One of the biggest challenges faced by organizations leveraging the cloud today is an increase in administrative access by users and departments other than IT that can affect change across a wide selection of resources. The inherent flexibility of the cloud means that organizations may adapt their cloud infrastructure configuration on a daily or even hourly basis to address changing needs. This fast pace of change and dramatic increase in the people involved in configuration changes requires that organizations take a different approach to security monitoring.
Continuous monitoring helps you proactively identify and measure risks posed to critical systems and data on an ongoing basis versus through periodic assessment or snapshots. In cloud environments that may have hundreds of configuration changes each hour, snapshots don’t provide a complete view of the risks. Monitoring of the environment must be more frequent to determine if the configuration of deployed services and security controls continue to be effective, and to identify risks and vulnerabilities that need to be remediated.
Whether CIS, NIST, PCI, FedRAMP or another industry standard, compliance frameworks set forth a minimum standard that must be met to strengthen the weakest link in the chain. Security leaders and industry regulators are increasingly demanding that organizations continually measure their effectiveness at maintaining protection or prove it to auditors. This need to demonstrate that effective security measures were employed has further driven the need for continuous monitoring in the cloud.
With the increase in continuous software delivery, there is an opportunity for us to improve the quality of software throughout each stage of development and delivery. Continuous monitoring allows us to conduct security assessments along the way, rather than at the end of a long development cycle when necessary changes can cause expensive delays. The best practice is much more than automated testing -- continuous security monitoring needs to take place before, during and after development and deployment.
The Evident Security Platform was built for continuous monitoring of AWS and other public clouds that have an API control plane. Using read-only access of the AWS API, ESP securely collects data about your AWS services and continuously performs checks against our standard 120+ security best practices, as well as any custom signatures you’ve defined, to determine if there are any potentially exploitable vulnerabilities.
Depending on the minimal scanning intervals set by the distinct AWS services, you can set your scanning intervals to as often as every 5 minutes or as long as 120 minutes, however the default for all services is set to every 15 minutes. Similarly, you can control how often reports are automatically generated in the ESP Dashboard, however you can manually refresh the dashboard and reports as needed.
Ability to find and fix vulnerabilities continuously throughout the development process.
Stronger cross-team collaboration ensuring security is no longer an afterthought.
Simplify cloud compliance reporting and reduce cost of recertification audits.
Ability to measure, enforce and make improvements to the security policies.
Deliver more value to your organization at lower total cost.