We are comprehensive cloud management for modern enterprises, services providers, and the public sector.
Everything you need to manage and allocate costs, optimize spending, and save money.
Unified secure configuration, activity monitoring, and IAM tracking for the public cloud.
Take the guesswork out of managing your cloud and free up resources with dynamic automation.
The next step in cloud security—ensure your cloud infrastructure is audit-ready for 35 regulatory standards.
Built to optimize the best features of the major cloud providers in a single pane of glass.
With an integrated ecosystem carefully chosen for your success.
Our technology partners amplify the advantages of the cloud.
Comprehensive management and automation of cost, security, compliance, inventory, and utilization for the modern enterprise.
A full suite of modules and tools to support the unique business needs of MSPs, CSPs and resellers, from custom invoicing to analytics and reporting.
Unified cloud management for federal, state, local, and higher education institutions.
Security teams should perform initial and periodic reviews of the security configuration and vulnerabilities of each AWS account in their organization. Whether you are doing perimeter checks or making sure you are up to date on all of your migrations, an effective review requires the following:
a) Thorough knowledge of standard security best practices.
b) Understanding the nuances of implementing best practices in the new cloud environment.
c) Organizational policies on what is acceptable for the application/infrastructure. E.g. what is the organization’s backup retention policy? What is the password policy?
d) Risk assessment of the AWS account or the application it is hosting to understand the acceptable security settings. E.g. some application may require MFA for all access to AWS resources. Other AWS accounts may allow public access to some resources.
Security reviews should always be performed before an application is brought into production. After that, security reviews should be performed periodically ranging from daily to annually. These security checks can be tedious and time consuming, but CloudCheckr can simplify the process once you set up a few easy sanity checks.
This first post of the series will describe how to get started securing your AWS environment using CloudCheckr’s 350+ Best Practice checks.
1. Perform a GAP assessment on your environment
Out of the box, CloudCheckr automatically performs a review of the security settings of your AWS management plane and save it into Best Practices results. Access to those results can be reviewed historically to determine when a security issue arose. Users can also manually kick off scans after remediation to verify changes.
This enables the security team to efficiently review security for the entire AWS environment. CloudCheckr automatically generates and distributes daily reports showing how the environment compares to a prepackaged library of security best practice checks.
For exceptionally large or dynamic environments, we recommend setting up your complete AWS environment and monitoring specifically for best practice checks that are marked with an Importance level of High. You can configure CloudCheckr to automatically notify the security team of only those security issues. This allows you to filter out the noise and focus on the most important issues.
2. Reviewing the Best Practice Checks and mitigate identified issues
CloudCheckr’s Best Practices reports show the details of each issue discovered. To find the report, navigate to the Best Practice on the left menu and select the Security tab. Best Practice checks are ordered and color-coded to their importance level. This makes sure that you stay focused on the issues that are putting you at the highest risk rather than parsing through to figure out which order you should tackle issues in.
You should also enable nightly updates of new violations discovered through Best Practice checks. Large users should customize the covered items to ensure high priority issues are not missed. These automated notifications will help your security team manage even complex environments with 100s of accounts and 1000s of users.
Using the automated checks and alerts will save you from having to conduct constant manual checks. This, however, is just the starting point in how CloudCheckr can cut down time and headaches for your security team. Next week we will dig deeper into leveraging CloudTrail, AWS Config, and other AWS native tools to improve your security posture.
If you want to try this first-hand, start a free trial today and see what we’re talking about, and how much easier it can be. For other features and ways we can help, check out some short (1-3 minutes) videos here.