Credit to Author: Rich Beckett| Date: Mon, 17 Feb 2020 15:46:55 +0000
Today is a great day. Huge, in fact. Today we have improved security for everyone running workloads on public cloud environments.
Managing user roles, permissions, and role-based access to AWS services is an enormous challenge.
The scale and interwoven nature of individual and group access to services means that organizations often a) can’t accurately see how their services can be accessed, and b) don’t proactively manage it, thus creating an endless loop back to a).
And here’s the obvious punch line – attackers will exploit that gap in security. We saw this happen in a recent high-profile public cloud attack that exploited overprivileged user access to obtain 40,000 Social Security numbers and 80,000 bank account numbers.
Breakthrough in IAM visualization
We weren’t recognized as a winner among the most advanced cloud technology players for nothing.
Cloud Optix IAM Visualization is a breakthrough for organizations that manage infrastructure on AWS. It enables customers to easily visualize the relationships between IAM roles, IAM users, and services.
This innovative and differentiated new feature will allow security teams to identify high risk users who have access to multiple services that they rarely or never need.
It helps answer questions like: Which IAM users in my AWS account have access to the S3 service, which might contain sensitive data? Which EC2 server instances can access the RDS service – your customer database? And much more. This helps organizations reduce their attack surface in the cloud dramatically.
Addressing a range of new threats
The latest security enhancements to Sophos Cloud Optix go even further to provide more depth than ever.
Detecting AWS, Azure, and GCP spend anomalies
Sophos Cloud Optix security-focused spend monitoring now makes daily and monthly cloud spend monitoring a breeze by identifying unusual activity that could indicate abuse, such as cryptojacking in AWS, Azure, and GCP cloud accounts.
It highlights top services contributing to spend, allowing for faster decisions on whether increased spend equals malicious activity, and provides customizable spend threshold alerts for visibility.
Extending container security with Amazon EKS
As organizations look to expand in the cloud and take advantage of cloud-native workloads, such as containers, they should be aware of the techniques that cybercriminals use to target hidden gaps in security responsibilities and misconfigurations.
Cloud Optix has provided automatic discovery of an organization’s assets across AWS, Microsoft Azure and Google Cloud Platform, and Infrastructure as Code environments for some time and added support for Native Kubernetes and Google’s managed Kubernetes Engine (GKE) in late 2019.
And now, support for Amazon’s managed Elastic Kubernetes Service (EKS) has landed. Azure AKS managed Kubernetes service is hot on its heels and on its way soon.
Amazon EKS nodes are now included in the topology visualization, as well as real-time inventory views of clusters, node groups, nodes, pods, containers, services, and more, while also enabling organizations to perform additional security benchmark checks on these container environments.
Today’s Cloud Optix release is also packed with several new features to increase security and compliance of customer environments:
1. Sophos Cloud Optix has been certified by the Center for Internet Security (CIS)
We’ve been given this certification to accurately assess AWS and GCP system conformance with the security recommendations of the CIS Benchmark profile.
By certifying Cloud Optix with CIS, we’re demonstrating our commitment to actively solving the foundational problem of ensuring secure standard configurations are used by customers.
CIS Certified Security Software Products demonstrate a strong commitment to provide customers with the ability to ensure their assets are secured according to consensus-based best practice standards:
2. Superior public cloud traffic analysis
This helps organizations to analyze outbound traffic anomalies with visibility of destination IP addresses including ISP, organization, country, and region.
3. Azure VM Scale Sets inventory
You’ll be able to see that hosts are part of Scale Sets, and filter to see hosts within a specific VM Scale Set.
4. Add AWS environments using AWS CloudFormation (in preview) as an alternative to running a script using the AWS CLI, or Terraform.
Create a business case for a CSPM solution
Sophos Cloud Optix is the ideal solution for organizations using or moving to the public cloud. It provides organizations with the continuous analysis and visibility needed to detect, respond, and prevent security and compliance risks that could leave them exposed.
But, we get it, building the business case for a CSPM solution like Cloud Optix can be a challenge.
So, checkout out the Sophos ROI calculator. It gives you a helping hand to solve that challenge.
Use it to calculate the saving in time and energy costs that your organization could make with Cloud Optix, and get our handy business case whitepaper.