One report to detect them all, or one easy way to track cloud vulnerabilities


Security is one of the biggest concerns of all information and data owners. People who choose to store their data in cloud want to be sure that these data are safe and well-protected against any intrusion.

Cloud providers and infrastructure management platforms supply different security mechanisms and provide scanning tools and facilities aiming at the highest security level. These tools usually produce a number of different security reports that - though giving an invaluable information - can become misleading or be simply lost among other reports and letters.

Maestro v.3.33 focuses on developing and providing its users an aggregated report that will present the results from these scanning tools in a simple and clear way that will be draw the immediate attention to any existing or possible security issues.

Updated Vulnerabilities report

Maestro v.3.33 introduces the updated Vulnerabilities report that overcomes the drawbacks of the previous versions. The updated report answers these basic requirements – be generalizing, compact, and motivative. The report is sent to primary contacts with the secondary contacts added in CC.

The updated report includes these sections (depending on the clouds activated in the tenant):

  • Introductory table will sum up the general information about the tenant resources and detected vulnerabilities.
  • AWS security centers report will include the information about vulnerabilities detected by native security centers and Qualys CloudView for the tenant resources located in AWS regions.
  • Azure security centers report will include the information about vulnerabilities detected by native security centers and Qualys CloudView for the tenant resources located in Azure regions.
  • Google security centers report will include the information about vulnerabilities detected by native security centers and Qualys CloudView for the tenant resources located in Google regions.

The introductory table is organized by cloud providers and has this structure:

  • general information including the number of activated regions, active instances, security level, and the date and time of the last synchronization,
  • native security scanners data, Qualys CloudView data, and Cloud Custodian data.

This general information allows the receiver to quickly understand where the issue is or might be. E.g., if the receiver knows that the tenant has 10 active instances but the report from a security scanner shows 0, this means that something is wrong with the data obtained from the security scanner (Qualys CloudView, Maestro Security Rule Engine, native security centers, etc.) or with the scanner itself.

The sub-headers of the table include the Get detailed report button by pressing which the receiver will be able to request the detailed report.

Information in the second half of the report is organized by cloud providers:

  • AWS security centers report
  • Azure security centers report
  • Google security centers report

Each section includes the data from different security scanners. By default, they are native security centers, Qualys CloudView, and Maestro Security Rule Engine.

Instance owners and primary contacts are responsible for resolving issues and vulnerabilities detected on instances that are mentioned in the Vulnerabilities report. Vulnerabilities that are marked as critical should be resolved in 3 days, high – within 7 days, and medium – within 30 days.


Integration with QRadar

With this release, Maestro started integration with the logs- and system events collecting Security Information and Event Management (SIEM) system based on IBM QRadar.

To enable Maestro users receive information about all available resources and set up external control for resources, Maestro as a system responsible for infrastructure management sends to QRadar state-changing and instance-managing events (instance started, stopped, terminated, instance lost/found, etc.).

The data from Maestro is sent in the CADF format. The SIEM system parses it and analyses the events.


Other improvements

Besides the improvements described in our previous post and the improvements described above, Maestro v.3.33 includes these important updates:

  • Maestro migrates to Terraform v0.14.9 and supports the new Terraform syntax. In the context of Maestro user experience, the most important changes called in by the migration to Terraform v0.14.9 concern these wizards – Manage templates, Plan, and Apply. The most significant feature of the new syntax is new complex types of input variables.
  • Four platform services - Log Aggregation Service, Jenkins as a Service, Sonar as a Service, and Artifactory as a Service - can now be launched by Maestro by means of Terraform templates.
  • With Maestro v.3.33, its users can download and configure Maestro CLI directly from Maestro UI. This is done with the help of the CLI Access and Configuration wizard that is located on the My Preferences page and navigates users through the process.
  • Current release introduces the first edition of the Quick Start Guide intended for cloud users at any level of expertise who want to work with Maestro but are new to it. The guide shows Maestro users how to start working with the application and use its UI for creating and manipulating their Cloud infrastructures.
  • With v.3.33, Maestro starts the major wizard update that is based on the unified approach and will make Maestro wizards more intuitive and user-friendly. The update will last several releases. The first phase included the complete reworking of the Manage metrics wizards and incorporation of the My theme wizard into the Default settings wizard.
  • The latest updates introduced by the current release to Maestro UI include new wizard icons, font changes, tables and tabs redesign,  updated content view, and the redesign of the in-place wizards.
  • Maestro v.3.33 is able to save and use credentials for different AWS accounts and thus allows managing these multiple AWS accounts in its on-premise version.

We keep enhancing Maestro to provide the best services to our users.

;)

Comments

Post a Comment

Popular posts from this blog

Maestro Meets Microservices to Expand its Open Infrastructure Platform

Image
In our previous post , we discovered Maestro as a part of the Open Infrastructure world, as well as its Open Source components and strategy. However, a modern platform is more than just about infrastructure. To increase efficiency, unification, visibility and control, it is important not only to establish effective infrastructure management, but also to set up control on the application layer. With the infrastructure layer being often hosted in multi- and hybrid- clouds, Microservices became one of the silver bullets for cloud-based and cloud-native applications within the past years. They allow to package your applications properly so that they can be hosted on any platform. The parts that cannot be put to this type of architecture, are often re-platformed, or re-architected within the new provider. Thus, a modern platform should be capable of both managing Cloud environments and empowering microservice-based applications development, delivery and management . Kee...
Read more

Enterprise Cloud Billing: Adjust and Conquer

Image
Maestro billing engine allows transforming virtual and hardware capacities utilization into bills , based on the events within their timeline, and states they get as a result of such events However, the modern world, with its dynamic changes in situations and requests, needs flexibility – and in billing, as well. The hourly cost of your datacenter maintenance may depend on external factors, like varying electricity costs (for example, cheaper night hours), which can let you make nightly hours of your infrastructure usage be also more affordable. You may also want to re-distribute the load between data centers or data center sections during peak hours by offering lower prices in underutilized zones, and higher prices – in those that are overloaded. Season discounts, special offerings, and other pricing alterations are also on the list. You even may want to apply extra charges for your users access to public clouds, by adding a respective coefficient to the native provi...
Read more

2025 is coming: From Dragon Tales to Snake Wisdom

Image
The Year 2024 is coming to an end, and it's high time to sum up our achievements and future plan in the traditional summary and resolution post. While the Green Dragon is still here, we would like to start with summing up the past 52 weeks, taking the recap of the updates, news, and success cases we had - all that becomes a solid ground for our further movement. 2024: Main Steps and Updates Traditionally, Maestro development was focused on several main directions, as well as included a set of general updates and stabilization changes. General updates and stabilization The updates covering general Maestro performance and core functionality has been taking place throughout the year, with the massive stabilization closer to the end of the year. These included not only performance improvements and bug fixing, but also important new features, such as the possibility to have the ReadOnly access to Maestro, a huge update to C-level, tenant-l...
Read more