComplianceAdaptively manage compliance and automate Policyenforcement across the entire AWS infrastructure.


ESP Benefits

!Security Risk

VisibilityContinuous risk-

based visibility of the security and

compliance posture of your entire AWS

cloud.

Rapid Remediation

Simplifies and accelerates response

and remediation

Enables devs to remediate issues at

the source

Continuous Compliance

Enables continuous enforcement of

security and compliance policies

Audit ready reports reduce prep time from

days or weeks to minutes

Scales withYour Cloud

Automatically detects new accounts,

services, regions, and resources enabling

secure and compliant growth of your

business and cloud


Evident.io Advantages

Full AWS Coverage

Covers all AWS services, accounts,

and regions

Provides full visibility into your AWS cloud

infrastructure.

Agent-less and Proxy-less DesignNo hardware, software,

agents, or proxies

Deployed to even the largest AWS clouds in

minutes.

No performance overhead or in-line point of failure.

Cloud Security Experts

Built by leading cloud security experts who

have secured the leading cloud providers like

Adobe and Netflix.

Extensible And Open

Easy integration with 3rd party systems via

open RESTful API

Native integrations for leading solutions like

Pagerduty, Splunk, and HipChat.

.

AWS


ESP Architecture

APIs

Dashboards, Reports, Alerts

Threat Detection

Guided Remediati

onCustom

Apps Policy

Enforcement

Audit & Complianc

e

Serv

ices

SD

K -

API

RES

Tfu

l A

PI

3rd P

art

y

Inte

gra

tions

RDS

Direct Connect DynamoDB

S3

Glacier

VPC

EC2 RedShift

Route53

CloudFront ELB

SES SNS

Elasticache

IAM

EvidentSecurity Platform

Continuous Monitoring

Big DataAnalytics

Role-basedAccess Control

CustomSignatures

Apps

All 43 AWS Services!

AWS Control Plane


Public Cloud Security – What’s the Big Deal?

At no other point in the history of computing have we seen the ability to create and destroy the equivalent of an entire datacenter instantly or programmatically.

–Adrian SanabriaSenior Analyst451 Research

“

”


How is the Cloud Different?

9

Data Center Cloud

Computing Model

Ownership

Hardware

Architecture

Management

Security Responsibility

Auditing – Compliance

Centralized

IT Dept.

Slow – Static

Servers – Agents

Physical – Manual

100% Company

Annual – Quarterly

Distributed

Engineers / DevOps

Elastic – On Demand

Services – APIs

API – Programmatic

Shared with Provider

Continuous


Why Legacy Security Fails in the Cloud

Can’t keep up with changes

to Infrastructure

Manual, slow, and

unadaptive to dynamic

environments

Immediately out-of-date in high-velocityand DevOps

environments

Insiders can cause more harm faster so threats must be

detected in the console and at the API level

Legacy solutions too

slow and manual for

agile continuous deployment

environments

Hosts, instances, and VMs

becoming a smaller part

as IaaS services expand

Vulnerability Scans

Risk Assessme

nts

InsiderThreats

Audit &Complianc

eServersPenetratio

n Tests


DevOps and IT Sec – Diverging Needs

IT Sec

• Governance• Process• Auditability • Compliance• Risk Management

• Speed• Agility • Automation• Rapid Iteration • Continuous

Deployment

DevOps

Endless Possibilities:DevOps can create an infinite loop of release

and feedback


ESP Features

Security AutomationAutomated detection of

security, policy, and compliance violations for all

AWS accounts, services, and regions

Guided Incident ResponseDetailed step-by-step instructions for conducting rapid response and

remediation

Custom SignaturesCreate custom signatures to

enable enforcement of company specific policy and

compliance requirements

Audit & ComplianceDetailed logging of all security checks and

remediation simplifies the process of preparing compliance reports

Enterprise ManageabilitySupports SSO, MFA, SAML, and

Active Directory via LDAP.

RBAC and hierarchical role-based views ensure separation of duties.

Flexible Deployment SaaS or AMI-based appliance for on-premise deployment.


Now DevOps and Security Can Play Nicely

Agility, Security and ComplianceEveryone wins

DevOps can deliver as fast as they needSecurity intelligence at the same pace (or faster) than change is happening to cloud infrastructure

IT Security now operating proactivelyEng/Ops/DevOps iterate security events as if they were code bugs

The same, consistent, security and compliancestandards enforced organization wide


ESP gave us the capability to rapidly assess our security posture across our entire cloud footprint, all in a single pane of glass.

The Evident Security Platform deployed seamlessly in minutes,

providing us critical insights into our AWS security risks and vulnerabilities in near real-time.Evident.io provides InfoSec News the tools needed to secure ourAmazon infrastructure so we can report news, and not become news.We were flying blind without ESP - we had no idea how effectively our teams were using and implementing security across our large AWS infrastructure.

Large Media

Company

What Customers Are Saying…

“”“”

“ ”“”

Documents

Evident.io-Corp Overview