Simplify your security audit in AWS with VMS developed by Globant
If you’ve been in the IT industry for a while, you’ve probably noticed that the cloud is constantly changing the way we develop, deploy, and use software. Amazon AWS is not an exception, in fact, AWS has been an essential part of this constant evolution.
Recently, many companies have decided to migrate their infrastructure to the cloud, just at that time, they realize that many existing on-premise security controls do not directly correlate to the cloud model.
Security in AWS
AWS works based on the shared responsibility model, This means that it separates most responsibilities into two categories: security of the cloud (managed by AWS) and security in the cloud (managed by the customer). In this way, the customer’s operational burden can be relieved, since AWS controls, administers, and manages the host components, the virtualization layer, and even the physical security of the facilities where the information rests, that is, AWS has a lot of caution with the safe handling of information. Then the responsibility of the client is determined by the services that he chooses, which depends a lot on the configurations that he makes to determine good security in his system. These include the selection of the operating system, the applications, the security groups, the definition of ACLs, the management of AWS accounts, Firewall configuration, and identity management, among others.
This is why it is essential for cloud clients to know and have a good configuration of the services and apply the best security practices, likewise, it is crucial that the implementation of the management system is a constant implementation, there must be a constant review and continuous improvement. In other words, it is essential to rely on tools that audit and clearly present the vulnerabilities or failures in the configuration of the services that are the responsibility of the customer, one of these wonderful tools is VMS.
What is VMS?
VMS is the vulnerability management system developed by Globant’s Cybersecurity Studio, designed as a centralized platform for security findings based on different types of controls (Code, Application, Components, and Cloud).
Architecture
VMS has many useful and friendly features like:
- Web Dashboard.
- Vulnerability orchestration (SAST, DAST, and so on).
- Trend analysis from historic data.
- Configurable Reports Output to PDF, XLS, and CSV.
- Third-party tools integration.
- Ability to integrate with CICD Pipeline.
- Security maturity process to identify gaps (OWASP SAMM).
- Threat intelligence using NVD information.
- License check for components.
- Cloud Controls using CIS Controls.
- Compliance Pre-loaded checks for industry standards.
Today we will focus on the Cloud Controls feature on the AWS cloud, where we can highlight:
- Controls extracted from CIS Benchmark.
- Each new scan checks for new control.
- Detail of not passed controls, including offender resources.
- Automated scans, daily, weekly, bi-weekly, and monthly.
Getting Started — Permissions
To begin, we need to define an AWS account with the necessary permissions so that VMS can perform cloud analysis, for this, you must enable:
- ReadOnlyAccess
- SecurityAudit
Configuration of AWS environments in VMS
Once we have a user with the required permissions, we can add each cloud environment to our VMS Project
There we can add as many environments as accounts we want to audit.
We must have our AWS Access Key and AWS Secret Access Key at hand, which will allow the VMS to link with the AWS environment that we want to analyze. These Keys are found in the “Command line or programmatic access” of each of our environments.
Then we can easily copy and add them to VMS.
Finally, we fill out our form with the data of our environment, without forgetting the initial date on which the analysis will begin and the frequency that we want, remember that it can be daily, weekly, bi-weekly or monthly.
Result analysis
After adding our AWS environments we can perform an analysis immediately by clicking on “Scan”, it will take a few seconds, after finishing the analysis we can access our audit report.
This analysis audits the resources from ACM, Lambda, CloudFormation, CloudTrail, CloudWatch, DynamoDB, EC2, EFS, IAM, KMS, RDS, VPC, SNS, Secrest Manager, and other services.
Here you can see an example of what your report would look like in VMS.
As you can see, you can find controls like “Bucket Access Logging Disabled” in the Buckets, if this policy is disabled you will get the result of “Not Passed”, also, for example, with EC2 instances and their Roles, if you don’t have an Unusued Role for EC2 Service your result will be “Passed”. Indeed VMS allows us to filter the results by categories such as Access keys, Buckets, Clusters, Policies, Roles, and more.
In each result we can find information such as name, a brief description, the category to which it belongs, the date of the last scan performed, the result of the control analysis, if it has offenders, references and finally we can perform the actions to see more in detail the control or disable it.
In this way it is possible to review each of the services in detail and configure them in the safest way, thus we will take full advantage of everything that AWS offers us, for example, key services such as KMS or services such as CloudWatch, IAM, CloudTrail, and many others.
Generating our report
Finally, VMS allows us to export a report of our audit, either in PDF, XLS, or CSV, in which we will find the same results that we find in VMS, we simply go to the end of the list and click on one of the icons Excel, CSV, or PDF.
Conclusion
VMS is a complete system, which provides the user the ability of a protected cloud environment, with the best configuration practices and controls of the services provided by AWS, taking full advantage of the benefits that this cloud offers us. Also allows the consolidation of SAST and DAST controls in the same management system, contributing to the secure development life cycle.
