SecOps Maturity Assessment
This user guide explains how to perform a SecOps Maturity Assessment for your cloud account using CoreStack.
Overview
CoreStack can assess your onboarded cloud accounts periodically to identify any violations and generate a SecOps Maturity Assessment Report. This assessment is performed against specific assessment scenarios, each having its own definition and weight.
The assessment analyzes how your cloud account is performing with respect to various security aspects. Based on the number of violated resources per scenario, a maturity index is derived. This maturity index helps you understand how your cloud account is performing over a set time period.
Required Permissions (AWS, Azure, and GCP)
A cloud account must first be configured with the required privileges prior to onboarding the cloud account to perform a SecOps Maturity Assessment.
Read-only access to most services should be sufficient for the SecOps Maturity Assessment.
Note: For governance, you can also onboard a cloud account with Assessment + Governance settings.
Important: For Assessments, you must provide access to the relevant Cloud resources to understand whether the resources are configured properly.
Onboarding Prerequisites
AWS
Azure
- How to Onboard an Azure Subscription (Pay as You Go)
- How to Onboard an Azure CSP Direct Account
- How to Onboard an Azure CSP Subscription
- How to Onboard an Azure EA Subscription
GCP
How it works
CoreStack has a defined set of assessment scenarios based on your cloud platform, cloud services, and cloud resource types that are available in your cloud account. These assessment scenarios are based on industry standards and best practices, including those recommended by AWS, Azure, and GCP. The SecOps Maturity Assessment Report is built around five governance pillars:
- Operations
- Security
- Cost
- Access
- Resource Consistency.
The system checks the status of your cloud environments against each of the five pillars and provides a consolidated report that covers multiple aspects of your cloud accounts. For example, the Security assessment will include checks for multiple aspects, such as threats, vulnerabilities, risks, compliance, and security. Similarly, each pillar will have all their key areas covered as part of the assessment.
The system checks for the compliance percentage across your resources for each assessment scenario. And each scenario carries a certain weight based on how critical that is. An Assessment Score is provided for your cloud account by calculating the weighted average of the results across all scenarios.
Navigation
Perform the following steps to access the SecOps Maturity Assessment Report:
- Click Reports.
- In the Global tab, click Security > SecOps Assessment.
- You can select the required cloud account and view its report(s).
Assessment Reports
CoreStack provides a detailed SecOps Maturity Assessment Report for specific Governance Pillars and Cloud Accounts.
The report summary provides information about each assessment scenario for the selected cloud account, as well as an overall score for the account and the Governance Pillar. This helps users understand the specific areas where the account requires improvements, and makes recommendations for any necessary next steps.
The Assessment Report shows the following information:
- Executive Summary
- Report Summary with respect to vulnerabilities, threat, config violation, and compliance.
- Deeper Assessment of vulnerabilities, threat, and compliance.
The report can be printed or exported in PDF and Excel file formats. While in the report, you can switch between different Tenants, Cloud Accounts, and Assessment Dates to view the report and export the one that you need.
The Assessment Detail section provides a deeper view into the assessment results. You can view the number of violated resources and total number of resources assessed for each of the assessment scenarios.
The actual resources that are in violation are also listed after each Assessment Category. This helps the cloud admin to identify the actual resources in violation so they can take immediate action to resolve them.
Report Generation after Onboarding
After onboarding, you will receive an email notification once the SecOps Maturity Assessment report is ready.
You can also select to "Trigger SecOps Assessment" from within the Account Governance dashboard.
SecOps Maturity Assessment Report
The SecOps Maturity Assessment Report contains the following sections:
- Executive Summary: This page shows the compliance score, potential threats, and potential vulnerabilities.
- Report Summary - Vulnerabilities: This page shows the vulnerability breakdown by severity and concentration of high vulnerability levels by region.
- Report Summary - Threat: This page shows the threat breakdown by severity and concentration of high threat levels by region.
- Report Summary - Config Violation: This page shows the top configuration violations by resource type and concentration of high configuration violations by region.
- Report Summary - Compliance: This page shows the compliance standards of the account, compliance state, number of success controls, and total number of controls.
- Deep Vulnerability Analysis: This page shows the total number of vulnerabilities for an account, the regional distribution of vulnerabilities, the vulnerability trend over the last six months, regions and resource types with the most vulnerabilities, the vulnerability trend for a region, and the duration for which the vulnerabilities existed in resources.
- Deep Threat Analysis: This page shows the threats for resource categories and regions in a month, the threat trend over the last six months for an account, threat count, threat types, regions and service types with the highest threats, and the regional threat trend over the last six months.
- Deep Compliance Analysis: This page shows a deeper analysis of compliance standards for the cloud account.
Updated 6 months ago