Cloud Assessment
Purpose
This document describes how to set up a Cloud assessment.
Introduction
Cloud environments can introduce new risks and vulnerabilities that may not exist in traditional on-premises environments. This makes cloud assessments an important part of any Vulnerability Management program. The Cloud Assessment evaluates compliance against a policy in a Boolean way regarding an organization's use of cloud services.
A Cloud Assessment evaluates the customer's use of the cloud service provider, as well as assessing the configuration and security of the organization's own cloud environment. This can include evaluating the security of the network architecture, access controls, and data encryption.
The assessment considers the unique security challenges to be associated with different types of public cloud deployments, such as AWS, Google Cloud, and Azure. For example, a public cloud environment may require additional controls to protect against data breaches and unauthorized access, while a private cloud environment may require more focus on access controls and network segmentation.
The assessment identifies potential vulnerabilities and risks and is used to develop plans for remediation. This includes implementing additional security controls or practices, such as multi-factor authentication, network segmentation, or regular vulnerability scanning and testing.
In summary, a cloud assessment is a critical component of maintaining a secure cloud environment and should be conducted on a regular basis to ensure ongoing protection against emerging threats and vulnerabilities.
Setting up a Cloud Assessment Scan
Select which assessment to use, for this example Cloud assessment is chosen.
Select Credentials from the drop down menu. See Scan Credentials for more information on how to set up scan credentials.
Whenaws.access.key.allow.remote = false
and ARN credentials are selected, the scanner dropdown is hidden and the default scanner is selected as value.Select Policy from the drop down menu.
Select which Regions to scan. For further information about AWS regions, see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html.
If multiple regions are selected, each time the scan configuration runs, the number of scans queued/started will match the number of regions selected.Click on the blue Add button in the lower right corner to add the configuration.
Adding new configurations also populates the Assets. The assets are deducted from the submitted target information. If an asset already exists, the created configuration is linked to it. Else, it is created upon creation of the configuration and linked.
See Cloudsec Scan Configuration for more information.
Related Articles
- Docker Image Assessment
- Docker Image Discovery
- Cloud Discovery
- Cloud Assessment
- AWS Scanning With OUTSCAN
- Cloud Discovery on HIAB
- Azure Cloud Discovery
- How to Scan AWS ECR Images
- Generate GCP Credentials
- Scan a Docker Image
- Generate AWS Credentials
- Google Registries Scanning with Container Inspection
- Cloudsec Scan Configuration
Copyright
© 2024 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.
Trademark
Outpost24® and OUTSCAN™ are trademarks of Outpost24® and its affiliated companies. All other brand names, product names or trademarks belong to their respective owners.