The Complexity of Cloud Computing Increases Security Risks

Cloud security is complex and distributed. In organizations with on-premise environments, the controls sit with the network security team and in firewalls. In the cloud, controls sit with multiple DevOps teams, Kubernetes, 3rd parties, inside AWS, etc. Cloud security controls may not be implemented by security teams but by numerous application developers. The impact is an exponential growth in misconfigurations that are leaving resources with unintended or accidental exposure to the Internet.

Security challenges in the cloud have become so prevalent that Gartner has defined Cloud Security Posture Management (CSPM) as a new category of security products designed to identify misconfiguration issues and risks in the cloud. CSPM solutions are typically used by security organizations that want the equivalent visibility and security that they’ve had with on-premise environments.  

Furthermore, today’s cloud-native applications are built on services that are based on containers orchestrated with Kubernetes. For example, Amazon’s managed service for running Kubernetes is Elastic Kubernetes Service (EKS), but users can create security controls to protect their EKS clusters. 

RedSeal Stratus can help security teams better manage this increased risk with:

  • Complete and up-to-date visualization of their cloud infrastructure 
  • Detailed knowledge of Kubernetes accounts and policies 
  • Specific identification of resources exposed to the Internet  

According to Gartner, through 2030, at least 99% of cloud security failures will be the customer’s fault.   

STRATUS:
RedSeal’s new SaaS-based CSPM solution

EXPOSURE

Immediately identify exposure to the Internet

MAPS AND INVENTORY

Visualize your complete AWS cloud architecture

EKS INVENTORY

Examine your EKS inventory

IMMEDIATELY IDENTIFY EXPOSURE TO THE INTERNET

Several of the largest data breaches occurred when cloud misconfigurations left critical resources exposed to untrusted networks. RedSeal Stratus provides much greater detail than tools provided by native CSPs, enabling security teams with a built-in report of all resources exposed to the Internet, pre-calculated and grouped by tags. 

Tags are fundamental in cloud environments because they enable you to categorize your resources with different labels, such as purpose, owner, or environment. These are important when you have multiple resources of the same type—you can quickly identify specific resources based on the tags that you’ve assigned.  

RedSeal Stratus provides: 

  • Out-of-the-box reporting on all resources by tag  
  • Drill down capabilities to identify exact security controls in cloud accounts, VPCs, NACLs, and security groups 
  • Key information to inform your remediation options, from security groups to specific identification of ports/protocols controlling the access that may be allowing exposure

VISUALIZE YOUR AWS CLOUD ARCHITECTURE WITH MAPS AND INVENTORY

After you’ve addressed unintended exposure, the next priority for security teams should be understanding connectivity between and within cloud resources. Native CSP tools provide basic capabilities to monitor and secure cloud environments, which may be sufficient for smaller, cloud-first companies. However, teams at larger enterprises are being asked to secure huge cloud environments and benefit from a visual, interactive model of their organization’s cloud resources.  

RedSeal Stratus enables security teams to:
 

  • View a map of all AWS accounts, VPCs, gateways, and subnets 
  • Visualize the connections between your AWS resources and within AWS accounts 
  • View your AWS inventory and drill down into details in milliseconds 

Other security products may show you connectivity where there is traffic, but only RedSeal Stratus can calculate how an instance gets to the Internet, what security points it goes through, and through which port and protocols–independent of live traffic and without having to deploy an agent. 

EXAMINE YOUR EKS INVENTORY

According to AWS, a majority of organizations have experienced container security incidents. Securing EKS clusters starts with understanding your inventory, if you have overly permissive accounts, and identifying if you have services unintentionally residing outside of your defined clusters.

With RedSeal Stratus, you can go beyond the native tools available in your CSP:  

  • View and search EKS inventory, and drill down into each resource, including namespace, pods, services, and clusters 
  • Identify over permissive user and service accounts 
  • Quickly identify services exposed outside the cluster 

GET A DEMO OF STRATUS

Stop unintended exposure and bring all your AWS network infrastructure and EKS inventory into single comprehensive visualization.

RedSeal Launches New Cloud Security Posture Management Solution to Empower Security Teams -Learn More
+
X