Cavirin Blog

Amazon Web Services - Security in AWS

CIS AWS Benchmark

Cavirin’s Platform manages the day-to-day challenges of implementing security best practices and assessing operational risk against the major compliance frameworks, including PCI, CIS, HIPAA, ISO, NIST, DISA and many more for on-premise, clouds and hybrid environments. It was purpose built as a single solution for managing risk and compliance in the enterprise. It works in the data center environment as well as in the cloud. It becomes a single compliance fabric that you can extend across your entire network, applying the same policies everywhere. Cavirin’s solution continuously monitors the entire environment and maps changes against operational and regulatory policies. By elevating the visibility of network changes as they happen, Cavirin ensures that you are always in a position to evaluate your level of risk and compliance and adjust it to suit your business’s unique needs. 

The Cavirin Platform implements the latest Center for Information Security - CIS AWS v1.0.0 Benchmark, providing prescriptive guidance for establishing a secure configuration posture for AWS cloud environments. Our CIS benchmark implementation is an elegantly integrated and easy to use menu driven toolset with customized reporting as an integral part of the platform.

AWS ARAP

AWS provides many options for protecting your applications and services in your cloud environment and Cavirin’s platform assures and documents that your environment is in compliance. With Amazon’s many protection services you can protect your data from both logical and physical failures, guarding against data loss from unintended user actions, application errors and infrastructures. For customers who must comply with regulatory standards such as PCI, HIPPA, FISMA, SOC2, etc., Cavirin can provide radical visibility to validate these protection features as part of an overall compliance strategy.

Achieving and maintaining AWS compliance demands both visibility and understanding of what’s deployed in your cloud environment. This picture applies to all applications, data, services and configuration, as compared to industry expectation and as tailored to your company’s unique assessment level controls.

The Center for Internet Security (CIS) Benchmark program provides well-defined, un-biased and consensus-based industry best practices to help organizations assess and improve their security. The Security Benchmarks program is recognized as a trusted, independent authority that facilitates the collaboration of public and private industry experts to achieve consensus on practical and actionable solutions. Cavirin actively supports CIS controls, as a partner and frequent contributor to the member community. 

This latest implementation of the CIS AWS benchmarks provides guidance to ensuring “Security Best Practices” for operating a secure and well managed cloud environment that meets the AWS recommendations. Major progress towards both compliance and security starts with knowing you have chosen a proven reference to base your assumptions on. How you measure the assurance of your systems and processes without trying to reinvent the wheel, may turn out to be one of your greatest accomplishments.

Cavirin’s Continuous Security Platform incorporates the CIS AWS v1.0.0 Benchmark, which provides prescriptive guidance for configuring security options for a subset of AWS with an emphasis on foundational, testable, and architecture agnostic settings. 

Specific Amazon Web Services in scope for this benchmark include: 

  • AWS Identity and Access Management (IAM) 
  • AWS Config 
  • AWS CloudTrail 
  • AWS CloudWatch 
  • AWS Simple Notification Service (SNS) 
  • AWS Simple Storage Service (S3) 
  • AWS VPC (Default)

AWS CLOUD SCANNING

Our platform cloud scanning capability perfectly demonstrates Cavirin's unique product offering for today's cloud security compliance requirement.  Among it's many features, Cavirin offers:

  • Quick Install with EC2 AMI image distribution
  • Ability to scan EC2 Classic as well as EC2 VPC resources
  • Cloud scan authorization using instance-level IAM permissions
  • Discovered Cloud Elements/Configurations
    • VPCs
    • EC2 Instances
    • Snapshots
    • Images
    • Elastic Load Balancers
    • Key Pairs
    • Security Groups
    • Images
    • Users
    • Groups
    • Placement Groups
    • Autoscaling GroupsAWS Hardening Best Practices

AWS SECURITY HARDENING POLICIES

The Platform's Policy Categories, configured to report over your AWS environments include:

  • Information Flow Management
  • Authentication Management
  • Access Enforcement
  • Audit Events
  • Least Functionality
  • Identification & Authentication

CIS AWS Foundation Benchmarks

  • 40 Policies Covering the following configuration categories
    • Information Flow ManagementAWS Foundation CIS Benchmark
      • Passwords
      • Multi-factor Authentication
      • Access Key Rotation
    • Authentication Management
      • IAM Authorization
    • Logging
      • CloudTrail enablement
      • AWS Config enablement
      • S3 Bucket Logging
    • Monitoring
      • VPC Changes
    • Networking
      • Default security group restriction
      • Security group ingress and egress traffic rules

AWS Inspector Integration

AWS Amazon Inspector

Password rulesSupports 16 AWS Inspector Policies covering:

  • Secure protocols
  • Least privilege rules
  • Connection sessions

Cavirin comes with over 30,000 out-of-the-box policies. You can easily modify those policies, or create and update your own. Contact us to find out how we support CIS Benchmark AWS as well as other CIS controls.  

0
0
0
s2sdefault

Cavirin provides security management across physical, public, and hybrid clouds, supporting AWS, Microsoft Azure, Google Cloud Platform, VMware, KVM, and Docker.