Security Posture

Introduction

Continuous checks on the security posture of your cloud accounts are essential to maintaining a secure cloud environment. The Security Posture feature in CoreStack provides information about threats, vulnerabilities, and guardrail findings across your cloud accounts. The summary section provides the consolidated counts across all accounts, and the grid section provides account-specific details.

  • Threats: These are consolidated security alerts and threats that originate from cloud-native threat management services such as AWS GuardDuty and Azure Security Center (Standard).
  • Vulnerabilities: These are the result of vulnerability assessments of the workloads running in your clouds, which is an essential part of cyber security programs. Again, these vulnerabilities are fetched from cloud-native services including AWS Inspector and Azure Security Center across all your cloud accounts.
  • Guardrail Findings: These are policy violations identified in your cloud accounts based on the guardrails configured for your accounts. These guardrails are typically comprised of industry standards and best practices, including those recommended by AWS and Azure. Any violations to such checks are listed here so that the appropriate actions can be taken.

πŸ“˜

Note:

To ensure that CoreStack can fetch threats and vulnerabilities from native cloud services, it’s required that the respective cloud services are enabled in the preferred regions. Please note that these services are associated with some cost, but they do go a long way in ensuring security and can help save on costs incurred in case of a security breach. Refer to the following links for pricing details:

Account Level View

Perform the following steps to view security details for a cloud account:

  1. Click Security > Posture.

  2. In the top-right corner of the screen, in the Tenant list, click to select a tenant.

  3. Click ACCOUNTS to view the list of accounts or click TENANT to view the list of tenants. By default, ACCOUNTS is selected, and all the cloud accounts are displayed.

    • Select one option from By Threats, By Vulnerability, and By Security Guardrails to view specific accounts as per the selected option.
    • To clear any options selected, click Reset.
    • In the Summary section, click any number (in the rectangular boxes) to view the security details for different cloud accounts.
    • You can type an account name in the Search box and find that account to view the required details.
  4. Click the eye icon corresponding to a specific cloud account to view details about threats, vulnerabilities, and guardrails.

Different graphs are displayed as per severity, resource type, type, geography, etc.

  1. Toggle among Threats, Vulnerabilities, and Guardrails tabs. Based on your selection, you can view graphs and tables.

  2. To view security issues related to a specific cloud account, in the Cloud list, click to select a cloud service provider and in the Account list, click to select the account. Graphs and tables specific to that account are displayed.

  1. To view the violation details in tabular format, do one of the following:
    • Click any vertical bar on the bar chart. The bar chart displays in maximized view. Click the bar again to view detailed violation information in tabular format.
  • If a graph has circles, then click a circle. A maximized view displays. Click the circle again to view the details in tabular format.
  • Click VIEW ALL and on the next screen, click the number on the table. The violation details are displayed in tabular format.
  1. To take action on a particular recommendation, click VIEW.
  1. On the next screen, click to select the resource IDs (multiple resource IDs can be selected), in the Select Action list, select an option, and click Apply.

A user can click VIEW and see the additional threat issues related to the impacted resources and they can also click the cloud icon to download a copy of the recommendation details in CSV format.

πŸ“˜

Note:

If you maximize a graph or a table, then click X in the upper left side of the screen to close the maximized view.

Threat Dashboard

The main objective of the Threat Dashboard is to alert you of any potential threats related to your cloud accounts. This dashboard provides detailed threat information for an account so that appropriate actions can be taken to remediate the threats.

To view the threat dashboard for an account, perform the following steps:

  1. In the CoreStack application, click Security > Posture.

  2. Select an account and click the Threats tab.

  3. Perform steps 7 and 8 explained above.

  4. In the Additional Detail column, click VIEW corresponding to an account to see detailed threat information.

The following information can be viewed for an account:

  • Alert ID and Name: This displays the threat name and the alert ID.
  • Severity: This displays the threat severity as Low, Medium, or High.
  • Status: This displays the status of the threat as Active or Inactive.
  • Activity Time: This displays the threat activity time.
  • Description: This displays the threat description.
  • Affected Resources: This displays the affected resource ID, resource name, resource type, and region of the resources.