Extended exposure resolution offering gives security teams new, code-free mitigation pathways to reduce cloud exposure
ZEST Security, an Agentic AI-Powered Cloud Risk Resolution platform, announced the addition of AWS Service Control Policies (SCPs) as part of ZEST’s exposure resolution offering. Until now, no solution has fully operationalized SCPs as a mitigation pathway within a broader cloud vulnerability and exposure management program. ZEST Security turns SCPs into an active defense that security teams can instantly enforce to reduce cloud exposure.
Also Read: CIO Influence Interview with Josh Kindiger, President and COO at Grokstream
According to ZEST’s “2025 Cloud Risk Exposure Impact” report, 56% of risks cannot be remediated, either because a code change is not immediately possible, a patch is not available, a legacy system cannot support an upgrade, or other barriers. In these cases, organizations often accept the risk, increasing the potential for security incidents when appropriate mitigating controls aren’t applied.
ZEST Security’s mitigation pathways, now including AWS SCPs, offer a fast and reliable way to mitigate exposure, prevent exploitation and disrupt attacks at every stage, without waiting for patches, code changes or other teams to deliver full remediation.
By mobilizing SCPs as a mitigation pathway, security teams can block both common and advanced attack techniques by controlling access to sensitive resources, encryption settings and public exposure. This reduces the risk of exploitation and helps prevent key attack stages such as reconnaissance, privilege escalation, and data encryption.
The ZEST platform leverages AI Agents to map vulnerabilities and misconfigurations identified by CSPM and vulnerability management solutions to remediation and mitigation pathways. ZEST’s resolution engine analyzes all available options, including code/IaC fixes, patches, upgrades, policies and cloud guardrails to identify the most direct and impactful path to reduce cloud exposure at scale, even in scenarios when remediation isn’t immediately possible.
While SCPs represent ZEST’s latest mitigation pathway, ZEST provides a broader mitigation offering that mobilizes other controls and services such as Web Application Firewalls, VPC and GuardDuty to harden configurations, enforce stricter policies and create customized protection rules when code changes or upgrades aren’t possible.
[To share your insights with us as part of editorial or sponsored content, please write to psen@itechseries.com
