Does it surprise you that cloud platforms are not turnkey security environments? It shouldn’t, especially if your business has been using cloud services for a while. If you have oversight of any data or resources your company puts in the cloud, you need a good working knowledge of security techniques and processes. You don’t want to be the person who scrambles, after a high-profile attack or data leak is reported, to identify potential breaches in your own protocols.
To help you find the tools that can help mitigate the risks of storing data in the cloud, we’ve decided to identify those that are useful in an Amazon Web Services environment. That environment is, obviously, huge and therefore a big target for hackers.
We created this list after soliciting suggestions from the AWS community and identifying open source security tools. We then tested them to determine the ones that worked the best.
AWS Scout2: Scout2 is a security tool that lets AWS administrators assess their environment's security posture. Using an AWS API, Scout2 gathers configuration data for manual inspection and highlights high-risk areas automatically. Scout2 supplies a consolidated view of the attack surface automatically.
CloudSploit Scans: CloudSploit Scans is an open-source project aimed at detecting security risks in an AWS account. The included scripts are designed to run against an AWS account and return a series of potential misconfigurations and security risks.
CloudTracker: CloudTracker identifies over-privileged IAM users and roles by comparing CloudTrail logs with the industry’s It does this by reviewing CloudTrail logs to identify the API calls made by an actor and compares this with the IAM privileges that the actor has been granted to identify privileges that can be removed.
CloudMapper: CloudMapper an AWS environment. The tool’s original purpose was to generate network diagrams and display them in a browser. It now contains additional functionality, including the ability to:
- Show the resources are publicly exposed
- Display the resources that can communicate internally with other resources
- Inspect the architecture to protect against an availability zone failure
- Report on the number of regions used by an account
Security Monkey: Security Monkey monitors AWS and Google Cloud Platform accounts for policy changes and sends alerts when it detects insecure configurations. Support is available for OpenStack public and private clouds. Security Monkey can also monitor GitHub organizations, teams and repositories.
Cloud Custodian: Cloud Custodian is a rules engine for AWS fleet management. It allows users to define policies to enable a well-managed cloud infrastructure that's both secure and cost-optimized. It consolidates many of the ad hoc scripts organizations use into a lightweight and flexible tool, with unified metrics and reporting. Cloud Custodian can ensure real-time compliance to security policies (such as encryption and access requirements), tag policies and cost management via garbage collection of unused resources and off-hours resource management.
[With over 30 AWS sessions delivered by AWS employees and AWS community members, IT/Dev Connections 2018 attendees will be able to take away deep-dive information about how to develop strong knowledge for securing their AWS security environment. IT/Dev Connections 2018 runs Oct. 15-18, 2018, in Dallas.]