New Attribution and Compliance Reporting Capabilities Now Available in® Cloud Security Platform

Private SaaS Offering Enables Government Entities to Run Evident Security Platform Within Their Secure Environments

Dublin, CA — November 16, 2016 - Finding and identifying insider threats and providing increased visibility of security in cloud infrastructure is becoming ever more important as organizations expand usage of Amazon AWS, Microsoft Azure and other public clouds. Today, announced the addition of new risk attribution and compliance features in the Evident Security Platform (ESP®) to address these challenges.

The new user attribution feature gives users an additional dimension of visibility into their ESP risk alerts by correlating to AWS CloudTrail data and letting individuals immediately see who, how, and where an alert was generated.

Risk User Attribution

  • ESP is the only platform that can provide a single-pane-of-glass view across all AWS accounts, services, and regions, and also provide risk user attribution, allowing security teams to respond more quickly and focus on higher value issues. With easy access to user attribution data, SecOps teams can now build scorecards to determine people within the organization who may need better training on security best practices.
  • Organizations can use this data to identify bad actors who may have breached the infrastructure or insider threats, and rapidly quarantine those threats.
  • When user attribution is immediately known, the cloud environment is vulnerable for less time, and SecOps has a Single Source of Truth about who's creating cloud infrastructure security risks.
  • “Until now, user attribution has been extremely difficult to determine and required users to scrub through logs and make difficult correlations to uncover when and how a risk was introduced into the cloud environment. When an organization’s infrastructure sees hundreds or even thousands of changes taking place in the cloud on a daily basis, identifying user attribution can be nearly impossible,” said CEO and Co-founder, Tim Prendergast. “Now, with user attribution, you can improve security skills across your team so every resource can now operate as well as your most skilled security resources.”

    The® compliance reporting feature provides organizations with complete security and continuous compliance monitoring for their entire AWS environment – all services, all regions, and all accounts -- and delivers a real-time compliance assessment with simple, one-button compliance reports. By using ESP for both security and compliance, organizations can benefit from economic efficiencies and timeliness, allowing individuals to focus on creating value rather than fixing a year’s worth of compliance debt.

    Continuous Compliance Reporting

  • With this announcement, the Compliance View for the CIS AWS Foundations Benchmark will be available for free to all ESP users. team members worked alongside representatives from Amazon Web Services, the Center for Internet Security (CIS) and others organizations to develop the first CIS AWS Foundations Benchmark, which was released earlier this year.
  • The benchmark was designed to provide organizations easy to follow implementation and assessment procedures for security best practices for AWS. By providing free access to the Compliance View, organizations around the world can achieve measurable security results.
  • Compliance Views for NIST 800-53, PCI-DSS 3.2, SOC-2 and HIPAA will be released by year-end.
  • “Regulations around encryption, data residency, access controls and other requirements remain as organizations move to the cloud,” said Adrian Sanabria, Senior Security Analyst with 451 Research. “While cloud service providers do their part to protect customers and comply with regulations, organizations often miss two very important things. First, organizations must understand where service provider responsibilities end and customer responsibilities begin. Second, in many cases the majority of compliance and regulatory maintenance, audit and reporting work can be completely automated – sadly, an opportunity most organizations overlook.”

    The company also announced a new private SaaS offering that enables regulated government entities and organizations concerned with data sovereignty to run ESP within their secure AWS environments.

    Private SaaS Offering

  • ESP will provide a unified view of infrastructure security and compliance that is imperative to government entities who are moving to the cloud but need to meet FISMA requirements.
  • This offering enables regulated government entities and other organizations to run ESP within their own environments.
  • It will be available on both the AWS Marketplace and the AWS Marketplace for the U.S. Intelligence Community.
  • “The tools available to organizations for cloud compliance assessment are inefficient or rely on manual processes,” said Justin Lundy, CTO and co-founder of “Using the continuous security monitoring data collected in the Evident Security Platform, our new Compliance Views eliminate the manual drudgery of compliance assessment. By clicking one button, organizations have a continual view of the state of compliance across their cloud infrastructure.”

    About is the pioneer and leader in security and compliance automation for public cloud. The Evident Security Platform (ESP) enables organizations of all sizes to proactively manage cloud security risk — minimizing attack surface and improving overall security posture, all from a single dashboard. ESP continuously monitors an organization’s entire AWS footprint, identifying and assessing security risks, providing security staff with expert remediation guidance, and enabling painless security auditing and compliance reporting. Built on Amazon Web Services APIs, ESP is agent-less and can be deployed to even the most complex environments in minutes. is a privately held company based in Dublin, CA and backed by Bain Capital Ventures, True Ventures and Venrock. For more information, please visit: is an AWS Advanced Technology Partner, has achieved AWS Security Competency, is a corporate member of the Cloud Security Alliance, and a participating organization of the PCI Security Services Council (SSC). and the logos are trademarks of, Inc. in the United States.

    *Other names and brands may be claimed as the property of others.

    Press contact:
    Kirsten Johnson
    Merritt Group