It’s been a busy 2022 at Turbot. We launched Turbot Quick Actions, support for new compliance frameworks, added support for new cloud services, and hundreds of new policies and controls. We ended the year with over 250 updates to Turbot Mods, and over 35 releases of Turbot Enterprise (TE stack). In addition to all the great work we accomplished on Turbot in 2022, we also had a lot to celebrate with our open source project Steampipe.
We’re constantly iterating on Turbot based on your voice of customer feedback and while we’re excited to bring you even more innovation in 2023, it’s worth reflecting on all of the new capabilities and use cases that have been unlocked over the last 12 months.
Here are some of the highlights over the year.
Quick Actions
Our customers love using Turbot automation to find and fix problems in real-time across hundreds of cloud service accounts. However, there are many situations where the cloud team wants to quickly take a specific one-time action on a resource while remaining in the context of their multi-cloud compliance dashboard.
Quick Actions enable DevOps engineers to instantly remediate cloud configuration issues (e.g. enable encryption on a resource), snooze compliance alarms, or take operational actions (e.g. tag a resource, start/stop an instance) from the Turbot Compliance Dashboard.
Cloud Compliance Frameworks
Customers often map Turbot controls to their own Governance Risk Compliance (GRC) tools, and use the resulting evidence to prove continuous adherence to internal controls or external standards. Throughout the year we started to port over control frameworks from Steampipe into Turbot. Along with AWS, Azure & GCP CIS benchmarks already supported by Turbot, this year we added support Payment Card Industry Data Security Standard (PCI DSS), Health Insurance Portability and Accountability (HIPAA), and NIST 800-53 controls.
Custom Approved Controls
The Approved guardrail checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, an alarm is raised and takes the defined enforcement action (e.g. stops the resource, deletes the resource, etc).
Custom checks were added to be part of the Approved control evaluation, and allow for custom messages to be added which are then displayed in the control details table.
This provides a middle ground to customers who need more flexibility to define their own control logic with custom messaging without requiring a Custom Mod or a Turbot mod to extend the feature.
New & Improved Turbot
Performance & scale:
Made significant performance improvements on the database infrastructure through use of Graviton instance types and GP3 storage.
Optimized indexes for increased UI performance.
Targeted performance improvements for resource activity views, mod uploads, user grants deletion and the permissions detail views.
Added an events priority queue for actions initiated via the UI, that allows these actions to take precedence over the cloud event backlog.
Added log warnings when a query is using fuzzy matching, to alert users to poor performing queries.
New improvements:
Improved the state reasons and details in control messages.
Added v5 support for IAM user mode.
Added v5 support for LDAP integrations.
New capabilities - we are very proud to have the broadest coverage of any CSPM tool on the market.
Turbot now supports 734 resource types, 3,988 control types and 9,313 policy types (22% increase over 2021).
79 updated and 10 new mods in 2022.
New compliance mods included: Azure CIS v1.2, AWS HIPAA, AWS PCI v3.2.1, AWS NIST 800-53.
Our customers continue to do amazing things
The thing that got our team most excited in 2022 was seeing our customers do super cool stuff with Turbot. Here are a few interesting automation use cases we saw in 2022:
Using Turbot to discover and remove 600,000 unneeded EBS snapshots.
Using a custom Service Now workflow to feed project cost center information into Turbot that was used to tag cloud resources.
Using AWS > IAM > Role > Approved custom calculated policy to allow use of GitHub Actions only from specific GitHub repos owned by the organization.
Pulling account tagging metadata from AWS organizations to tag all resources in an account with the same cost center metadata.
Restricting cross-account bucket access to specific OU’s in an organization by using Turbot to automatically set bucket policy restrictions using `aws:PrincipalOrgPaths` condition keys.
Using Turbot Firehose to get a real-time streaming view of multi-cloud resource change over time.
Using Turbot’s RBAC to manage time-based access to raw data at the AWS level for 600+ researchers.
Off to the races in 2023
We have some exciting new features that are just around the corner and look forward to showing them off soon. Thanks to all who used and supported Turbot & Steampipe in 2022. Your engagement fuels our passion to keep innovating, and will continue to inspire us in 2023!