From how we communicate to how we travel and work, cloud computing and applications built in the cloud have made our lives happier and more productive. However, this ever-increasing cloud dependency has a downside – its security posture. Cybercriminals know, by exploiting simple mistakes, they can disrupt our lives and business. The ease with how misconfigurations have led to cloud hijackings and data breaches has become a nightmare for security.
Two years back, we launched CloudHealth Secure State, built on a next-generation interconnected cloud security architecture, to help public cloud users better manage cloud risk. Since then, CloudHealth Secure State has transformed cloud security at numerous companies, helping them get deeper security visibility and protect over 50 million assets in AWS, Azure, and Google Cloud environments.
CloudHealth Secure State is a real driver for collaboration between Axway’s disparate security, operations, DevOps, and R&D teams. It delivers actionable intelligence about cloud risks to help each team meet its varying security objectives. The service is unique in its ability to deliver additional context that’s often missing in cloud security.Director of Cloud Security, Axway
Today, at VMworld, I am pleased to announce two new revolutionary capabilities in CloudHealth Secure State, a new Kubernetes Security Posture Management (KSPM) solution and Explore - the next-generation search and investigation engine, to help your teams get even deeper risk visibility and advanced detection across your entire public cloud infrastructure, supporting both containerized and VM-based applications.
Let’s Define Cloud Security Visibility
In recent research by VMware and the Cloud Security Alliance, 68% of companies reported that lack of visibility is the biggest reason why they couldn’t prevent a misconfiguration-related security breach last year.
As a cloud user, the quest for visibility, begins with an understanding of shared responsibility model. For example, when running a modern app in a cloud provider managed Kubernetes (K8s) service, even though the provider secures the K8s control plane, you are still responsible for correctly configuring the managed K8s service, cluster resources, and any public cloud resource that K8s infrastructure creates or consumes outside the cluster.
And within your own cloud environment, you need both breadth and depth of security visibility. It means having the ability to monitor every single provider, account, and service with appropriate policies, but also deep insight into various resources, configuration dependencies, and numerous paths a hacker can traverse to access data or take control of your cloud environment.
Let’s look at an example. In the scenario above, you are controlling K8s access permissions using cloud IAM roles and virtual firewall settings of VMs running the K8s nodes. K8s infrastructure is also configured to access information via other managed services such as cloud databases or serverless functions.
Such complex architectures and API connections between services today are very common, and offer criminals a greater attack surface, creating more opportunities to penetrate and exploit your application infrastructure. You really need deeper security visibility to manage risk effectively.
How CloudHealth Secure State Delivers Greater Risk Context
To counter such risks, CloudHealth Secure State has pioneered an intelligent cloud native security approach, built on a real-time, interconnected cloud inventory model. The service supports over 350 cloud resources to enable comprehensive visibility in AWS, Azure, and Google cloud environments.
By modeling all your inventory in an interconnected, graph database, the service makes it easier to inspect resources, metadata, relationships, and changes. You can quickly visualize different paths a criminal can take to access sensitive data or escalate privileges to hijack cloud accounts.
The service also includes a robust governance engine, with over 900 pre-defined rules and 18 best practices frameworks, to help you identify misconfigurations and improve multi-cloud security posture. As new cloud services are launched and new threat vectors emerge, our dedicated content teams help you stay on top of risk with regular, bi-weekly enhancements.
What’s New - Explore – Powerful, Multi-Cloud Search
To effectively manage cloud security operations, beyond identifying misconfigurations, you also need an easy way to search cloud inventory. With Explore, a real-time, search and investigation engine within CloudHealth Secure State, we expose the true power of our intelligent cloud data model, enabling you to quickly find resources, understand relationships, and visualize security and compliance risk.
Today, with the General Availability of Explore, we are pleased to offer the next generation of cloud search, introducing new search types, filters, and functions that make it even easier to query information across multiple providers, regions, and accounts in a central view. You can now also save search queries for reference and export results to share with other team members.
Here are some examples of useful Explore searches:
Wildcard search: Resources that contains “0.0.0.0/0” in AWS, Azure, or Google Clouds
Aggregation search: Number of EC2 instances running per AWS region
Inventory views: Configurations, change history, and activity logs on a selected instance
Graph view: Everything connected to that EC2 instance
As you can see, with Explore, your security team does not require coding proficiency. In fact, with simple queries, they can easily answer questions and reduce investigation time from days to minutes.
What’s New – Kubernetes Security Posture Management (KSPM)
Kubernetes (K8s) has become the de-facto standard for managing containerized infrastructure and presents new attack vectors and areas of potential security misconfiguration.
Today, many of you prefer to run Kubernetes clusters within managed K8s services such as Amazon EKS, Microsoft AKS, or Google GKE. With the growing popularity of these services, cloud providers are now also introducing unique capabilities, to make it easier to manage K8s resources and access other cloud services outside the K8s cluster. This is leading to the creation of new K8s and cloud resource types, each of which are unique to a specific cloud provider. This evolution of K8s means that your security teams not only must learn the K8s security fundamentals but also understand security nuances specific to each provider.
For example, in an Amazon EKS cluster, you can now associate a cloud IAM role (cloud resources) with a Kubernetes service account (K8s resources). And if you accidentally assign a cloud admin role, you could end up exposing your whole cloud account.
With CloudHealth Secure State, you will get an advanced K8s security posture management solution, to more securely configure K8s resources but also understand risk due to relationships between cloud resources and K8s cluster. As seen in the sample security finding above, our interconnected cloud architecture makes it easy to visualize risk due to relationships between the service account and your AWS admin IAM role.
And in the future, as cloud providers continue to diverge Kubernetes and introduce enhancements for deeper integration with other cloud service types, CloudHealth Secure State will be able to easily model those services and resource types, enabling you to continue to seek advanced security and compliance management benefits from our platform.
New Kubernetes Security Posture Management solution enables:
- Auto-discovery of cloud provider managed K8s clusters
- CIS compliance benchmarks for Amazon EKS, Microsoft AKS, and Google GKE
- Advanced security rules for configuration mapping across K8s and cloud resources
- Projects and RBAC controls for developers to self-monitor security findings
- Automatic filtering of alerts and finding suppressions to reduce false positives
Our mission at CloudHealth Secure State is to help your organization better manage cloud risk. With the new Kubernetes support and improved Explore functionality, you can now reduce security blind spots while managing cloud and Kubernetes security posture with a single cloud-native security platform.
To learn more about CloudHealth Secure State, please book a free demo today.