Cloud risk resolution platform startup ZEST Security Inc. today announced the addition of Amazon Web Services Service Control Policies as part of its exposure resolution offering to allow security teams to proactively block attacker activity.

ZEST claims the new integration is a first, saying that until now, no solution has fully operationalized SCPs as a mitigation pathway within a broader cloud vulnerability and exposure management program. ZEST Security turns SCPs into an active defense that security teams can instantly enforce to reduce cloud exposure.

AWS SCPs are a type of organization-wide policy in AWS that defines the maximum available permissions for accounts within an AWS organization. SCPs allow administrators to restrict or govern access to AWS services and actions, ensuring accounts only perform approved operations, regardless of the permissions granted in individual identity access management roles or users.

ZEST Security’s mitigation pathways, now including AWS SCPs, offer a fast and reliable way to mitigate exposure, prevent exploitation and disrupt attacks at every stage, without waiting for patches, code changes or other teams to deliver full remediation.

The integration mobilizes SCPs as a mitigation pathway to allow security teams to block common and advanced attack techniques by controlling access to sensitive resources, encryption settings and public exposure. Doing so reduces the risk of exploitation and helps prevent key attack stages such as reconnaissance, privilege escalation, and data encryption.

The ZEST platform leverages artificial intelligence agents to map vulnerabilities and misconfigurations identified by cloud security posture management and vulnerability management solutions to remediation and mitigation pathways. ZEST’s resolution engine then analyzes all available options including code and infrastructure as code fixes, patches, upgrades, policies and cloud guardrails to identify the most direct and impactful path to reduce cloud exposure at scale, even in scenarios when remediation isn’t immediately possible.

The company says that though the SCPs represent its latest mitigation pathway, the company also provides a broader mitigation offering. It mobilizes other controls and services such as web application firewalls, virtual private cloud and GuardDuty to harden configurations, enforce stricter policies and create customized protection rules when code changes or upgrades aren’t possible.

ZEST Security is a venture capital-backed startup that has raised a single round of $5 million in July 2024. Investors in the company include Hanaco Venture Capital Ltd. and Silvertech Ventures LP.

Image: ZEST Security