How securely configured is my AWS environment? Have I checked all the right boxes? Have I locked all my doors and windows?
With the release of AWS Configuration Auditing — a major new feature of the Threat Stack intrusion detection platform — Threat Stack is the only cloud security monitoring platform that enables customers to assure that their AWS environment is configured to policy and from there, implement continuous security monitoring, alerting, and investigation at any stage in their company’s cloud maturity lifecycle.
Configuration Auditing enables Threat Stack customers operating in AWS to implement AWS security best practices by automatically auditing current environments and providing an immediate, concise report of configurations that are non-compliant with best practices. Threat Stack then offers steps to remediate the issues and make the AWS environment more secure.
How Does Configuration Auditing Work?
Whether the user is an Operations Engineer being tasked with handling more security demands or a seasoned Security professional who wants better insights into their AWS environment, Configuration Auditing immediately and easily enables the user to:
- Assess the current state of their security posture
- Compare this baseline against security best practices (including CIS AWS Foundations Benchmark)
- Identify and prioritize steps for remediation
Once the first scan is complete, the results will look something like this:
Users can immediately see how their settings compare to security best practices. They can then drill into more detail by AWS Service and then by the individual rule being checked. Finally, they can drill into the individual resources that were not compliant and prioritize them for remediation by importance of the best practice, AWS account, etc.
For example, by default Threat Stack checks 17 IAM and password policy configurations. A user looking at the results screen can easily see that some of the IAM configurations are less than ideal. In fact, none of the users have multi-factor authentication (MFA) enabled, which is one of the most basic best practices that we recommend. The user can drill down further into this rule, identify the users who are in violation (in this case all of them!), and work with them to remediate the issue.
Keeping Up With Changes in the AWS Environment
After running the first scan, users can set up recurring scans and use these to maintain or improve their security posture over time. Threat Stack’s CloudTrail monitoring and alerting provides the who did what, when. AWS Configuration Audit provides a broader context for these changes and enables users to evaluate and act on them if needed. (It’s not always necessary to care about each individual AWS change; instead, users can focus on the changes that violate established policy.) For example, if a new service has been deployed, the user can determine whether its security groups are properly restrictive. If a new IAM user has been added, it’s easy to see whether they have 2FA configured.
Final Words . . .
With the release of Configuration Auditing, the Threat Stack intrusion detection platform supports users from the moment they need a quick audit of their AWS security settings and software vulnerabilities to the time they need to perform a deep investigation of a security incident.
Ready to learn more? Sign up for a demo to see what Threat Stack has to offer.
See Threat Stack in Action
Get in touch for a demo of Threat Stack's comprehensive instrusion detection platform.