One report to detect them all, or one easy way to track cloud vulnerabilities
Security is one of the biggest concerns of all information and data owners. People who choose to store their data in cloud want to be sure that these data are safe and well-protected against any intrusion.
Cloud providers and infrastructure management platforms supply different security mechanisms and provide scanning tools and facilities aiming at the highest security level. These tools usually produce a number of different security reports that - though giving an invaluable information - can become misleading or be simply lost among other reports and letters.
Maestro v.3.33 focuses on developing and providing its users an aggregated report that will present the results from these scanning tools in a simple and clear way that will be draw the immediate attention to any existing or possible security issues.
Updated Vulnerabilities report
Maestro v.3.33 introduces the updated Vulnerabilities report that overcomes the drawbacks of the previous versions. The updated report answers these basic requirements – be generalizing, compact, and motivative. The report is sent to primary contacts with the secondary contacts added in CC.
The updated report includes these sections (depending on the clouds activated in the tenant):
- Introductory table will sum up the general information about the tenant resources and detected vulnerabilities.
- AWS security centers report will include the information about vulnerabilities detected by native security centers and Qualys CloudView for the tenant resources located in AWS regions.
- Azure security centers report will include the information about vulnerabilities detected by native security centers and Qualys CloudView for the tenant resources located in Azure regions.
- Google security centers report will include the information about vulnerabilities detected by native security centers and Qualys CloudView for the tenant resources located in Google regions.
The introductory table is organized by cloud providers and has this structure:
- general information including the number of activated regions, active instances, security level, and the date and time of the last synchronization,
- native security scanners data, Qualys CloudView data, and Cloud Custodian data.
This general information allows the receiver to quickly understand where the issue is or might be. E.g., if the receiver knows that the tenant has 10 active instances but the report from a security scanner shows 0, this means that something is wrong with the data obtained from the security scanner (Qualys CloudView, Maestro Security Rule Engine, native security centers, etc.) or with the scanner itself.
The sub-headers of the table include the Get detailed report button by pressing which the receiver will be able to request the detailed report.
Information in the second half of the report is organized by cloud providers:
- AWS security centers report
- Azure security centers report
- Google security centers report
Each section includes the data from different security scanners. By default, they are native security centers, Qualys CloudView, and Maestro Security Rule Engine.
Instance owners and primary contacts are responsible for resolving issues and vulnerabilities detected on instances that are mentioned in the Vulnerabilities report. Vulnerabilities that are marked as critical should be resolved in 3 days, high – within 7 days, and medium – within 30 days.
Maestro Security Rule Engine
To ensure the more deep and profound vulnerabilities scanning, Maestro integrates a Security Rule Engine as one of the leading tools in this area.
Maestro Security Rule Engine allows checking if the infrastructure deployed in a certain cloud (AWS, Azure, Google) is aligned with the certain policies also called rules. The checks are performed automatically on a regular basis. The tool incapsulates the mechanism of infrastructure access across clouds.
Scanned infrastructure
Maestro Security Rule Engine describes the infrastructure in a specified account. After this, it applies the defined rules against the existing infrastructure and gathers the information on the resources that break the defined rules. The result is available as a JSON file and added to the Vulnerabilities report.
The rules differ for different cloud providers - both in content and in storage directories. This is necessary because the services with instances in AWS, Azure, and Google are called for and accessed in a different way.
Implementation details
To enable integration with Maestro Security Rule Engine, the team designed a service that provides an API atop of it. This service is pluggable to Maestro, it uses resources of Maestro but can be deployed separately. This allows analyzing the infrastructure of the specified tenants in Maestro.
The service works with these lambdas:
- maestro-rule-engine-add-user creates users for Maestro Security Rule Engine. The lambda generates password, encrypts it and store in the DynamoDB.
- maestro-rule-engine-api-gateway-authorizer authenticates the requests using the authorization header.
- maestro-rule-engine-api-handler handles all API resources including the initiation of the scan and the return of the result report.
- maestro-rule-engine-job-updater updates Jobs state in the DynamoDB table.
Integration with QRadar
With this release, Maestro started integration with the logs- and system events collecting Security Information and Event Management (SIEM) system based on IBM QRadar.
To enable Maestro users receive information about all available resources and set up external control for resources, Maestro as a system responsible for infrastructure management sends to QRadar state-changing and instance-managing events (instance started, stopped, terminated, instance lost/found, etc.).
The data from Maestro is sent in the CADF format. The SIEM system parses it and analyses the events.
Other improvements
Besides the improvements described in our previous post and the improvements described above, Maestro v.3.33 includes these important updates:
- Maestro migrates to Terraform v0.14.9 and supports the new Terraform syntax. In the context of Maestro user experience, the most important changes called in by the migration to Terraform v0.14.9 concern these wizards – Manage templates, Plan, and Apply. The most significant feature of the new syntax is new complex types of input variables.
- Four platform services - Log Aggregation Service, Jenkins as a Service, Sonar as a Service, and Artifactory as a Service - can now be launched by Maestro by means of Terraform templates.
- With Maestro v.3.33, its users can download and configure Maestro CLI directly from Maestro UI. This is done with the help of the CLI Access and Configuration wizard that is located on the My Preferences page and navigates users through the process.
- Current release introduces the first edition of the Quick Start Guide intended for cloud users at any level of expertise who want to work with Maestro but are new to it. The guide shows Maestro users how to start working with the application and use its UI for creating and manipulating their Cloud infrastructures.
- With v.3.33, Maestro starts the major wizard update that is based on the unified approach and will make Maestro wizards more intuitive and user-friendly. The update will last several releases. The first phase included the complete reworking of the Manage metrics wizards and incorporation of the My theme wizard into the Default settings wizard.
- The latest updates introduced by the current release to Maestro UI include new wizard icons, font changes, tables and tabs redesign, updated content view, and the redesign of the in-place wizards.
- Maestro v.3.33 is able to save and use credentials for different AWS accounts and thus allows managing these multiple AWS accounts in its on-premise version.
We keep enhancing Maestro to provide the best services to our users.
;)
Comments
Post a Comment