Today’s Cloud Optix release is packed with several new features to increase security and compliance of customer environments, including a breakthrough in IAM visualization.
Improving security for anyone running workloads on public cloud
Managing user roles, permissions, and role-based access to AWS services is an enormous challenge. The scale and interwoven nature of individual and group access to services means that organizations often a) simply can’t accurately see how their services can be accessed, and b) don’t proactively manage it – creating an endless loop to a).
And here’s the obvious punch line – attackers will exploit that gap in security. We saw this happen in a recent high-profile public cloud attack that exploited overprivileged user access to access 40,000 Social Security numbers and 80,000 bank account numbers.
Breakthrough in IAM visualization
Cloud Optix IAM Visualization is a breakthrough for organizations managing infrastructure on AWS. It enables customers to easily visualize the relationships between IAM roles, IAM users, and services.
This innovative and differentiated new feature will allow customers to identify high risk users who have access to multiple services they rarely or never need. It helps answer questions like: Which IAM users in my AWS account have access to the S3 service, which might contain sensitive data? (either via assuming an IAM role, or directly with an in-line policy)? Which EC2 server instances can access the RDS service – your customer database? And much more. This helps organizations reduce their attack surface in the cloud dramatically.
Addressing a range of new threats
The latest security enhancements to Sophos Cloud Optix go even further to provide more depth than ever.
Detecting AWS, Azure, and GCP spend anomalies
Sophos Cloud Optix security-focused spend monitoring now makes daily and monthly cloud spend monitoring a breeze, identifying unusual activity indicative of abuse such as cryptojacking in AWS, Azure, and GCP cloud accounts. It highlights top services contributing to spend, allowing for faster decisions on whether increased spend equals malicious activity, and providing customizable spend threshold alerts for visibility.
Extending container security with Amazon EKS – Managed Kubernetes Service
Cloud Optix has provided automatic discovery of an organization’s assets across AWS, Microsoft Azure and Google Cloud Platform, and Infrastructure as Code environments for some time and added support for Native Kubernetes and Google’s managed Kubernetes Engine (GKE) in late 2019.
And now support for Amazon’s managed Elastic Kubernetes Service (EKS) has landed. Azure AKS managed Kubernetes service hot on its heels and coming soon
Amazon EKS nodes are now included in the topology visualization, as well as real-time inventory views of clusters, node groups, nodes, pods, containers, services, and more. While also enabling organizations to perform additional security benchmark checks on these container environments.
Additional security benchmark checks now included in Sophos Cloud Optix best practice policy for AWS:
In addition to the headline updates, today’s Cloud Optix release is packed with several new features to increase security and compliance of customer environments: