The Complexity of Cloud Security Risks in Cloud Computing

Cloud security is complex and distributed. In organizations with on-premise environments, the controls sit with the network security team and in firewalls. In the cloud, controls sit with multiple DevOps teams, Kubernetes, 3rd parties, inside AWS and Azure, etc. Cloud security controls may not be implemented by security teams but by numerous application developers. The impact is an exponential growth in misconfigurations that are leaving resources with unintended or accidental exposure and vulnerability pathways to the Internet.

Ransomware and cyber criminals are evolving to the cloud. Cloud security challenges have become so prevalent that Gartner has defined Cloud Native Application Protection Platform (CNAPP) as a new category of security products designed to identify misconfiguration issues and risks in the cloud. Cloud Security Posture Management (CSPM) is a subset of this category along Network Configuration and Policy Management. CNAPP solutions are typically used by security organizations that want the equivalent visibility and security that they’ve had with on-premise environments.

Furthermore, today’s cloud-native applications are built on services that are based on containers orchestrated with Kubernetes. For example, Amazon AWS’s managed service for running Kubernetes is Elastic Kubernetes Service (EKS), but users can create security controls to protect their EKS clusters. The equivalent managed service for Microsoft Azure is called Azure Kubernetes Service (AKS) and for Google GCP is called Google Kubernetes Service (GKE).

RedSeal Stratus can help security teams better protect against ransomware with:

  • Understand if critical resources are exposed to the Internet with integrations into ticketing systems 
  • Insights into industry standard CIS compliance violations  
  • Complete and up-to-date inventory and connectivity (visualization) of their cloud infrastructure  
  • Detailed knowledge of Kubernetes accounts and policies

According to Gartner, through 2030, at least 99% of cloud security failures will be the customer’s fault.   

DEMO: RedSeal Stratus Overview

This video in the RedSeal Demonstration Series is an overview of our new product, RedSeal Stratus, a cloud-native Security Posture Management System designed to help customers see and secure their hybrid-cloud environments by using outcome-oriented workspaces covering Inventory, Compliance, Exposure and Reporting – with more to come!

RedSeal Stratus Case Studies

EXPOSURE

Identify Critical Resources Inadvertently Exposed to the Internet

Accurately visualize your entire infrastructure

Easily remediate incidents via seamless ticketing integration

Display cloud security posture over time and see where you are most exposed

INVENTORY

Visualize Your Multi-Cloud Inventory and Connectivity with Maps

Proactively map all of your Azure subscriptions and AWS accounts

Map your gateways, subnets, VPCs, VNets, and security groups

Quickly identify any environment changes with automated reports

COMPLIANCE

Achieve Continuous Compliance in Your Multi-Cloud

Simplify and ensure continuous 24/7 compliance

Provide extensive reporting on compliance status

Enable customized compliance policies appropriate for your organization

STRATUS: RedSeal’s new SaaS-based CSPM solution

EXPOSURE

Immediately identify exposure to the Internet

MAPS AND INVENTORY

Visualize your complete AWS and Azure cloud architecture

KUBERNETES INVENTORY

Examine your EKS, AKS, and GKE inventory

IMMEDIATELY IDENTIFY EXPOSURE TO THE INTERNET

Several of the largest data breaches occurred when cloud misconfigurations left critical resources exposed to untrusted networks. RedSeal Stratus provides much greater detail than tools provided by native CSPs, enabling security teams with a built-in report of all resources exposed to the Internet, pre-calculated and grouped by tags. 

Tags are fundamental in cloud environments because they enable you to categorize your resources with different labels, such as purpose, owner, or environment. These are important when you have multiple resources of the same type—you can quickly identify specific resources based on the tags that you’ve assigned.  

RedSeal Stratus provides: 

  • Out-of-the-box reporting on all resources by tag  
  • Drill down capabilities to identify exact security controls in cloud accounts, VPCs, VNets, NACLs, and security groups 
  • Key information to inform your remediation options, from security groups to specific identification of ports/protocols controlling the access that may be allowing exposure
EKS Inventories can be monitored and examined for internet exposure with ease. RedSeal Stratus you can quickly identify and fix any vulnerabilities.

VISUALIZE YOUR AWS AND AZURE CLOUD ARCHITECTURE WITH MAPS AND INVENTORY

After you’ve addressed unintended exposure, the next priority for security teams should be understanding connectivity between and within cloud resources. Native CSP tools provide basic capabilities to monitor and secure cloud environments, which may be sufficient for smaller, cloud-first companies. However, teams at larger enterprises are being asked to secure huge cloud environments and benefit from a visual, interactive model of their organization’s cloud resources.  

RedSeal Stratus enables security teams to:
 

  • View a map of all AWS accounts, VPCs, Azure subscriptions, VNets, gateways, and subnets 
  • Visualize the connections between and within your AWS and Azure resources
  • View your AWS and Azure inventory and drill down into details in milliseconds 

Other security products may show you connectivity where there is traffic, but only RedSeal Stratus can calculate how an instance gets to the Internet, what security points it goes through, and through which port and protocols–independent of live traffic and without having to deploy an agent. 

Visualize your organization’s AWS cloud architecture with RedSeal Stratus. A tool that places all cloud infrastructure in one place to assess any internet exposure and vulnerabilities.

EXAMINE YOUR EKS, AKS, AND GKE INVENTORY

According to AWS, a majority of organizations have experienced container security incidents. Securing EKS clusters starts with understanding your inventory, if you have overly permissive accounts, and identifying if you have services unintentionally residing outside of your defined clusters.

With RedSeal Stratus, you can go beyond the native tools available in your CSP:  

  • View and search EKS, AKS and GKE inventory, and drill down into each resource, including namespace, pods, services, and clusters 
  • Identify over permissive user and service accounts 
  • Quickly identify services exposed outside the cluster 
RedSeal Stratus provides a deep visual of your organization’s cloud hierarchy. This tool helps identify exposure within your EKS inventory.

Resources

WHITE PAPER

How Should I Secure My Cloud?

Native CSP vs. third-party controls

TOP TIPS REPORT

Safeguard Your Cloud Journey

DarkReading shares comprehensive security solutions for IT leaders

WEBINAR

Locking Down Unintended Exposure

ISSA: Why unintentional exposure is so rampant and industry response

Eliminate unintended risk exposures with RedSeal Stratus. All network infrastructures and cloud inventories are mapped into a single pane of glass to help identify vulnerability pathways to secure your ransomware attack against sophisticated cybercriminals.

GET A DEMO OF STRATUS

Stop unintended exposure and bring all your AWS and Azure network infrastructure and EKS, AKS and GKE inventory into a single comprehensive visualization.

X