Frequently asked questions
- What is Fix Security?
Fix Security is a CSPM tool. Fix Security performs routine compliance checks against snapshots of your infrastructure, identifies misconfigurations, and provides recommendations and workflows to correct detected issues.
- What is CSPM, and why is it necessary?
Cloud Security Posture Management (CSPM) helps maintain the security, compliance, and operational efficiency of your cloud infrastructure. Security and compliance are a shared responsibility between cloud providers and their customers:
Security of the cloud: Cloud providers are responsible for the underlying network and infrastructure.
Security in the cloud: Customers are responsible for the data they store, access policies and regulatory compliance.
Adherence to security and compliance policies determines a company’s security posture, and it is the customer’s responsibility to perform the necessary checks. CSPM standardizes and automates these checks.
- How does Fix Security work?
Fix Security creates snapshots of your infrastructure’s resource inventory at regular intervals. The data collection process is comparable to an ELT pipeline, a widely recognized approach in cloud security referred to as “agentless scanning.”
Fix Collectors harvest configuration data for each individual resource via cloud provider APIs and send this data to Fix Core.
Fix Core stores metadata in a graph-based inventory and provides APIs to query and update the graph.
The graph contains a complete representation of all resources and their relationships. By combining security data with these connections, Fix Security identifies potential pathways to a security breach. This empowers security engineers to pinpoint critical risks in their infrastructure.
- What is included in a “snapshot” of my cloud?
A cloud snapshot is a complete representation of your cloud infrastructure that includes all components and configurations—compute instances, storage buckets, serverless functions, etc. Snapshots not only list resources, but also capture the relationships and connections between resources.
The significance of snapshots lies in their non-invasive nature when it comes to conducting security assessments. With snapshots, you avoid direct interactions with your live production environment, minimizing any potential disruptions.
- Which cloud providers are supported?
Fix Security currently only supports AWS, but we’re working on rolling out support for Kubernetes, Google Cloud, Azure, and DigitalOcean.
- How does Fix Security connect to my cloud?
Fix Security requires read-only API access to the cloud accounts you wish to monitor and secure.
Manually maintaining these permissions is a tedious task, so we provide a CloudFormation template that automatically creates a role with the required permissions and a trust that allows a specified AWS account to assume this role.
- How does Fix Security ensure the security and compliance of its systems?
Fix Security is currently undergoing SOC 2 and ISO/IEC 27001 certifications to demonstrate our commitment to security and compliance best practices.
- How does Fix Security protect my data?
Fix Security does not access the actual data stored on your storage volumes or buckets. Fix Security operates without an agent, only reading the configuration data of your cloud resources via cloud provider APIs. This approach allows Fix Security to scan for and identify security vulnerabilities and misconfigurations.
Fix Security also utilizes an isolation concept known as workspaces to organize and secure your data. When you create a Fix Security account, a workspace is created specifically for you. You have the option to invite others to join your workspace, but by default only the owner of a Fix Security workspace can view its data.
Additionally, Fix Security allocates a dedicated database for every workspace. Data pertaining to your workspace is stored in a database exclusively for your use, rather than being commingled in a shared database with other Fix Security customer data. This architecture not only segregates customer data (enhancing privacy), but also mitigates a range of security vulnerabilities associated with shared databases, such as SQL injection attacks.
- Can Fix Security run in my VPC or hybrid environment?
Yes! This is supported in our Enterprise plan. Please contact us via email at info@fix.security for details.
- What compliance checks are supported?
Fix Security currently supports the CIS AWS Benchmark (v1.5 & v2.0) and AWS Well-Architected Framework Security Pillar out-of-the-box. This benchmark provides a standardized set of controls to evaluate the security posture of AWS resources.
In addition, you can define custom checks and benchmarks—Fix Security offers the flexibility to tailor compliance assessments to your organization’s specific requirements.
We’re actively working on expanding our support for various frameworks and benchmarks. If there is a particular framework or benchmark you’d like us to prioritize on our roadmap, please don’t hesitate to reach out to us via email at info@fix.security.
- What cloud resources are supported?
Fix Security currently supports over 150 AWS resources, including the most popular AWS compute, storage, database, and network products: EC2, S3, RDS, and API Gateway.
- Is it possible to export the raw data collected by Fix Security?
Yes! We designed Fix Security with support for data export to various destinations, including S3, Postgres, and Snowflake. For details, get in touch with us via email at info@fix.security.
- What is the licensing for Fix Security?
Fix Security is licensed under the GNU AGPL v3. This open-source license ensures that the source code of Fix Security is freely available to the community.
The ability to access and inspect the source code is of particular importance for security engineers, as it allows for the software to be vetted for potential vulnerabilities and security flaws.
- My question isn’t listed above.
Email us at info@fix.security! We'll be more than happy to assist you.
Subscribe to our newsletter to get notified of new articles and updates.
We care about your data. Read our privacy policy.