Risky Business Podcast Summary
Episode: Risky Biz Soap Box: Prowler, the Open Cloud Security Platform
Host: Patrick Gray
Guest: Tony De la Fuente, Founder of Prowler
Release Date: July 14, 2025
Introduction
In this special Soapbox edition of the Risky Business podcast, host Patrick Gray engages with Tony De la Fuente, the visionary founder behind Prowler, an acclaimed open-source cloud security platform. Launched nearly a decade ago, Prowler has grown into a vital tool for information security professionals, boasting a vibrant community and extensive feature set.
Origins of Prowler
Tony De la Fuente recounts the genesis of Prowler, rooted in a pressing personal need.
[01:28] Tony De la Fuente:
"In 2016 I had all of a sudden like 30 AWS accounts to manage and to assess and I had no idea what to do... I started writing probably without even knowing it, a wrapper of the CLI to check only security configurations, misconfigurations basically related to security."
Faced with managing multiple AWS accounts, Tony identified a gap in the available tools for comprehensive security assessments. Driven by necessity, he began automating security checks using the AWS CLI, initially focusing on hardening services like S3, EC2, and RDS. This proactive approach led to the release of Prowler, a simple yet powerful bash script that assessed AWS security configurations across all regions and supported services with ease of use at its core.
Growth and Community Engagement
Prowler's simplicity and effectiveness quickly garnered attention.
[06:09] Tony De la Fuente:
"The goal was to not to make this hard because cloud security is hard already... I wanted to help others. Basically that is the key of open source."
Tony emphasizes the importance of ease of contribution and comprehensive documentation in fostering community growth. By categorizing Prowler checks and aligning them with compliance frameworks, he made it accessible for a wide range of users—from cloud security practitioners to pen testers and architects. This inclusive approach led to an ever-growing repository of GitHub stars and a robust global contributor base.
Transition to SaaS Platform
Recognizing the limitations of a command-line interface (CLI) for continuous monitoring and broader usability, Tony spearheaded the development of a SaaS platform alongside the CLI tool.
[12:43] Tony De la Fuente:
"I realized that we need to offer a platform. The whole platform, the whole enchilada... continuous monitoring."
The SaaS platform, complemented by ProwlerHub, provides users with comprehensive dashboards, real-time monitoring, and enhanced usability. This transition ensures that Prowler remains relevant in the dynamic cloud security landscape, accommodating both immediate assessments and long-term infrastructure management.
Business Model and Open Source Philosophy
Balancing open-source accessibility with a sustainable business model, Tony outlines Prowler's approach.
[16:28] Tony De la Fuente:
"What I wanted to do is... go get an open source, an open platform, and in five minutes you get the results and if the value is enough, you pay us."
Prowler offers its core functionalities as an open-source tool, encouraging widespread adoption and community contributions. Revenue is generated through the hosted SaaS version, which provides additional features, ease of deployment, and dedicated support. This model mirrors successful open-source enterprises like Red Hat, offering both free access and premium services.
AI Integration and Prowler Lighthouse
Innovating beyond traditional security assessments, Prowler integrates Artificial Intelligence (AI) through its Prowler Lighthouse feature.
[19:09] Tony De la Fuente:
"We are adding AI capabilities like Prowler Lighthouse, where you can ask pretty much anything that is going on in your cloud security..."
Prowler Lighthouse leverages Large Language Models (LLMs) to enhance user interaction, providing intelligent assistance in analyzing security data, generating remediation templates, and offering proactive security recommendations. This AI-driven functionality aims to transform cloud security management by making complex tasks more intuitive and efficient.
Challenges and Security Considerations with AI
Tony addresses the complexities of integrating AI into security platforms, particularly concerning data integrity and access control.
[30:24] Tony De la Fuente:
"We have built in Prowler Lighthouse on top of our RBAC to make sure there is no information leak. That is key in any type of deployment of security tools with AI."
Ensuring that AI functionalities adhere to strict Role-Based Access Control (RBAC) standards is crucial to prevent unauthorized data exposure. Tony highlights the ongoing efforts to balance the innovative benefits of AI with the stringent security requirements inherent in cloud environments.
Conclusion and Future Directions
Tony concludes by reaffirming Prowler's commitment to solving real-world cloud security challenges through open-source collaboration, continuous innovation, and user-centric design. With the integration of AI and the expansion of its SaaS offerings, Prowler is poised to remain a cornerstone in the information security landscape, continually adapting to emerging threats and technological advancements.
[31:59] Tony De la Fuente:
"Thank you, bud. See you soon."
Key Takeaways
- Prowler's Origin: Born out of necessity to manage and secure multiple AWS accounts, evolving into a comprehensive cloud security tool.
- Community-Driven Growth: Success attributed to ease of use, strong documentation, and active community contributions.
- SaaS Evolution: Transition from CLI to a robust SaaS platform to support continuous monitoring and broader usability.
- Sustainable Business Model: Combines open-source accessibility with premium SaaS offerings inspired by models like Red Hat.
- AI Integration: Introduction of Prowler Lighthouse to enhance security management through AI, while maintaining strict security protocols.
- Future Focus: Continued innovation and community engagement to address evolving cloud security challenges.
This episode offers a deep dive into the journey of Prowler, highlighting the intersection of open-source philosophy, community engagement, and cutting-edge technology in shaping a leading cloud security platform. Whether you're a seasoned security professional or new to cloud security, Tony De la Fuente's insights provide valuable guidance on leveraging Prowler to safeguard your cloud environments.
