One report to detect them all, or one easy way to track cloud vulnerabilities


Security is one of the biggest concerns of all information and data owners. People who choose to store their data in cloud want to be sure that these data are safe and well-protected against any intrusion.

Cloud providers and infrastructure management platforms supply different security mechanisms and provide scanning tools and facilities aiming at the highest security level. These tools usually produce a number of different security reports that - though giving an invaluable information - can become misleading or be simply lost among other reports and letters.

Maestro v.3.33 focuses on developing and providing its users an aggregated report that will present the results from these scanning tools in a simple and clear way that will be draw the immediate attention to any existing or possible security issues.

Updated Vulnerabilities report

Maestro v.3.33 introduces the updated Vulnerabilities report that overcomes the drawbacks of the previous versions. The updated report answers these basic requirements – be generalizing, compact, and motivative. The report is sent to primary contacts with the secondary contacts added in CC.

The updated report includes these sections (depending on the clouds activated in the tenant):

  • Introductory table will sum up the general information about the tenant resources and detected vulnerabilities.
  • AWS security centers report will include the information about vulnerabilities detected by native security centers and Qualys CloudView for the tenant resources located in AWS regions.
  • Azure security centers report will include the information about vulnerabilities detected by native security centers and Qualys CloudView for the tenant resources located in Azure regions.
  • Google security centers report will include the information about vulnerabilities detected by native security centers and Qualys CloudView for the tenant resources located in Google regions.

The introductory table is organized by cloud providers and has this structure:

  • general information including the number of activated regions, active instances, security level, and the date and time of the last synchronization,
  • native security scanners data, Qualys CloudView data, and Cloud Custodian data.

This general information allows the receiver to quickly understand where the issue is or might be. E.g., if the receiver knows that the tenant has 10 active instances but the report from a security scanner shows 0, this means that something is wrong with the data obtained from the security scanner (Qualys CloudView, Maestro Security Rule Engine, native security centers, etc.) or with the scanner itself.

The sub-headers of the table include the Get detailed report button by pressing which the receiver will be able to request the detailed report.

Information in the second half of the report is organized by cloud providers:

  • AWS security centers report
  • Azure security centers report
  • Google security centers report

Each section includes the data from different security scanners. By default, they are native security centers, Qualys CloudView, and Maestro Security Rule Engine.

Instance owners and primary contacts are responsible for resolving issues and vulnerabilities detected on instances that are mentioned in the Vulnerabilities report. Vulnerabilities that are marked as critical should be resolved in 3 days, high – within 7 days, and medium – within 30 days.

Maestro Security Rule Engine

To ensure the more deep and profound vulnerabilities scanning, Maestro integrates a Security Rule Engine as one of the leading tools in this area.

Maestro Security Rule Engine allows checking if the infrastructure deployed in a certain cloud (AWS, Azure, Google) is aligned with the certain policies also called rules. The checks are performed automatically on a regular basis. The tool incapsulates the mechanism of infrastructure access across clouds.

Scanned infrastructure

Maestro Security Rule Engine describes the infrastructure in a specified account. After this, it applies the defined rules against the existing infrastructure and gathers the information on the resources that break the defined rules. The result is available as a JSON file and added to the Vulnerabilities report.

The rules differ for different cloud providers - both in content and in storage directories. This is necessary because the services with instances in AWS, Azure, and Google are called for and accessed in a different way.

Implementation details

To enable integration with Maestro Security Rule Engine, the team designed a service that provides an API atop of it. This service is pluggable to Maestro, it uses resources of Maestro but can be deployed separately. This allows analyzing the infrastructure of the specified tenants in Maestro.

The service works with these lambdas:

  • maestro-rule-engine-add-user creates users for Maestro Security Rule Engine. The lambda generates password, encrypts it and store in the DynamoDB.
  • maestro-rule-engine-api-gateway-authorizer authenticates the requests using the authorization header.
  • maestro-rule-engine-api-handler handles all API resources including the initiation of the scan and the return of the result report.
  • maestro-rule-engine-job-updater updates Jobs state in the DynamoDB table.

Integration with QRadar

With this release, Maestro started integration with the logs- and system events collecting Security Information and Event Management (SIEM) system based on IBM QRadar.

To enable Maestro users receive information about all available resources and set up external control for resources, Maestro as a system responsible for infrastructure management sends to QRadar state-changing and instance-managing events (instance started, stopped, terminated, instance lost/found, etc.).

The data from Maestro is sent in the CADF format. The SIEM system parses it and analyses the events.


Other improvements

Besides the improvements described in our previous post and the improvements described above, Maestro v.3.33 includes these important updates:

  • Maestro migrates to Terraform v0.14.9 and supports the new Terraform syntax. In the context of Maestro user experience, the most important changes called in by the migration to Terraform v0.14.9 concern these wizards – Manage templates, Plan, and Apply. The most significant feature of the new syntax is new complex types of input variables.
  • Four platform services - Log Aggregation Service, Jenkins as a Service, Sonar as a Service, and Artifactory as a Service - can now be launched by Maestro by means of Terraform templates.
  • With Maestro v.3.33, its users can download and configure Maestro CLI directly from Maestro UI. This is done with the help of the CLI Access and Configuration wizard that is located on the My Preferences page and navigates users through the process.
  • Current release introduces the first edition of the Quick Start Guide intended for cloud users at any level of expertise who want to work with Maestro but are new to it. The guide shows Maestro users how to start working with the application and use its UI for creating and manipulating their Cloud infrastructures.
  • With v.3.33, Maestro starts the major wizard update that is based on the unified approach and will make Maestro wizards more intuitive and user-friendly. The update will last several releases. The first phase included the complete reworking of the Manage metrics wizards and incorporation of the My theme wizard into the Default settings wizard.
  • The latest updates introduced by the current release to Maestro UI include new wizard icons, font changes, tables and tabs redesign,  updated content view, and the redesign of the in-place wizards.
  • Maestro v.3.33 is able to save and use credentials for different AWS accounts and thus allows managing these multiple AWS accounts in its on-premise version.

We keep enhancing Maestro to provide the best services to our users.

;)

Comments

Post a Comment

Popular posts from this blog

Maestro Analytics: Essentials at the Fingertips

Image
Infrastructure analytics is one of the cornerstones for effective cloud management. Each cloud provider offers its own set of features and services for such purpose. We can say that AWS QuickSight, Google Data Studio, and Microsoft BI are among the top of the native analytics and BI offerings. They are deeply integrated into their native infrastructures, provide the detailed review of the infrastructure state, events and cost, and allow to take a deep dive into details, being powered by strong internal mechanisms and AI/ML engines. However, in many cases they provide a huge volume of data which needs a BI expert to cope with, as well as may have limited customization possibilities in terms of the covered data scope. Also, if you use more than one cloud, or have private datacenters, the fact that each of these tools is limited to its vendor, may be a reason for you to find a third-party analytics tool. Here is where you may consider solutions such as CloudHealth, AppOptics, or IBM C
Read more

Maestro: Greeting the Green Dragon

Image
The year is coming to the end, and it's high time for our traditional lookback on Maestro evolution, changes, and important events. The year of 2023 has been dynamic and full of updates, both technical and strategic.  We kept to our previous commitments , meanwhile adjusting to the new trends in Cloud and technologies in general.  We met our user's expectation and need for  cross-cloud FinOps, automated infrastructure analytics, security assessment and the "Fix it" button , aimed to simplify issues remediation. We also took into account the rising demand for  Open Stack-based resources, Cloud Native approaches,  AI/ML integrations .  As a result, we came up with our standard "six release per year" cycle, highlighted with the following milestones: Maestro Insights With the ML technologies growth, the amount of services offering infrastructure recommendations and analytics, grow. This is true for the public cloud providers' native services, as well as thir
Read more

Maestro Orchestrator: Product? SaaS? Framework!

Image
In 2012, EPAM Cloud Orchestrator was created as a cloud solution for the EPAM Systems community. It appeared when the issue of redesigning the growing infrastructure of more than 500 projects became critical. After a thorough analysis of the existing solutions, EPAM experts had to admit that none of them fit the company needs. However, that was not a problem but a challenge. If no perfect solution existed, EPAM created its own from scratch. In six years, EPAM Cloud Orchestrator evolved into a true hybrid cloud with over 8000 virtual machines in hundreds of projects. In addition to its basic function - hosting virtual resources - it supports a number of related components helping the users to be in full control of their virtual infrastructures, such as audit, monitoring, billing, reporting. Meanwhile, a time has come to go out of the box of an enterprise solution and meet the market. This is how the new generation of EPAM Cloud Orchestrator - Maestro was born. Maestro is
Read more