Maestro as a unified security hub across multiple clouds
Security of cloud infrastructures has always been among top priorities for cloud providers, users, and cloud management solutions. Each cloud provider has its own tools for establishing security audit and notifying users about detected vulnerabilities. However, in a multi-cloud environment, working with different tools can cause difficulties in terms of aggregating and centralized analysis of the received data.
With the latest updates, Maestro has received the unified security audit functionality, which faces these inconveniences.
The update adds a powerful weapon to Maestro security armory, which already includes internal security checks, integration with third-party security tools (Qualys), and possibility to easily initiate main AWS security services from Maestro UI. With all new and existing features, Maestro is not just a cloud management solution but turns into a powerful security hub that enables effective continuous security assessment across multiple clouds.
B. Review the event details in the opened Content View section. The details include tenant and region where the event occurred, initiator, event description, etc.
C. Get event details to your email to perform more detailed investigation, save details for the future, or share them with your colleagues.
D. Find events related to the selected one.
Thus, you have the real-time information about the security of your infrastructures just at your fingertips!
These reports accommodate the difference between data formats used by cloud providers, and present all the information in a unified way, which any multi-cloud user will appreciate.
Weekly Vulnerabilities report gives the overall summary of security check results by the Qualys security scan tool and the data aggregated from cloud providers’ security centers.
The report consists of the following sections:
A. The Qualys cloud view report, displaying results of the account-level security check.
B. The Security centers statistics section, providing data related to vulnerability findings aggregated from AWS, Azure, and Google cloud providers.
C. The Details button, allowing users to request a Security Audit report, which contains an in-depth analysis of vulnerable resources. The report will be sent out to the user’s email address.
Security Audit report is sent when you request detailed resource vulnerability analysis in the Weekly Vulnerability report. It contains a detailed overview of vulnerabilities identified during the security audit and recommendations on their elimination.
The Security Audit report contains several sections:
On this premise, it is vital to have the possibility to aggregate and review infrastructure statistics, especially, related to security, in a unified and handy way. With the latest updates, this is a task that Maestro copes with relatively easy due to the new integration with the security tools, offered by public cloud providers.
As a result, you have most security updates just several clicks away, and Maestro fortifies its position in continuous security monitoring and assessment.
With the latest updates, Maestro has received the unified security audit functionality, which faces these inconveniences.
The main idea behind the new integration is to collect and process the information from AWS, Azure, and Google native security services, and after that – share it with Maestro users in a clear and unified way, both automatically (on UI and with regular reports) and by request.
The update adds a powerful weapon to Maestro security armory, which already includes internal security checks, integration with third-party security tools (Qualys), and possibility to easily initiate main AWS security services from Maestro UI. With all new and existing features, Maestro is not just a cloud management solution but turns into a powerful security hub that enables effective continuous security assessment across multiple clouds.
Today, we will share the main principles behind the unified security audit in Maestro, as well as illustrate briefly how it looks from the user’s perspective.
Security centers are responsible for identifying data risks, vulnerabilities, and threats, analyzing cloud gaps, preventing data loss, and monitoring compliance.
The public cloud providers, supported by Maestro, have the following security centers:
Maestro uses Security Audit Aggregation mechanism to communicate with security center APIs and request the necessary information on security scanning results. As a result, it can aggregate the information on security findings occurring from the date of last security check, in the original format directly from cloud providers.
Once data is collected, Maestro processes it in order to bring it to a common standard, and stores the results in the database. The database records are then sent to the Audit page as security events and are used to create the security audit reports and detailed vulnerabilities reports that have a unified design and data structure, consistent for all clouds.
When a security center identifies a new vulnerability in a tenant or account, Maestro gets information on this finding, as described above, and displays it as a security event on the Audit page, where you can:
Integration with Cloud Native Security Centers
As was mentioned above, each cloud provider has its own tools and services for monitoring and managing security of user’s infrastructures and assets. These tools are grouped into “security centers” which give a single entry point to all related services.Security centers are responsible for identifying data risks, vulnerabilities, and threats, analyzing cloud gaps, preventing data loss, and monitoring compliance.
The public cloud providers, supported by Maestro, have the following security centers:
- AWS Security Hub: offers a variety of security instruments, provided by multiple AWS services, such as Amazon GuardDuty, Amazon Inspector, AWS Identity and Access Management (IAM) Access Analyze, etc. Continuous infrastructure scanning for threats and vulnerabilities, automated security checks performance, and management of findings ensures that your virtual infrastructure is constantly monitored following the latest industry standards and AWS best practices. Maestro uses Findings in AWS Security Hub for each AWS account, to establish AWS security events aggregation.
- Azure Security Center: offers continuous security assessment, ensuring that any risks, threats or issues are identified before compromising the virtual infrastructure. It collects the security-related data from various sources (such as logs, events, third-party services data) and provides recommendations to remediate security vulnerabilities before they impact your virtual infrastructure. Maestro uses Tasks from Azure Security Center for each Azure subscription, to establish Azure security events aggregation.
- Google Security Center: offers a deep understanding of application and data risks so you can quickly address threats to your cloud assets and assess overall health. It collects data, identifies threats, and gives advice on taking particular actions before threats cause business damage or loss. It. With the Cloud Security Command Center, you can view and control your cloud asset inventory, scan storage systems for sensitive data, detect common web vulnerabilities, and validate access to your critical resources - all from a single, centralized dashboard. Maestro uses Findings from Google Security Command center for each organization to establish Google security events aggregation.
Maestro uses Security Audit Aggregation mechanism to communicate with security center APIs and request the necessary information on security scanning results. As a result, it can aggregate the information on security findings occurring from the date of last security check, in the original format directly from cloud providers.
Once data is collected, Maestro processes it in order to bring it to a common standard, and stores the results in the database. The database records are then sent to the Audit page as security events and are used to create the security audit reports and detailed vulnerabilities reports that have a unified design and data structure, consistent for all clouds.
Security Audit on Maestro UI
Maestro UI includes the Audit page, where you can get instant information on events occurring in a specified tenant and region. This includes management events (running/starting/deleting instances), security-related events, and operations with Terraform and CloudFormation.When a security center identifies a new vulnerability in a tenant or account, Maestro gets information on this finding, as described above, and displays it as a security event on the Audit page, where you can:
Review all security-related events by setting the Security filter in the Events dropdown menu.
A. Call the detailed description of a specific event by clicking this event it in the list.B. Review the event details in the opened Content View section. The details include tenant and region where the event occurred, initiator, event description, etc.
C. Get event details to your email to perform more detailed investigation, save details for the future, or share them with your colleagues.
D. Find events related to the selected one.
Thus, you have the real-time information about the security of your infrastructures just at your fingertips!
Security Audit Reports
As you already know, Maestro not only displays the security-related events on the Audit page. It also aggregates them on a weekly basis and shares the results with users as reports which contain statistics and summaries for all findings.These reports accommodate the difference between data formats used by cloud providers, and present all the information in a unified way, which any multi-cloud user will appreciate.
Weekly Vulnerabilities report gives the overall summary of security check results by the Qualys security scan tool and the data aggregated from cloud providers’ security centers.
The report consists of the following sections:
B. The Security centers statistics section, providing data related to vulnerability findings aggregated from AWS, Azure, and Google cloud providers.
C. The Details button, allowing users to request a Security Audit report, which contains an in-depth analysis of vulnerable resources. The report will be sent out to the user’s email address.
Security Audit report is sent when you request detailed resource vulnerability analysis in the Weekly Vulnerability report. It contains a detailed overview of vulnerabilities identified during the security audit and recommendations on their elimination.
The Security Audit report contains several sections:
- Vulnerabilities by severity – visualizes security vulnerabilities statistic grouped by severity level.
- Vulnerabilities by resource type - visualized security vulnerabilities statistic grouped by resource type.
- Vulnerabilities in details – contains information on all found vulnerabilities with their detailed description, indicated severity level and recommendations for the user.
In the attachment to this report you can find a .csv
file, listing all found vulnerabilities and providing the necessary details,
such as vulnerability type and recommendations on how to eliminate them.
You can read more about Maestro security reports in one of
our previous posts.
To Sum Up
In the world of the ever-increasing popularity of hybrid clouds, day-to-day routine compels to use not one, but several public cloud providers for particular tasks.On this premise, it is vital to have the possibility to aggregate and review infrastructure statistics, especially, related to security, in a unified and handy way. With the latest updates, this is a task that Maestro copes with relatively easy due to the new integration with the security tools, offered by public cloud providers.
As a result, you have most security updates just several clicks away, and Maestro fortifies its position in continuous security monitoring and assessment.
Comments
Post a Comment