Maestro as a unified security hub across multiple clouds

Security of cloud infrastructures has always been among top priorities for cloud providers, users, and cloud management solutions. Each cloud provider has its own tools for establishing security audit and notifying users about detected vulnerabilities. However, in a multi-cloud environment, working with different tools can cause difficulties in terms of aggregating and centralized analysis of the received data. 

With the latest updates, Maestro has received the unified security audit functionality, which faces these inconveniences. 
The main idea behind the new integration is to collect and process the information from AWS, Azure, and Google native security services, and after that – share it with Maestro users in a clear and unified way, both automatically (on UI and with regular reports) and by request. 

The update adds a powerful weapon to Maestro security armory, which already includes internal security checks, integration with third-party security tools (Qualys), and possibility to easily initiate main AWS security services from Maestro UI. With all new and existing features, Maestro is not just a cloud management solution but turns into a powerful security hub that enables effective continuous security assessment across multiple clouds
Today, we will share the main principles behind the unified security audit in Maestro, as well as illustrate briefly how it looks from the user’s perspective.

Integration with Cloud Native Security Centers

As was mentioned above, each cloud provider has its own tools and services for monitoring and managing security of user’s infrastructures and assets. These tools are grouped into “security centers” which give a single entry point to all related services.
Security centers are responsible for identifying data risks, vulnerabilities, and threats, analyzing cloud gaps, preventing data loss, and monitoring compliance.
The public cloud providers, supported by Maestro, have the following security centers:
  • AWS Security Hub: offers a variety of security instruments, provided by multiple AWS services, such as Amazon GuardDuty, Amazon Inspector, AWS Identity and Access Management (IAM) Access Analyze, etc. Continuous infrastructure scanning for threats and vulnerabilities, automated security checks performance, and management of findings ensures that your virtual infrastructure is constantly monitored following the latest industry standards and AWS best practices. Maestro uses Findings in AWS Security Hub for each AWS account, to establish AWS security events aggregation.
  • Azure Security Center: offers continuous security assessment, ensuring that any risks, threats or issues are identified before compromising the virtual infrastructure. It collects the security-related data from various sources (such as logs, events, third-party services data) and provides recommendations to remediate security vulnerabilities before they impact your virtual infrastructure. Maestro uses Tasks from Azure Security Center for each Azure subscription, to establish Azure security events aggregation.
  • Google Security Center: offers a deep understanding of application and data risks so you can quickly address threats to your cloud assets and assess overall health. It collects data, identifies threats, and gives advice on taking particular actions before threats cause business damage or loss. It. With the Cloud Security Command Center, you can view and control your cloud asset inventory, scan storage systems for sensitive data, detect common web vulnerabilities, and validate access to your critical resources - all from a single, centralized dashboard. Maestro uses Findings from Google Security Command center for each organization to establish Google security events aggregation.
AWS findings, Azure tasks and Google findings have both differences (e.g. criticality title and definition), and common characteristics, such as description, severity level, discovery date, resource name and type, etc.

Maestro uses Security Audit Aggregation mechanism to communicate with security center APIs and request the necessary information on security scanning results. As a result, it can aggregate the information on security findings occurring from the date of last security check, in the original format directly from cloud providers.

Once data is collected, Maestro processes it in order to bring it to a common standard, and stores the results in the database. The database records are then sent to the Audit page as security events and are used to create the security audit reports and detailed vulnerabilities reports that have a unified design and data structure, consistent for all clouds.

Security Audit on Maestro UI

Maestro UI includes the Audit page, where you can get instant information on events occurring in a specified tenant and region. This includes management events (running/starting/deleting instances), security-related events, and operations with Terraform and CloudFormation.

When a security center identifies a new vulnerability in a tenant or account, Maestro gets information on this finding, as described above, and displays it as a security event on the Audit page, where you can: 

Review all security-related events by setting the Security filter in the Events dropdown menu. 

A. Call the detailed description of a specific event by clicking this event it in the list.
B. Review the event details in the opened Content View section. The details include tenant and region where the event occurred, initiator, event description, etc.
C. Get event details to your email to perform more detailed investigation, save details for the future, or share them with your colleagues.
D. Find events related to the selected one.

Thus, you have the real-time information about the security of your infrastructures just at your fingertips!

Security Audit Reports

As you already know, Maestro not only displays the security-related events on the Audit page. It also aggregates them on a weekly basis and shares the results with users as reports which contain statistics and summaries for all findings.
These reports accommodate the difference between data formats used by cloud providers, and present all the information in a unified way, which any multi-cloud user will appreciate.

Weekly Vulnerabilities report gives the overall summary of security check results by the Qualys security scan tool and the data aggregated from cloud providers’ security centers. 

The report consists of the following sections:

A. The Qualys cloud view report, displaying results of the account-level security check.
B. The Security centers statistics section, providing data related to vulnerability findings aggregated from AWS, Azure, and Google cloud providers.
C. The Details button, allowing users to request a Security Audit report, which contains an in-depth analysis of vulnerable resources. The report will be sent out to the user’s email address.

Security Audit report is sent when you request detailed resource vulnerability analysis in the Weekly Vulnerability report. It contains a detailed overview of vulnerabilities identified during the security audit and recommendations on their elimination.
The Security Audit report contains several sections:
  • Vulnerabilities by severity – visualizes security vulnerabilities statistic grouped by severity level.
  • Vulnerabilities by resource type - visualized security vulnerabilities statistic grouped by resource type.
  • Vulnerabilities in details – contains information on all found vulnerabilities with their detailed description, indicated severity level and recommendations for the user.

In the attachment to this report you can find a .csv file, listing all found vulnerabilities and providing the necessary details, such as vulnerability type and recommendations on how to eliminate them.

You can read more about Maestro security reports in one of our previous posts.

To Sum Up

In the world of the ever-increasing popularity of hybrid clouds, day-to-day routine compels to use not one, but several public cloud providers for particular tasks.

On this premise, it is vital to have the possibility to aggregate and review infrastructure statistics, especially, related to security, in a unified and handy way. With the latest updates, this is a task that Maestro copes with relatively easy due to the new integration with the security tools, offered by public cloud providers.

As a result, you have most security updates just several clicks away, and Maestro fortifies its position in continuous security monitoring and assessment.

Comments

Post a Comment

Popular posts from this blog

Maestro Analytics: Essentials at the Fingertips

Image
Infrastructure analytics is one of the cornerstones for effective cloud management. Each cloud provider offers its own set of features and services for such purpose. We can say that AWS QuickSight, Google Data Studio, and Microsoft BI are among the top of the native analytics and BI offerings. They are deeply integrated into their native infrastructures, provide the detailed review of the infrastructure state, events and cost, and allow to take a deep dive into details, being powered by strong internal mechanisms and AI/ML engines. However, in many cases they provide a huge volume of data which needs a BI expert to cope with, as well as may have limited customization possibilities in terms of the covered data scope. Also, if you use more than one cloud, or have private datacenters, the fact that each of these tools is limited to its vendor, may be a reason for you to find a third-party analytics tool. Here is where you may consider solutions such as CloudHealth, AppOptics, or IBM C
Read more

Maestro: Greeting the Green Dragon

Image
The year is coming to the end, and it's high time for our traditional lookback on Maestro evolution, changes, and important events. The year of 2023 has been dynamic and full of updates, both technical and strategic.  We kept to our previous commitments , meanwhile adjusting to the new trends in Cloud and technologies in general.  We met our user's expectation and need for  cross-cloud FinOps, automated infrastructure analytics, security assessment and the "Fix it" button , aimed to simplify issues remediation. We also took into account the rising demand for  Open Stack-based resources, Cloud Native approaches,  AI/ML integrations .  As a result, we came up with our standard "six release per year" cycle, highlighted with the following milestones: Maestro Insights With the ML technologies growth, the amount of services offering infrastructure recommendations and analytics, grow. This is true for the public cloud providers' native services, as well as thir
Read more

Maestro Orchestrator: Product? SaaS? Framework!

Image
In 2012, EPAM Cloud Orchestrator was created as a cloud solution for the EPAM Systems community. It appeared when the issue of redesigning the growing infrastructure of more than 500 projects became critical. After a thorough analysis of the existing solutions, EPAM experts had to admit that none of them fit the company needs. However, that was not a problem but a challenge. If no perfect solution existed, EPAM created its own from scratch. In six years, EPAM Cloud Orchestrator evolved into a true hybrid cloud with over 8000 virtual machines in hundreds of projects. In addition to its basic function - hosting virtual resources - it supports a number of related components helping the users to be in full control of their virtual infrastructures, such as audit, monitoring, billing, reporting. Meanwhile, a time has come to go out of the box of an enterprise solution and meet the market. This is how the new generation of EPAM Cloud Orchestrator - Maestro was born. Maestro is
Read more