Looks interesting, and I'll be diving into it a bit deeper, but I just wanted to mention that this quote:
"even non-experts can guarantee the security of their cloud environments"
Even though I understand that this is part of a marketing blurb, not a literal guarantee, it was an immediate yellow-flag for me. No tool can possibly guarantee the security of my cloud environment, so please don't imply/say your tool can. It reminds me of shady VPN companies guaranteeing my security by providing me with "military-grade encryption".
To be abundantly clear, I am not saying that this product is shady or anything -- I have not had the time to evaluate it in the depth needed -- but statements like that make the rest of the pitch an uphill battle. For me, at least.
we provide yaml predefined rules based on CIS benchmark. We will try to upgrade public rules offer to upgrade the security of your cloud environment.
maybe this is too much marketing to explain we can check all settings we want in all cloud providers.
All the parameters of cloud providers are json like so you can check it different operators and mix them.
again we'll be available on slack to discuss further.
I have the same concerns on this language but I’m wondering if there might be a slight language barrier issue if English isn’t their first language. They may have meant to use a word like “certify” which I could see translating to “guarantee”. (Pure conjecture based on the fact it sounds like they’re France-based)
FYI seems like multiple typos in the GitHub description that shows at the top (not in the readme)
Quoting it here:
> Kexa's simple rules (Open Source) make it easy to monitoring and manage alerting of your entire cloud. With various monitoring and alerting options, instant and detailed alerts, easy-to-deploy and low in infrastructure costs, in turns complexity into simplicity.
I’m always a fan of automated compliance and vulnerability management tooling - looking forward to giving this a spin at some point.
One bit of UX feedback: your “Offers” page isn’t rendering correctly on my iPhone (14 Pro) device. The text isn’t wrapping, graphics don’t seem to be scaling, and the columns are misaligned.
Once the current network rebuild is done, I’m looking forward to rolling this and Wazuh to try out both.
thanks ! yes it's a mouse looking everywhere :-) ( small, cheap, fast )
see more articles how to use kexa on medium ( kexa ):
https://medium.com/@contact_52772
In kexa policies all cloud properties are json like and mixeable.
we can add all addon possible as we use typescript.
kexa is based on cloud sdk so properties have same name as cloud provider.
Your can easily add addon in typescript in kexa.
If you'r wallmart you can create an addon for your on premise cash service mix with your backend in cloud provider and create visualisation in grafana.
you can output to webhook , database and ollama (llm) maybe further ?
We have to look and study this solution but maybe.
We can define in a yaml a set of rules for a project and verify that no changes has been made cross platform with a cicd, docker, kub, script for compliance.
we can discuss further on slack if you want.
Vanta handles/automates(ish) the compliance process for actual regulatory frameworks/programs (SOC2, ISO27001, GDPR, etc). From looking at their site/repo for Kexa, they don't have anything specific to this type of compliance.
In theory you could use Kexa to set up rules to help you achieve compliance, but you'd still need a Vanta or something else to help you understand if you're actually compliant with a given framework.
Looks interesting, and I'll be diving into it a bit deeper, but I just wanted to mention that this quote:
"even non-experts can guarantee the security of their cloud environments"
Even though I understand that this is part of a marketing blurb, not a literal guarantee, it was an immediate yellow-flag for me. No tool can possibly guarantee the security of my cloud environment, so please don't imply/say your tool can. It reminds me of shady VPN companies guaranteeing my security by providing me with "military-grade encryption".
To be abundantly clear, I am not saying that this product is shady or anything -- I have not had the time to evaluate it in the depth needed -- but statements like that make the rest of the pitch an uphill battle. For me, at least.
we provide yaml predefined rules based on CIS benchmark. We will try to upgrade public rules offer to upgrade the security of your cloud environment. maybe this is too much marketing to explain we can check all settings we want in all cloud providers. All the parameters of cloud providers are json like so you can check it different operators and mix them. again we'll be available on slack to discuss further.
You're not even responding to the points raised. You're doubling down on the wrong answer.
I have the same concerns on this language but I’m wondering if there might be a slight language barrier issue if English isn’t their first language. They may have meant to use a word like “certify” which I could see translating to “guarantee”. (Pure conjecture based on the fact it sounds like they’re France-based)
FYI seems like multiple typos in the GitHub description that shows at the top (not in the readme)
Quoting it here:
> Kexa's simple rules (Open Source) make it easy to monitoring and manage alerting of your entire cloud. With various monitoring and alerting options, instant and detailed alerts, easy-to-deploy and low in infrastructure costs, in turns complexity into simplicity.
I’m always a fan of automated compliance and vulnerability management tooling - looking forward to giving this a spin at some point.
One bit of UX feedback: your “Offers” page isn’t rendering correctly on my iPhone (14 Pro) device. The text isn’t wrapping, graphics don’t seem to be scaling, and the columns are misaligned.
Once the current network rebuild is done, I’m looking forward to rolling this and Wazuh to try out both.
An admittedly superficial comment: what is your logo supposed to be? A mouse? Reminds me of that famous young/old optical illusion: https://www.braingle.com/brainteasers/26745/old-or-young-wom...
Great job on the tool, by the way. Anything to improve the security posture of companies is a good thing!
thanks ! yes it's a mouse looking everywhere :-) ( small, cheap, fast ) see more articles how to use kexa on medium ( kexa ): https://medium.com/@contact_52772
Can you give a brief explanation of the benefits of your policy engine over using cloud custodian?
In kexa policies all cloud properties are json like and mixeable. we can add all addon possible as we use typescript. kexa is based on cloud sdk so properties have same name as cloud provider. Your can easily add addon in typescript in kexa. If you'r wallmart you can create an addon for your on premise cash service mix with your backend in cloud provider and create visualisation in grafana. you can output to webhook , database and ollama (llm) maybe further ?
this kinda stuff is right up my alley, love when folks make it easier to cut through all the security noise
Does this work without your SaaS component? Can I run it air-gapped?
Wow, very cool. Would this replace a Vanta or complement it?
We have to look and study this solution but maybe. We can define in a yaml a set of rules for a project and verify that no changes has been made cross platform with a cicd, docker, kub, script for compliance. we can discuss further on slack if you want.
At best it would compliment Vanta.
Vanta handles/automates(ish) the compliance process for actual regulatory frameworks/programs (SOC2, ISO27001, GDPR, etc). From looking at their site/repo for Kexa, they don't have anything specific to this type of compliance.
In theory you could use Kexa to set up rules to help you achieve compliance, but you'd still need a Vanta or something else to help you understand if you're actually compliant with a given framework.