Organizations have increased public cloud usage, as there are obvious benefits (elasticity, pay-as-you-go subscription model, etc.). While adoption across cloud layers (IaaS, PaaS, SaaS) varies across organizations, one thing for sure is that IaaS usage is most prevalent. Organizations end up shifting to the cloud in an urgency and likely with a “lift and shift” approach. This results in applications/services/assets which were earlier sitting behind corporate firewalls, now being exposed via the cloud.

Most vulnerability solutions simply provide a vulnerability assessment report for organizational assets (virtual machines / containers) in the public cloud. However, this leaves a large unaddressed gap as misconfigurations are the single biggest cause of data breaches in the cloud. These data breaches have exposed more than 33 billion records and costed close to $5 trillion in 2018 and 2019.

Some of the factors which result in making the cloud environment more attacker friendly are:

Also as organizations tends to distribute / balance their eggs across multiple baskets, DevSecOps teams struggle with multiple cloud providers.

Here are some examples of common misconfigurations in the cloud:

Traditional vulnerability solutions do not take a wholistic approach when it comes to cloud. These tend to focus on vulnerability management and leave you in the dark when it comes to security posture management for the cloud. Security benchmarks from Center for Internet Security (CIS) are a golden standard when it comes to cloud security posture management (CSPM). CIS benchmarks are configuration baselines and best practices for securely configuring a system. Each of the guidance recommendations references one or more CIS controls that were developed to help organizations improve their cyber defense capabilities. CIS controls map to many established standards and regulatory frameworks, including NIST Cybersecurity Framework (CSF), NIST SP 800-53, ISO 27000 series, PCI DSS, HIPAA and others.

CIS benchmarks provide two levels of security settings (aka profiles in CIS parlance):
ThreatWorx CIS cloud benchmarks help cover following areas by public cloud provider:

It is key to note that CIS Security Benchmarks provide well-defined, unbiased, consensus-based industry best practices to help organizations assess and improve their security.

ThreatWorx CIS Security Benchmarks are supported for major public cloud providers (Azure, AWS, Google Cloud Platform) and docker as well. Periodic assessments help ensure ongoing compliance and help flag any deviations.