A Security Analyst, A Lead Developer, And A Cloud IT Admin Walk Into A Bar... Stop me if you’ve heard this one before. When we talk to users about the ways that they handle roles and responsibilities associated with keeping their Cloud accounts secure, we get a multitude of answers. There’s often a wide range of people and teams from various parts of the business, each handling a portion of the problem space. Addressing cloud security concerns can be a complicated puzzle that comes together differently for each organization. This is especially true when your teams, responsibilities, and assets are increasingly distributed.
“IT team oversees cloud configuration management, and AWS specific resources help with technical details. We’re upskilling the app team and there's are dedicated AWS resources to help” Lead Application Developer, Retail “A lot of people from across the globe, making a change they don't know the impact of...we haven't come up with a great way to control this.” Sr. IT Architect, Mgmt Consulting Firm “Onboarding/offboarding resources...we need an automated solution to remove resources from projects or from the company.” Lead Applications Developer, Retail “Global Ops has dedicated cloud resources because they don't do a lot of on-prem. They have specific 365 teams, Azure teams. 300k users worldwide, so pretty specialized.” Sr Network Security Engineer, Accounting firm
When it comes to the move to the Cloud, a lot of people and teams have to wear the Security hat, but it doesn’t always fit perfectly. One thing most companies have in common is a need for a set of requirements along with clear, repeatable playbooks to get into a good state and stay there. Tripwire can help.
Start With A Solid Foundation
An extremely common question we’ll hear when it comes to addressing security risk is, “Where should I start?” This is true whether we’re talking with people trying to take in an entirely new problem space or with experienced security teams trying to make sure their limited resources are being applied to the most important issues. When it comes to assessing Cloud Service Provider account level risk, the Center for Internet Security has created a perfect foundation. These are unsurprisingly called Foundations benchmarks, and they exist for AWS, Azure and Google Cloud. They focus on account settings related to Identity and Access Management, Logging, Monitoring, Networking and more, which make up the key security elements of your accounts. Tripwire collects your account configuration settings and evaluates them against the Center for Internet Security Foundations Benchmark. This gives you immediate, glanceable visibility into the current state, and it makes it easy to see which areas need attention. Once you know the state of your account, it’s important to know which discovered issues to spend time on. Tripwire incorporates prioritized risk scoring so that you can fix issues with the highest risk first. This way, from the very first scan you run, you’ll know where you stand and where to start if there’s work to be done.
Intruders Attack At The Speed Of Automation
The image of a sinister hacker clacking away at keys as they manually duck and weave around their target’s defenses makes for good television, but we know the reality is much more boring to watch. Unfortunately, it's also much faster. The truth is that much of this malicious activity is leveraging automation to multiply the efforts of a would-be intruder. Where possible, security teams need to leverage that same speed provided by automation. Some problems have repeatable solutions and follow the same playbooks as they come up. We’ve heard from teams that have members spending almost all of their time rechecking existing configurations and moving things back into expected states as they drift. This is the type of activity we’d like to take off of your team’s plate to open up their time for more complicated issues. This is especially important in today’s security landscape, where 69% of companies reported understaffed cybersecurity teams, 58% reported open security positions, and 32% of open security positions took 6+ months to fill. Automation also provides reliability. 62% of companies report misconfigurations as their greatest risk, and 95% of breach root causes are attributed to human error or misconfiguration. Tripwire can minimize human error and quickly close security gaps through configuration policy enforcement. Manual remediation details are available, but wherever possible, we’ve also enabled the user to “Fix Now” with a single button push. In those cases, there is also an option to automatically fix issues they are found to be insecure down the road.
Visibility That Grows As Fast As Your Business
As your cloud environment takes on more workloads, your number of active cloud accounts increases to match the growing needs of your business. Expanding the number of accounts to track and monitor can feel like a daunting task, but it doesn’t have to. AWS has a great feature, called a Launch Stack URL, which allows Tripwire to bundle up all of the necessary permissions into a set of predefined actions that can be run automatically. Leveraging this feature, we can give you a single button to get started and put everything in place to monitor your new account. Using this quick start method, we’re able to set up a new AWS account for monitoring in a few clicks and can have results ready to view in under 5 minutes. Leveraging AWS External account access also allows us to monitor an AWS account without storing credentials or access keys that a user needs to rotate, which means even less Identity and Access Management administrative overhead for your teams.
It Only Takes A Few Minutes
So, a Security Analyst, a Lead Developer, and a Cloud IT Admin walk into a bar. Before they even have a chance to order, the bartender lets them know that they’ve been expected, and will have their order up right away. Let us show you what that’s like. Go ahead and Request A Demo, and find out how Tripwire can help.