Meet the Prowler Team at TechCrunch Disrupt 2024

Next week, Prowler will be at TechCrunch Disrupt 2024, participating in the Startup Battlefield 200. You’ll find us at booth O15 in the Security, Privacy, and Social Networking section of the Expo in Moscone West in San Francisco. For those in the Bay Area who are still deciding whether to attend, we’ve got a 50% discount on tickets please use this link to join us!

This is a great opportunity to meet Toni de la Fuente, the creator of Prowler and CEO. Toni’s expertise in cloud security and his commitment to open source make him the perfect person to discuss your cloud security needs. Whether you’re just getting started with securing your cloud environments or looking to scale your efforts across multi-cloud and Kubernetes setups, Toni will walk you through how Prowler’s approach simplifies cloud security, providing transparency and control every step of the way.

Come Visit Us at Booth O15

We’d love to connect with you in person. Drop by our booth to chat with our team, including our first Developer Relations hire, Matt Johnson. We’re looking forward to discussing how Prowler can support your cloud strategy and sharing our passion for building secure, scalable, and open cloud environments.

And of course, no booth visit is complete without some swag. Make sure to pick up our exclusive Prowler stickers and other goodies when you stop by.

We’ll See You at TechCrunch Disrupt!

We’re excited to be part of the community at TechCrunch Disrupt and look forward to engaging with attendees, whether you’re a seasoned pro or just starting your cloud journey. We hope to see you next week at booth O15!

Prowler Selected for Startup Battlefield 200 at TechCrunch Disrupt 2024

We’re excited to announce that Prowler has been chosen to participate in Startup Battlefield 200 at TechCrunch Disrupt 2024! Being part of this highly competitive group of 200 startups, selected from thousands of applicants, is a huge honor.

TechCrunch Disrupt, held from October 28-30 at Moscone West in San Francisco, is renowned for showcasing cutting-edge technologies and startups that push the boundaries of innovation. Past companies like Dropbox, Cloudflare, and Fitbit have all made their mark at Disrupt, and we’re excited to add Prowler to that list.

We’re challenging the cloud security industry’s reliance on closed, proprietary systems. As our Founder and CEO, Toni de la Fuente, puts it:

“We’re incredibly honored to be chosen as part of TechCrunch Disrupt’s Startup Battlefield 200. At Prowler, we’re not just building a company, we’re building a movement. We offer a real alternative to the status quo in cloud security—a space that has been dominated for far too long by closed, proprietary, black-box solutions. The true heroes in this industry, the practitioners, deserve tools that empower them with transparency, flexibility, and choice. This opportunity at TechCrunch Disrupt allows us to share our vision with the world and drive forward the future of open cloud security.”

About Startup Battlefield 200

TechCrunch’s Startup Battlefield 200 is the premier competition for startups across the globe, showcasing groundbreaking innovations across various industries, including AI, SaaS, security, and more. The chosen companies will receive training, access to private events, masterclasses, and investor networking opportunities.

About TechCrunch Disrupt

TechCrunch Disrupt is the leading platform for unveiling transformative startups and technologies. Every year, it gathers top entrepreneurs, investors, and innovators for interviews, product demos, networking, and the legendary Startup Battlefield competition.

Stay tuned for more updates as we prepare for TechCrunch Disrupt 2024!

Prowler Achieves SOC 2 Type 2 Compliance

At Prowler, security is more than just a priority—it’s a core value that shapes everything we do. We know that when it comes to managing your cloud environments, you need to trust that your data is handled with the utmost care. That’s why we’re excited to share some big news: Prowler is now SOC 2 Type 2 compliant.

What’s SOC 2 Type II Anyway?

If you’re not familiar, SOC 2 is a set of standards developed by the American Institute of Certified Public Accountants (AICPA). It’s all about making sure service providers (like us) manage your data securely.

SOC 2 Type I gives you a snapshot of how well we’ve designed our security processes. SOC 2 Type 2 takes it a step further, evaluating how effective those processes are over time. In other words, SOC 2 Type 2 isn’t just a one-time check—it’s an ongoing promise that we’re keeping your data secure, consistently.

Why This Matters to You

Getting SOC 2 Type 2 compliance isn’t just about ticking a box. It’s about giving you peace of mind. Here’s why it’s a big deal:

  • Proving We Walk the Walk: SOC 2 Type 2 is about more than just having the right policies on paper. It’s about showing that those policies work, day in and day out. You can trust that we’re not just saying we’re secure—we’re proving it.
  • Independent Validation: The process involves detailed third-party audits that dig deep into our practices. It’s a rigorous check, and passing it means our security measures aren’t just solid—they’re rock solid.
  • Building Trust: We know trust is earned, not given. Achieving SOC 2 Type 2 compliance is one way we’re working to earn yours. It’s our commitment to being transparent and reliable when it comes to handling your data.
Security Is What We Do

Our mission is to help organizations of all sizes stay compliant with a wide range of security standards and frameworks. Whether you’re working with CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC 2, GxP, the AWS Well-Architected Security framework, ENS, or more, Prowler has you covered.

But we don’t just stop at helping you meet these standards. We’re here to guide you through the complexities of compliance, making it as seamless as possible. Here’s how:

  • Comprehensive Framework Support: Prowler offers built-in support for a wide range of security frameworks. This means you can easily map your cloud security practices to the specific compliance requirements that matter most to your organization. Whether you need to align with multiple frameworks or focus on a particular one, Prowler provides the tools to help you stay compliant across the board.
  • Customizable Compliance Reports: With Prowler, you can generate detailed compliance reports that are tailored to your needs. These reports help you see where you stand, identify any gaps, and provide the documentation you need for internal audits or regulatory reviews.
  • Community and Collaboration: We believe in the power of open source and community-driven innovation. That’s why we actively engage with our community to share best practices, provide support, and collaborate on new features. Our community isn’t just a group of users—it’s a network of like-minded professionals who are passionate about security and compliance. Together, we’re building stronger, more secure cloud environments for everyone.
  • Ongoing Updates and Improvements: Compliance isn’t static. As regulations evolve and new standards emerge, Prowler continuously updates its tools and resources to keep you ahead of the curve. Our commitment to continuous improvement means you can rely on us to help you stay compliant, no matter how the landscape changes.
How We Got Here: With a Little Help from Our Friends

Getting to SOC 2 Type 2 compliance was no small feat. It took a lot of hard work, and we didn’t do it alone. We partnered with Insight Assurance. and they confirmed our alignment with the stringent requirements of SOC 2 Type 2, bolstering our data security practices and enhancing trust with our stakeholders.

Here’s how it all came together:

  1. Continuous Improvement: Since we achieved SOC 2 Type I compliance, we’ve been busy refining our security processes. We’re always looking for ways to do better, and this milestone is proof of that commitment.
  2. Collaborative Effort: Our team—alongside Insight Assurance—worked to ensure everything was in place. From engineering to operations, it was a cross-functional effort that brought us to where we are today.
  3. Third-Party Audits: We didn’t just self-assess; we brought in independent auditors to take a close look at how we operate. Their detailed review confirmed that our controls weren’t just set up correctly—they were actually working effectively over time.
  4. Transparency: Throughout the process, we documented everything. This wasn’t just about passing an audit; it was about ensuring that our practices are transparent and well-documented, so you know exactly what you’re getting with Prowler.
What’s Next?

Achieving SOC 2 Type 2 compliance is a huge win, but we’re not stopping here. Security is a continuous journey, and we’re committed to staying ahead of the curve. We’ll keep refining our processes, staying vigilant, and doing everything we can to protect your data. To learn more you can visit our trust center: https://trust.prowler.com

This achievement is just one of many steps we’re taking to ensure Prowler is a name you can continue to trust.

Scanner updated to Prowler 3.11.0 with new features

New features to highlight in this version:

🏷️ STS V2 Tokens (this will be in the SaaS immediately, so more regions may appear with findings)

  • Now Prowler will call Regional AWS STS endpoints to get session tokens valid in all AWS Regions.

See more in https://docs.prowler.cloud/en/latest/tutorials/aws/role-assumption/#sts-endpoint-region

New 9 checks for AWS! (this will be in the SaaS immediately, so more findings may appear)

  • New Account check account_maintain_different_contact_details_to_security_billing_and_operations
  • New CloudTrail check cloudtrail_multi_region_enabled_logging_management_events
  • New EC2 DataLifecycle Manager service and check dlm_ebs_snapshot_lifecycle_policy_exists
  • New EC2 EBS check ec2_ebs_volume_snapshots_exists
  • New DocumentDB service and check documentdb_instance_storage_encrypted
  • New Support check trustedadvisor_premium_support_plan_subscribed
  • New Neptune service and check neptune_uses_a_public_subnet
  • New Elasticache service and check elasticache_using_public_subnets
  • New IAM check iam_use_temporary_credentials

🔎 Ignore Findings from services not in actual use (this will be a roll out in the SaaS over the next weeks)

  • Prowler now allows you to ignore unused services findings, so you can reduce the number of findings in Prowler’s reports.
    prowler <provider> --ignore-unused-services

See more in https://docs.prowler.cloud/en/latest/tutorials/ignore-unused-services/

⚙️ New AWS Allowlist including AWS Control Tower resources (this will be nn the SaaS as a UI feature in a month)

  • New allowlist file that ensures that applies to all resources created by AWS Control Tower when setting up a landing zone:
    prowler aws --allowlist prowler/config/aws_allowlist.yaml

See more in https://docs.prowler.cloud/en/latest/tutorials/allowlist/#default-aws-allowlist

More details here https://github.com/prowler-cloud/prowler/releases/tag/3.11.0

Multi-account and Multi-user supported

ProwlerPro now supports multiple accounts, you can add as many accounts as you need and multiple users as administrator or user.

New checks and engine updated to v3.4

ProwlerPro is now using Prowler Open Source as scanner engine v3.4 and new checks are added.

New services covered like Organizations best practices, SSM Incidents, Resource Explorer, Backup, additional checks for CloudTrail, ECR scan on push check updated, GuardDuty, VPC best practices, IAM. Now iam_policy_no_administrative_privileges has been renamed to iam_customer_unattached_policy_no_administrative_privileges and the following new important IAM checks:

  • iam_aws_attached_policy_no_administrative_privileges: Ensure IAM AWS-Managed policies that allow full “:” administrative privileges are not attached – iam [high]
  • iam_customer_attached_policy_no_administrative_privileges: Ensure IAM Customer-Managed policies that allow full “:” administrative privileges are not attached – iam [high]
  • iam_customer_unattached_policy_no_administrative_privileges: Ensure IAM policies that allow full “:” administrative privileges are not created – iam [low]

ProwlerPro Updates


I am thrilled to announce that ProwlerPro is now a member of the Amazon Web Services (AWS) Amazon Partner Network (APN)! As one of the most trusted and downloaded cloud security platforms out there, this is a big deal for us.

This certification validates ProwlerPro as the most comprehensive and easy-to-use platform for AWS security. As part of this exciting development, we have also launched multi-account support for unlimited AWS accounts, adding to our already industry-leading suite of security features.

With support for multiple AWS accounts, security professionals can now seamlessly work across their entire AWS environment, ensuring greater visibility and control over their cloud deployment. This enterprise-grade feature automates the job of discovering, analyzing, and understanding the security posture of an entire cloud deployment across security assessment, incident responses, hardening and penetration testing automated checks.

What This Means for You

That’s the full implementation of ProwlerPro which includes easy set-up; a holistic view of your infrastructure for any AWS region; dashboards with actionable, direct insights for every level of your security posture; answers in minutes; and now, support for multiple AWS account scans!

What are resources?

Many people have asked what we mean by resources. ProwlerPro runs checks against your infrastructure. Those checks look for misconfigurations, security bad practices, etc. in your cloud resources (a cloud resource is a virtual machine, a security group, a bucket, a storage volume, etc). Each resource gets scanned in different ways by ProwlerPro every day, so we charge based on the number of resources.

With ProwlerPro you can: 

  • Sign up and try it free for 15 days
  • Make an account in just a few minutes
  • Scan up to 10,000 resources for free
  • See your results in dashboards with actionable, direct insights for every level of detail of your security posture
  • Get a holistic view of your infrastructure for any AWS region
  • Get answers in minutes
  • And now, scan multiple AWS accounts!

As the creator of Prowler Open Source, my goal has always been to give cloud security professionals the tools they need to ensure their systems remain secure and reliable, with all threats detected and traced in an easy-to-understand, streamlined solution. Our acceptance into the AWS Amazon Partner Program is an endorsement of the work we’ve done to date, and it will allow us to offer more features, products, and community services that enhance what was already a best-in-class product on the market.

The APN is a global community of AWS Partners that leverage programs, expertise, and resources to build, market, and sell customer offerings. As an APN member, ProwlerPro joins a global network of 100,000 Partners from more than 150 countries working with AWS to provide innovative solutions, solve technical challenges, win deals, and deliver value to mutual customers.

I invite you to see for yourself by signing up for your free trial. Once you’ve signed up we welcome you to join our ProwlerPro Slack.

We are honored to be a part of this community and excited to bring security to more cloud environments every day. Thanks for your continued support, and here’s to more exciting updates from ProwlerPro in the future!

Cheers,

Toni de la Fuente
Lead of ProwlerPro and Creator of Prowler Open Source


Make AWS Security Easy

ProwlerPro is the most comprehensive CSPM solution for Amazon Web Services (AWS). Start your free trial today.

Toni de la Fuente

Founder of Prowler Open Source & Lead of Prowler Pro

I’m founder of Prowler Open Source, tool for AWS security best practices. I also worked for AWS as security engineer and security consultant. I’m passionate about FLOSS (Free Libre Open Source Software) in general and Information Security, Incident Response and Digital Forensics in particular. I like everything related to cloud computing and automation. I have done some things for security and the Open Source community like Prowler, phpRADmin, Nagios plugin for Alfresco, Alfresco BART (backup tool). I’ve also contributed in books and courses related to Linux, Monitoring and AWS Security for PacktPublishing.

Scan Complete Notifications Updated

We’ve updated the ProwlerPro scan complete notification to include a summary of the audit findings. This gives users a quick ‘at-a-glance’ summary of how their systems are operating, which can easily be shared with other teams if escalation is needed.

To enable the scan complete e-mail notifications, go to https://app.prowler.pro/app/settings and click the Send email as scans are completed checkbox.

For the latest ProwlerPro info, or to connect with other Prowler users, please join our Slack community https://prowler-workspace.slack.com