Threat Stack Blog and Cloud Security News

Continuous security monitoring for your cloud.

How Securely Configured is Your AWS Environment?

by Tim Armstrong Feb 15, 2017 9:27:35 AM

Starting Your Cloud Security Journey Part 2.png

With the launch of the new Threat Stack free cloud security Audit trial, we wanted to provide some tips on how to easily assess how well your AWS environment is configured. So, let's get started...

What is a Cloud Security Baseline?

The phrase is bandied about a lot, so let’s get to it: What is a security baseline?

One of the problems that many organizations run into, especially when they are starting out in cloud security, is not knowing where to start and not having specific data to help them define and improve the status of their cloud security.

That’s where a baseline proves critical. CERN Computer Security defines a security baseline as “a set of basic security objectives which must be met by any given service or system.”

If you put this in the context of cloud security, a baseline will show you how closely a snapshot of your current cloud environment conforms to industry best practices and benchmarks.

This sounds a bit academic, so let’s get down to specifics by taking a look at the new product and free trial we are offering to help you establish and maintain a baseline — Threat Stack Audit.

How Do You Establish a Baseline for Your Organization?

Any cloud environment, no matter what its maturity level, is complex, and without an automated means of managing it, it can be difficult or impossible to gather and act on pertinent information.

To help you create your organization’s baseline and use it to improve your cloud security, Threat Stack has built the following critical capabilities to help:

  • Configuration Auditing. This new feature of the Threat Stack Cloud Security Platform® (CSP) enables AWS customers to establish an accurate baseline of security across their AWS infrastructure. Threat Stack Audit scans account configurations and compares them against best practices and policies for AWS  and Center for Internet Security (CIS) benchmarks.

  • CloudTrail Alerting.This feature enables you to receive automatic alerts about changes to your instances, security groups, S3 buckets, access keys, and other changes to your AWS infrastructure that could represent a threat or lead to non-compliance.

Using the Audit Package, you immediately receive an assessment score as well as clear guidance on improvements. Services included are EC2, IAM, RDS, S3, and CloudTrail alerting. Following an initial scan, you can set up automated,  daily scans.

How Does Configuration Auditing Work?

Whether you’re a seasoned security professional or an operations engineer who has been tasked with cloud security, Threat Stack Audit assesses your AWS configurations and provides recommendations on how to enhance your AWS environment by enabling you to:

  • Audit your AWS configuration for violations
  • View a summary of violations
  • View details of each violation
  • Suppress specific resources for further configuration checks

Once the first scan is complete, as shown below, you will immediately see what percent of each resource type does not comply with security best practices as well as an overall score for your AWS environment:

1-Config Audit.png

Each policy shows how many resources passed and failed the policy and provides access to a full description of the policy, the rationale for the policy, recommended remediation for violations, and a link to the CIS benchmark that is the source of the policy:

2-Config Audit.png

For each resource type that has violations, you can drill in to see which resources are not compliant, and either remediate or suppress the violation:3-Config Audit.png

How Does CloudTrail Alerting Work?

Once you have established a baseline using Configuration Audit, the CloudTrail alerting capability will let you know when there is suspicious activity or activity that could result in non-compliance.

As shown below, CloudTrail alerting comes with 24 rules designed to detect suspicious activity in your AWS environment:

4-CloudTrail Rues.png

When a rule is triggered, an alert will be generated similar to the following:

5-CloudTrail Alert.png

Try Audit for Yourself . . .

If you are an AWS customer, sign up for a Free Cloud Security Audit Trial and get a unique assessment score in minutes!


Topics: Cloud Security, Threat Stack Audit, Cloud Security Baseline, Threat Stack Audit Trial, CloudTrail Alerting, Cloud Security Maturity, Configuration Auditing

Tim Armstrong

Written by Tim Armstrong

As Threat Stack's Product Marketing Manager, Tim helps drive the conversation around cloud security. In the past he's worked in sales engineering and malware research. When not in front of a computer, he loves songwriting and listening to music. Tim is still not the lead singer of Rancid.

Subscribe via email:

Posts by Topic

see all