We’ve just launched Cloud Security for AWS. Cloud Security is our agentless exposure detection feature for AWS. It allows anyone with an AWS account on our Pro and Premium plans to continuously find and fix misconfigurations, insecure permissions, exposed secrets, and other vulnerabilities in their AWS accounts and organizations before attackers can exploit them. So you can stop incidents before they start.
Cloud Security uses our existing AWS integrations, so there is no need to install any agents. If you already have an AWS integration with Intruder you will need to update permissions to take advantage of the new functionality. You can enable it in under 5 minutes and start receiving insights immediately.
With the increasing number of attacks on cloud environments, and a constant stream of headline incidents, it is more important than ever for organizations to have a comprehensive security solution in place. Cloud Security expands the coverage that Intruder provides to help you protect your critical assets.
To get started:
- Go to the Targets page
- Click + Add targetand chooseCloud asset sync
- Choose AWSand then eitherAdd accountorAdd organisation
- Either use the Cloudformation script to add an AWS IAM role or create one manually (using our step-by-step guide)
- Once you're complete make sure you tick the Run Cloud Security scanscheck box
As soon as you enable Cloud Security scans we'll kick-off a scan against your account, and you'll receive your results on your issues page, which you can filter to just display cloud account issues.
Previously we only supported finding open ports/services and vulnerabilities on assets that are exposed to the internet in your AWS accounts. The new functionality we've released allows you to find misconfigurations and weaknesses in the AWS account itself. We use the AWS APIs to find weaknesses in things like:
- Whether people are logging into your AWS root account
- Users (including admin users) which do not have MFA enabled
- User accounts which have too many permissions
- If S3 buckets that are exposed to the internet and are publicly accessible
- If your AWS Lambda's have hardcoded secrets, or environment variables contain sensitive information
Other companies would refer to this as Cloud Security Posture Management (CSPM) but when combined with our continuous asset discovery and active scanning we're calling it Cloud Security.