We are excited to announce our investment in Prowler, an open cloud security platform that breaks from the traditional “black-box” model by offering an easy-to-use, adaptable, and community-driven approach to the complex challenge of cloud security. Hundreds of thousands of companies have embraced the cloud, with billions spent on largely proprietary “one size fits all'' security solutions that have created alert fatigue and far too much noise. After 15 years, cloud security remains an unsolved problem and requires a new and fresh approach to help customers take control without making compromises. With over 6 million downloads and hundreds of contributors from companies large and small, Prowler has quietly become one of the most widely used open cloud security platforms due to its ability to make security posture actionable and specific to the unique demands of a customer's environment. This approach brings the same agility and adaptability seen in cloud engineering for the first time to cloud security.
Prowler was originally created by Toni de la Fuente who joined with Casey Rosenthal to found a new startup to democratize access to cloud security. We spoke with them about their vision for the open cloud security movement in our founder Q&A:
Though we grew up on different continents, we both had similar experiences in life and were lucky to discover computers at an early age. We relied on our entrepreneurial skills throughout our formative / college years, and are grateful for the internet and the open source community as we couldn't afford expensive proprietary software to do our jobs. The Prowler story is really a combination of two powerful concepts from our prior lives as founders that deeply resonate with our customers today. Casey was one of the founding fathers of “Chaos Engineering” and had established industry best practices for accelerating the speed at which engineering teams could respond to incidents. Toni was one of the most prolific security researchers and had open sourced Prowler back in 2016 after realizing how difficult it was for AWS customers to secure their ever changing cloud environments. We both felt something wasn’t quite right in how vendors had approached cloud security, and we set out to combine the best practices of “Resilience Engineering” and “Security Engineering” through an open platform that gave customers the ability to implement detections as code. Prowler now makes it possible for security to be engineered into the cloud - not bolted on after the fact. This is a fundamentally different approach that breaks from traditional vendors.
The cloud is very mature, but cloud security hasn’t kept pace. Many companies have tried to implement some type of proprietary solution through the years, but if you ask customers whether they have the problem solved, they will all admit that they have too many “noisy” alerts and can’t really make cloud security actionable. How did we get here? Looking back, most cybersecurity vendors have looked at cloud the same way they have looked at other platforms like desktops, servers, or mobile devices. They tried to build “one size fits all” solutions that monitor, detect, and analyze what is going on inside of your cloud, and try to tell you what is good, bad, or ugly. In retrospect this is the biggest assumption the industry got wrong - there is no way to solve cloud security with a “one size fits all” approach. Corporate networks are static but cloud infrastructure is dynamic and ephemeral - every single environment is a rapidly growing and ever changing “snowflake” and this problem has only gotten worse over time. It is hard enough for DevOps teams to keep up with how quickly application infrastructure changes - was it ever realistic to expect a security vendor to do the same?
Prowler started years ago and has always been popular, but its growth really accelerated over the past several quarters. We found that in spite of customers buying proprietary solutions from other vendors, they were deploying Prowler to complement or replace these tools. Born out of frustration in a noisy ecosystem, customers want to now take control into their own hands. They are using Prowler to write their own rules, share them openly, and deploy them as detections as code into their GitOps environments. Across thousands of customers, we now have the largest community contributed library of detections for any cloud environment. We are widely deployed in some of the most demanding environments including Salesforce, Tesla, and Datadog, and AWS itself has built a center of excellence around our solution and uses us throughout their security consultancy. Ultimately our customers now have the freedom to choose: they can select from the widest set of best-of-breed rules, while also easily writing new ones that are highly customized to their needs. Our community-driven approach has made it possible to provide more control and coverage than what was previously available, and has been deeply appreciated by our customers.
Security insights and fixes are like vaccines - they should be shared with everyone and not be bottled up only for those who can afford them. Cloud security vendors in many ways have been the bottleneck for getting security insights to customers, often keeping their secrets behind expensive licenses and never opening the black box for customers. This doesn’t always seem right - if we know how to detect and fix a problem, shouldn’t that information be shared with everyone? The truth is that there are more security engineers in customer environments than there are in vendor environments, and this trend will only continue going forward. Prowler is excited to empower this community and enable everyone to join forces to create a rapidly adaptable and collaborative defense. We know this is the future of our industry, and hope you will all join our movement!