Getting the right people involved during an incident is probably the most important factor in how fast the incident gets resolved. However, as cloud environments sprawl across multiple providers, accounts, subscriptions and as cloud providers add more services, tapping into the right resources can become a challenge.
The events from monitoring tools such as NewRelic, Datadog, etc. that enter PagerDuty, often have little or no structured data that would allow us to fully exploit all of the PagerDuty’s awesome features such as:
There is no shortage of cloud security compliance tools. Many, like Cloudaware, DivvyCloud, CloudHealth support all three leading cloud providers: AWS, GCE and Azure. These tools come shipped with compliance policies that will evaluate your cloud infrastructure against best practices laid out by the cloud providers themselves. Cloudaware supports CIS Benchmarks for AWS, Azure and GCE. AWS offers Trusted Advisor and Security Hub which also supports CIS benchmarks. Point is compliance checking should be a continuous, daily process. Not something you hire contractors to do annually.
Compliance program will not be successful without accountability and proper management structure. For example…
Increasing number of companies find themselves in the multi-cloud environment. Some get there intentionally by building cloud agnostic applications. Others, more frequently, simply inherit environments that are dispersed across multiple cloud providers such as AWS, GCP and Azure.
Below is a list of tools that simplify deployment and management tasks in multi-cloud environments.
A docker container is a standard unit of software that packages up code and all its dependencies so the application runs predictably from one computing environment to another. A Docker container image is a lightweight, standalone, executable package of software that includes everything needed to run an…
Managing large GCP deployments is a challenging task because all GCP management APIs are project specific. Cloudaware CMDB is a nifty multi-cloud management tool. It not only supports GCP but also AWS, Azure. As far as support for GCP, Cloudaware CMDB discovers all key GCP services like Compute, Big Query, Dataflow and others.
Cloudaware CMDB presents unified view of all GCP infrastructure as if it were part of a single project.
Cloudaware CMDB provides both REST API and CMDB CLI to query data in CMDB.
CIS Foundation Benchmarks for Amazon Web Services, Microsoft Azure and Google Cloud Platform are indeed available for you to download. If you’re just getting started with cloud security and compliance CIS benchmarks are great way to start. They are comprehensive with 50–100 policies per cloud provider, covering not just basic services such as compute and storage but for example AWS VPC, Azure SQL Database, or GCP Kubernetes.
Many vendors including Cloudaware offer support for CIS Benchmarks out of the box. Cloudaware offers customers ability to deploy all policies within a benchmark using a single click.
Once benchmark is deployed, compliance…
CloudTrail is undoubtably powerful source of audit data for all AWS user level and API level activities. However building any kind of security optics dashboard with CloudTrail is not easy for several reasons:
Cloudaware Conflux assesses each Cloudtrail Event and assigns 3 separate scores for each event:
Discovery operates large scale AWS and Azure environments with over 100 AWS accounts and Azure Subscriptions. These accounts and subscriptions contain more than 1,000,000 configurable assets.
Discovery Cloud Security team developed an in-house solution similar to Scout2 and Cloud Custodian to perform AWS and Azure compliance check verifications. Discovery’s solution avoided mistakes of many other commonly in-house developed compliance solutions. It not only identified gaps in configuration and compliance but also actively routed, escalated and most importantly very well communicated policy violations to the stakeholders that were responsible for remediation. Stakeholder would receive their policy violations from a bot named…
Citrix operates large scale AWS and Azure environments with over 100 AWS accounts and Azure Subscriptions. These accounts and subscriptions contain more than 1,000,000 configurable assets.
Citrix Cloud Security team relied on several open source frameworks to perform AWS compliance verification. Namely Cloud Custodian and Scout2. For Azure, Citrix created their in-house tools. As the cloud compliance program was maturing, certain challenges began to emerge.
● Each product division wanted to customize policies slightly to fit their risk profile
● Lack of exception handling process
● Some tools caused API throttling issues for production application during scanning
● Developer who…
GuardDuty is not just a replacement for Snort or similar NIDS. GuardDuty analyzes network traffic via VPC Flow Logs but also digs deeper by inspecting AWS CloudTrail and Route53 logs as well.
GuardDuty has a very simple user interface that does not overwhelm even when dealing with tens of thousands of findings. However if you want to be able to see GuardDuty findings across multiple AWS accounts, you will need a platform like Cloudaware. Especially if you’re looking to make GuardDuty findings routable and actionable.
Ease of deployment and non-intrusiveness. Just like about everything else at AWS, GuardDuty is…
Nessus, Qualys, Rapid7 licenses are expensive and pricing rages from $2.50/host/month up to $18/host/month.
Most organizations scan their infrastructure on a weekly basis. Single host scan lasts under an hour. The remaining 23 hours in the day that scanning license does absolutely nothing. This idling actually costs a lot of money and is not necessary.
At 15,000 hosts, Citrix was dropping close $40,000 for vulnerability scanning licenses alone. Using Cloudaware scanning automation, they reduced the cost of scanning licenses to $4,000 per month. How? Short answer is floating licenses but if you want the long answer, keep reading.