Dome9 Security, the public cloud security company, today announced powerful new capabilities in the Dome9 Compliance Engine that extend the scope of the platform’s automation beyond security and compliance monitoring and assessment to active remediation. Using this new Compliance Engine functionality, enterprises can accelerate the resolution of dangerous misconfigurations and minimize the window of vulnerability in their public cloud environments. In this blog, we will examine the use case in more detail.
Problem: Shrinking Windows to Respond to Security Issues
The public cloud is driving many SOC teams to re-evaluate how they find and fix issues in their environments. In the software-defined world of the cloud, a single software configuration change can expose valuable assets to the public. The window to detect and respond to service misconfigurations and data exposure is ever-shrinking. The sharp rise in the number of recent S3 bucket leaks (Fedex, Honda) and attacks (etcd DDOS attack) in the news that have led to large scale financial and reputation damage. The only reliable way to consistently accelerate the time to misconfiguration detection and time to resolution in the cloud environment is through automation.
Attacks can happen for a multitude of reasons, but delay in time to resolution largely occurs due to the inefficiencies in SOC workflows today.
[wp_colorbox_media url=”https://dome9.com/wp-content/uploads/2018/06/D9_CloudBots-Blog-Images-01-960×320.png” type=”image” hyperlink=”https://dome9.com/wp-content/uploads/2018/06/D9_CloudBots-Blog-Images-01-960×320.png” alt=””]
Let us take the example of a misconfiguration in an S3 bucket that leaves it compromised. If you have a policy system with alerting capabilities set up, your security team receives the SOC ticket. Now they have to work with the individual developer to fix bucket permissions. This back and forth can take days, or even weeks. The implication of this is the growing attack window and potential compromise to the organization. The SOC team is racing against time as they wait for a few days/weeks until the issue gets resolved.
[wp_colorbox_media url=”https://dome9.com/wp-content/uploads/2018/06/D9_CloudBots-Blog-Images-02-960×274.png” type=”image” hyperlink=”https://dome9.com/wp-content/uploads/2018/06/D9_CloudBots-Blog-Images-02-960×274.png” alt=””]
Now let us walk through best practices and suggestions to minimize attack exposure. For customers who deploy Dome9, the Compliance Engine can immediately detect configuration changes that result in policy violations or exposures. Although this workflow results in Dome9 automatically instantiating a JIRA ticket, the process beyond this point is human dependent. The SOC team still has to pick up this ticket from a priority list and work with the appropriate infrastructure developer to fix the issue. This process could still take time and is not sufficient for certain operations.
The Solution: Dome9’s Compliance Engine (Detection) + CloudBots (Auto-Remediation)
For time-sensitive and other critical operations, Dome9 provides an end to end solution that detects and remediates critical issues in your cloud environment.
[wp_colorbox_media url=”https://dome9.com/wp-content/uploads/2018/06/D9_CloudBots-Blog-Images-03-960×480.png” type=”image” hyperlink=”https://dome9.com/wp-content/uploads/2018/06/D9_CloudBots-Blog-Images-03-960×480.png” alt=””]
Misconfiguration Detection: Dome9’s Compliance Engine runs assessments with pre-configured best practices or compliance frameworks and generates automatic report findings on elements that do not comply to the SOC team. This is a critical step as these rules and policies provide appropriate alerts that are essential for the SOC team to identify potential security exposures.
Remediation: After well-defined and mature policies are in place for your organization, customers can implement automatic remediation of critical workflows as best practice. For example, the SOC team can add tags to S3 buckets and subsequently enable automatic remediation (for example remove public facing permissions on bucket, delete bucket). Or if the Compliance Engine finds common vulnerabilities and exposures (CVE) for a missing update, it can trigger a lambda function to update the instance.
Dome9’s Compliance Engine + CloudBots are an end-to-end solution that identify security risks in real-time and automatically take user-defined remediation actions to fix problems. For more information please visit: cloudbots.io and Dome9 Github repository.