Q: What is the Evident Security Platform (ESP)?
A: The Evident Security Platform is the first and only cloud-native infrastructure security solution providing full coverage of all AWS accounts, services, and regions. ESP combines the detection and analysis of misconfigurations, vulnerabilities,
and risk – with guided remediation and audit capabilities to meet compliance requirements – all in one solution. ESP was designed specifically to help modern IT and DevOps teams implement and maintain security within the AWS shared
ESP enables IT, Security, Engineering, and Operations with a continuous global view of security risk, with the actionable intelligence needed to rapidly remediate and secure their entire AWS Infrastructure.
Q: How Does ESP Work?
A: ESP gathers the AWS service configuration data, CloudTrail data, and other information from each AWS account via the Amazon APIs. This data is then input into the ESP risk analysis engine that generates a detailed assessment of the
security risks, misconfigurations and vulnerabilities it detects.
Q: Does ESP Work Like An Active Vulnerability Scanner for AWS?
A: No. ESP is neither an active or passive vulnerability scanner in the traditional sense. Unlike traditional, on-premise / virtual vulnerability scanners that use active scanning technology, ESP does not directly “scan”
AWS assets to identify OS or Application layer vulnerabilities running inside instances – as it cannot view the actual contents of EC2, S3, RDS, Redshift, or other services. ESP operates at the control plane layer of AWS and uses a passive
methodology to collect vulnerability and configuration data via the Amazon APIs, providing a detailed security assessment of the underlying Amazon Web Services infrastructure.
Q: Does ESP Help Me Meet Requirements of the Shared Responsibility Model?
A: Yes. Amazon manages security of the AWS cloud, while security in the cloud is the responsibility of the customer. The customer is responsible for ensuring the security and configuration of the services running in AWS – such
as EC2, EBS, S3, Route 53, etc, in addition to the applications and OS’s they implement.
Q: How Does ESP Gather Security Information From My AWS Accounts?
A: The ESP Platform leverages Cross-Account IAM Roles with read-only access to your AWS services using the Audit IAM role. ESP uses the AWS assume role function and generates a secure, one-time AWS STS token each time it communicates with
the Amazon API when gathering configuration information on your infrastructure. This is significantly more secure than other solutions that require you to provide API keys to assess your security posture.
Q: What Data Does ESP Collect From My AWS Accounts?
A: ESP operates at the control plane layer of AWS and gathers the accessible metadata about your AWS resources through the AWS APIs.
Q: Do I Need to Install Agents Anywhere?
A: No. ESP is agentless, nonintrusive, and does not modify or actively change any of your AWS deployment configurations.
Q: Does ESP Impact the Performance of my AWS Deployment When Collecting Vulnerability and Configuration Data?
A: No. Because ESP is interacting directly with the AWS API at the control plane, it does not impact the performance of any instances or services running in your AWS accounts.
Q: How Quickly Can I Get ESP Up and Running?
A: A 14-day free trial is available to evaluate the Evident Security Platform. Once signed up and configured with your Amazon Account information – which takes approximately 2-3 minutes – ESP will start providing actionable
security and risk information on your Amazon accounts within approximately 5 minutes. You can follow the instructions here to get started.
Q: How Does ESP Rank AWS Cloud Risks?
A: The configuration information from you AWS accounts are analyzed by a risk engine that determines the severity of risk to help organizations prioritize their remediation efforts. Each vulnerability of misconfiguration is tagged with
a specific severity status indicating:
High: High severity alerts pose the most significant risk to your AWS deployment and should be examined and remediated as soon as possible.
Medium: A medium severity alert identifies issues that should be tracked and scheduled for remediation.
Low: Low level alerts may not be applicable or local business rules have determined that it is not a threat.
Q: Does ESP Integrate with Other Secure Authentication Mechanisms?
ESP provides Multi-factor Authentication (MFA), Single Sign-On (SSO), and other secure authentication capabilities to further secure access to the platform. We strongly encourage you use this added level of security.
Q: Does Evident.io Encrypt my Data?
A: Yes. Customer data is always encrypted during collection, in transit when inside our VPCs, and at rest in our data stores. At account termination your account and any data used to identify your infrastructure will be purged from our systems.
Q: How Many AWS Accounts Can I View at One Time?
A: Evident.io has many customers that have tens or hundreds of AWS accounts running in ESP – providing a single, consolidated view of their entire AWS deployment. The information for each separate account can be accessed from
this global view with detailed drill down into specific services and vulnerabilities based on risk.
Q: What are Custom Signatures?
A: Signatures validate conditions that trigger alerts to potential security vulnerabilities. While ESP uses default signatures to evaluate the most common security vulnerabilities and misconfigurations, custom signatures provide organizations
with the flexibility to extend the ESP platform to meet individual business needs.
Q: How Many Custom Signatures Can I Create?
A: Customers can create an unlimited number of custom signatures. However, the number of custom signatures is restricted based on the Evident account type. For example, the Starter Plan allows for one (1) custom signature. The Professional
Plan allows for five (5) custom signatures, and the Enterprise Plan has unlimited custom signatures.
Q: How are Users Defined Within ESP?
A: Users are named individuals who can view security reports and configure alerts, signatures, suppressions, and accounts monitored by the platform. More information on users can be found in the blog post Segregation of Duties with ESP Organizations.
Q: Does ESP Provide a Daily Report?
A: Daily Risk Summary Reports are emailed to ESP users identifying new risks from the last 24 hours and summarizing the previous alerts per account and service.
Q: What Are The Different Deployment Models Available?
A: ESP is available as a SaaS-based solution. You can also license ESP Private SaaS to operate in your own AWS instance to ensure data privacy and data sovereignty. Please contact an Evident.io sales representative to help you identify
the solution that is right for you.
Q: Where Can I Find Out More Information about ESP Private SaaS?
A: Please contact a local sales representative. Documentation about ESP Private SaaS is available here.