Palo Alto Networks Unveils Yor, the Most Awaited Open-Source Tool

Yor automates the time-consuming task of manually tagging cloud resources, assists security teams in tracing security flaws from code to cloud, and enables highly effective GitOps across all major cloud providers.

FREMONT, CA: Palo Alto Networks, the global cybersecurity leader, has released Yor, an open-source tool that automatically tags cloud resources within the infrastructure as code (IaC) frameworks Terraform, AWS CloudFormation, and Serverless Framework YAML. Yor automates the time-consuming task of manually tagging cloud resources, assists security teams in tracing security flaws from code to cloud, and enables highly effective GitOps across all major cloud providers.

"Effective infrastructure tagging is critical to tracking cost allocation, access control, operations, and of course security in the cloud," stated Barak Schoster, chief architect at Palo Alto Networks. "To date, this has been an all-too-manual process for developers, with each cloud provider and organization having different standards and naming conventions. By automating standardized tagging, Yor provides visibility and traceability from IaC configuration to cloud resources in production."

Organizations may use Yor to retrospectively assign ownership and other meaningful tags based on IaC and git history data to all infrastructure resources. Yor can also be integrated into the lifecycle of continuous integration and continuous delivery (CI/CD) for greater traceability when infrastructure is upgraded and established. Consistent tagging will allow you to easily trace any misconfigurations back to the original code owners and editors, decreasing the time it takes to repair.

Misconfigurations were among the major causes of breaches and outages, according to the Cloud Security Alliance's recent study, The State of Cloud Security Concerns, Challenges, and Incidents, as public cloud adoption increased over the last two years. If a security team discovers a misconfiguration, having tags for the developer owner simplifies triaging and allows the ticket to be automatically allocated to the correct developer. Yor's use cases go beyond security by making it easier to tag resources in order to manage expenditures in finance and planning.