It’s been a momentous 2023 for us here at Mondoo. To grasp the scale of everything new we’ve shipped, let’s take a walk through a winter wonderland of features and improvements. Because we release a new version of Mondoo every week, we’ve shipped 52 releases this year, including 2 major releases.
Gift-wrapped in those 52 releases were 124 all-new features and 158 improvements. We also managed to crank out 240 new MQL resources for inspecting your infrastructure. That means now you can retrieve 50% more asset information than in 2022.
Lastly, because content is king, we added 38 all-new CIS and BSI policies and updated each of the existing 176 out-of-the-box security and compliance policies with new queries and guidance.
This year has been more than just big statistics, though. Out of all the changes we made, there are some themes worth highlighting.
Securing your complete infrastructure
Multicloud? No problem.
This year we expanded Mondoo’s scanning capabilities to include all major cloud services. In addition to our existing AWS support, Mondoo now includes continuous hosted scanning of Microsoft Azure, Google Cloud, and Oracle Cloud Infrastructure (OCI).
These new integrations require no client installations or modifications to your infrastructure. Just answer a few questions in our integration setup pages, and you receive continuous scan results. To power these new integrations, we've shipped dozens of new MQL resources so you can dive into all the different services these clouds offer—and even write custom security policies to meet your unique needs. We also shipped all the latest CIS policies for each cloud, which have gone through CIS’s rigorous certification process.
We haven’t forgotten Amazon, though, our longtime friend. We’ve been busy expanding the capabilities of our existing Lambda-function-based AWS integration. This year we:
- Shipped a major refactor that enables the integration to scan even the most gigantic cloud accounts
- Introduced automatic scanning of Amazon Elastic Container Registry (ECR) and Elastic
- Container Service (ECS)
- Built resources for scanning Web Application Firewalls (WAF), CloudFront distributions, and Systems Manager (SSM) instances
- Added hundreds of new fields that make every AWS MQL resource even more powerful
- Made live instance scanning more robust with support for SSM and EC2 Instance Connect when SSH/WinRM aren’t possible
Security beyond just cloud and servers
Your infrastructure isn't limited to servers and cloud assets, so this year we expanded Mondoo’s scanning capabilities to cover top SaaS platforms. Now you can secure your communications and source code with new platform integrations and CIS policies for:
- Google Workspace
- Microsoft 365
Pull in the last extra data with new integrations to scan domains and IP addresses for TLS/SSL and HTTP header security, plus our first (but certainly not last) integration for scanning IoT devices: PLCnext! So this year you can secure Santa’s workshop with Mondoo.
What good are security and compliance scans if you can’t understand the results? We’ve expanded our asset inventory capabilities to make it easier to find and understand assets scanned by Mondoo. Now when critical issues are revealed, you can respond with immediate, informed actions.
Search for assets across your organization with Mondoo's new global search. Find assets using a simple name search or dive deeper; our GitHub-inspired search syntax makes building complex searches a breeze. For example, you can return all Windows assets with the AWS tag “production” or pull up Kubernetes workloads in the “super_secret_project” namespace.
Once you’ve found your assets, Mondoo ensures you have the context you need to act quickly. New data on each asset gives you critical information so you can understand what’s being scanned and where you need to go to remediate problems. Cloud console links even let you jump directly onto the affected resource in the console.
Explore extraordinary detail with our new asset resource explorer and data queries on assets. Apply new built-in asset inventory query packs for major operating systems and clouds to browse critical information on your systems directly in the Mondoo Console. Need custom information? Write your own query packs by choosing from hundreds of MQL resources.
To learn more about our our latest asset inventory capabilities, read Eliminating Mystery from Your Complex Infrastructure.
Struggling with the explosion of compliance requirements? You’re not alone. It’s no longer enough to achieve one-time compliance on paper and relax until your next audit period. That’s why, this year, Mondoo released our Compliance Hub solution, bringing the power of our cnquery/cnspec engines to the world of regulatory compliance.
Mondoo already digitally monitors your organization's critical security practices. Compliance Hub maps these CIS security checks to top compliance frameworks like SOC 2 Type 2, ISO 270001, HIPAA, and PCI. Combine these out-of-the-box CIS checks with additional framework-specific security checks and data queries, and you’re on your way to continuous compliance.
Need additional time or have compensating controls? Our new exceptions feature brings control and visibility to how checks run across the whole of Mondoo’s platform. Set exceptions for a specific time period or disable a check forever; it’s up to you. With approvals, audit trails, and descriptions, your team and your auditor always have the information they need to understand why exceptions are in place.
Once you have your compliance results in tip-top shape, export the results as a PDF. Report results for an entire framework or individual controls. Upload to GRC systems or other solutions used by your auditor.
To learn more about Compliance Hub, read Simplifying Compliance: Introducing the Mondoo Compliance Hub.
Taking security to the source
What’s better than exposing security issues in production? How about preventing them from ever reaching production in the first place? In 2023 we shipped powerful features to discover and scan IaC files, so you can trace security problems back to their source and stop them before they expose your infrastructure to attackers.
With new MQL resources for Terraform, you can validate the security of the TF files that build out your critical infrastructure before they ever make it to production. Set up CI pipelines using Mondoo’s extensive set of CI integrations, or use new TF file discovery in SCM repos to find files no matter where they’re hiding.
Use new variant policy capabilities to apply your business’s security guidelines equally to production assets and Terraform configuration files. For example, there's no need to write separate policies, or even separate checks, to enforce requirements such as “Ensure EBS Volume Encryption is Enabled in All Regions” throughout your entire development cycle. From developer workstations all the way to production assets, one check in one policy monitors EBS volume encryption.
To learn more about full lifecycle security using variants, read Super-Charge Okta Security with Terraform and Mondoo.
Security results you want to view
At Mondoo, we pride ourselves on not just scanning your complete infrastructure, but also presenting it in a way that is understandable and visually appealing. After all, who doesn’t like a nice UI? In 2023, we overhauled our console with changes to every part of the experience so that you can quickly understand your security posture and take action.
Find what you need quickly
The Mondoo Console's new side navigation and page structures prioritize top concerns, allowing you to quickly dive into your inventory, compliance, security, and vulnerabilities. New pages for security advisories and CVEs let you quickly understand the risks from outdated packages on your servers, workstations, and containers.
Insight at a glance
New dashboards give you quick answers to your most pressing security questions. A new organization dashboard lets you see the security of all your spaces over time. It exposes top vulnerabilities, misconfigurations, and end-of-life systems.
We’ve also added dashboards for security and vulnerabilities within each space so you can quickly identify the biggest gaps and threats.
Assets, policies, and more
There truly are too many new features in the console to mention, from our new impact scoring graphics to the security registry, from expanded CVE views to new inventory filters. Every page of the console has received a complete makeover, all so that you can get the information you need quickly and clearly.
It’s your data. Use it as you see fit.
At Mondoo, we see no need to lock your data into our platform. In fact, we think the power of our platform is only multiplied when you integrate our security findings into the SIEM or data warehousing solutions you already use. This year we added extensive data export capabilities to our platform so you can continuously export data to BigQuery, Snowflake, PostgreSQL, or cloud storage systems where that data can be ingested by other services.
This year we released two major new versions of Mondoo. We don't want to downplay the importance of version 8, but if we have to pick our favorite child, it’s definitely version 9! Mondoo 9.0 was nearly a ground-up rewrite of our cnquery and cnspec CLI tools, incorporating everything we’ve learned since we launched Mondoo.
We redesigned our existing monolithic scanning engine into a new provider-plugin-based system. This allowed us to reduce the install size of cnspec and cnquery by 90% each! It also makes our open-source tools the ideal solution for containers, Wasm and IoT use-cases where only the base providers are required.
Need to scan everything from your local system to a Slack team? Don’t worry, providers install automatically without any user interaction. Even better, they now update themselves at scan time so you always have the latest scanning capabilities, MQL resources, and bug fixes. Spend your time worrying about security and compliance and less time managing versions.
Lastly, we redesigned how providers are structured to make it easier to contribute to Mondoo-developed providers or write your own. It's become so easy to extend providers and resources that even this product manager without any Golang experience has been able to add dozens of new fields.
Still scared of Golang? Because providers are just binaries that cnquery and cnspec call, you can write providers in any language with which you feel comfortable, from Ruby to Python to Rust. Just return data in the expected format, and you’re set.
To learn more about the provider changes in Mondoo 9.0, read Unleashing the Power of Provider Plugins.
It's been a wild 2023. Stay tuned for next year!
Mondoo shipped so many noteworthy features and improvements in 2023 that this post describes just the tip of the iceberg. Dive into our full release notes to see everything new in each of our 52 different releases.
Just imagine what we can do in 2024! We're already at work developing new capabilities to solve more of your security, inventory, and compliance challenges. In the coming year, we'll give you even more tools you need to keep your infrastructure secure and compliant.