Security teams should perform initial and periodic reviews of the security configuration and vulnerabilities of each AWS account in their organization. Whether you are doing perimeter checks or making sure you are up to date on all of your migrations, an effective review requires the following:
a) Thorough knowledge of standard security best practices.
b) Understanding the nuances of implementing best practices in the new cloud environment.
c) Organizational policies on what is acceptable for the application/infrastructure. E.g. what is the organization’s backup retention policy? What is the password policy?
d) Risk assessment of the AWS account or the application it is hosting to understand the acceptable security settings. E.g. some application may require MFA for all access to AWS resources. Other AWS accounts may allow public access to some resources.
Security reviews should always be performed before an application is brought into production. After that, security reviews should be performed periodically ranging from daily to annually. These security checks can be tedious and time consuming, but CloudCheckr can simplify the process once you set up a few easy sanity checks.
This first post of the series will describe how to get started securing your AWS environment using CloudCheckr’s 350+ Best Practice checks.
1. Perform a GAP assessment on your environment
Out of the box, CloudCheckr automatically performs a review of the security settings of your AWS management plane and save it into Best Practices results. Access to those results can be reviewed historically to determine when a security issue arose. Users can also manually kick off scans after remediation to verify changes.
This enables the security team to efficiently review security for the entire AWS environment. CloudCheckr automatically generates and distributes daily reports showing how the environment compares to a prepackaged library of security best practice checks.
For exceptionally large or dynamic environments, we recommend setting up your complete AWS environment and monitoring specifically for best practice checks that are marked with an Importance level of High. You can configure CloudCheckr to automatically notify the security team of only those security issues. This allows you to filter out the noise and focus on the most important issues.
2. Reviewing the Best Practice Checks and mitigate identified issues
CloudCheckr’s Best Practices reports show the details of each issue discovered. To find the report, navigate to the Best Practice on the left menu and select the Security tab. Best Practice checks are ordered and color-coded to their importance level. This makes sure that you stay focused on the issues that are putting you at the highest risk rather than parsing through to figure out which order you should tackle issues in.
You should also enable nightly updates of new violations discovered through Best Practice checks. Large users should customize the covered items to ensure high priority issues are not missed. These automated notifications will help your security team manage even complex environments with 100s of accounts and 1000s of users.
Using the automated checks and alerts will save you from having to conduct constant manual checks. This, however, is just the starting point in how CloudCheckr can cut down time and headaches for your security team. Next week we will dig deeper into leveraging CloudTrail, AWS Config, and other AWS native tools to improve your security posture.
If you want to try this first-hand, start a free trial today and see what we’re talking about, and how much easier it can be. For other features and ways we can help, check out some short (1-3 minutes) videos here.