As organizations move to greater cloud adoption via traditional cloud app environments or serverless architectures for edge and IoT, they depend heavily on cloud providers to ensure the operating environment remains secure.
That doesn’t always happen at a cadence that is desired and even when it does, verification remains an important aspect to ensure important business services dont remain vulnerable. Additionally, custom software on the cloud infrastructure does not get updated automatically by the cloud providers and remains the responsibility of the individual tenants.
Now bring DevOps into the mix of cloud hosted environments and the scale and de-centralized nature of operational tasks makes it difficult for both security and engineering / IT organizations to remain in sync and keep the security bar high enough.
Vulnerabilites in Cloud Instances:
The two major cloud providers , Amazon AWS and Microsoft Azure make it fast and easy for businesses to spin up services, however what goes unnoticed is the large number of software libraries that come bundled with it, many of which might not even be needed in the context of the business applications.
Take for example the latest Amazon Linux AMI which is the operating system provisioned by Amazon when spinning up a new virtual machine. Amazon Linux AMI comes bundled with more than 230 libraries. A popular assumption made by most is that Amazon will handle patching of the system libraries and tenants would do that for any custom software they install on those instances. Patches are made available by Amazon but need to be applied by tenants , some requiring a reboot of the instance. This involves understanding the risk of applying the patch and balancing it out with uptime and business continuity requirements.
Staying on top:
The way to stay on top of vulnerabilities for your cloud footprint is to do three things.
First, ensure you keep an inventory of not just your virtual machines running your compute but everything that the compute is consuming. Second, track vulnerabilities affecting that inventory 24×7, via email based notifications ( below ) , integration via workflow management tools or direct integration into your organizational data pipelines using ThreatWatch ReST API.
Third, remain aware of vulnerabilities that are public but patches are not made available by the cloud provider. Its extremely critical to be aware of these as cloud deployments are constantly being watched for vulnerabilities by bad actors. Here as well, ThreatWatch will alert you when it discovers packages / libraries on your VM’s that become vulnerable.
To summarize, ThreatWatch helps you gather your software inventory via plugins for cloud services , tracks your cloud inventory in-real time and can de-centralize sharing of that vulnerability intelligence based on the organization structure. Built-in support for multiple workflow management tools enables converting the intelligence into actionable work items.