Focuses on configuration review and risk associated with your Cloud Infrastructure components.
Approach
Cloud Configuration Review
Cloud services configuration reviews on AWS and Azure.
Standards Benchmarking
Benchmarking against organization configuration standards and/or industry frameworks such CIS Controls and AWS Well Architected Framework
Scope of Assessment
-------
Some Services in Scope
Some Components in Scope
Sample Configuration Benchmarking
Ensure that MFA is enabled on root account
Ensure S3 buckets are private
Ensure Network ACLs (NACLs) are configured properly
Ensure EC2 security groups have proper inb ound and outbound access
Ensure data is encrypted in transit and at rest
Ensure proper IAM policies are attached to groups or roles
Ensure encryption on EBS
Log filters and alarms exist for critical items,.
Review AWS Config outputs
Some Services in Scope
Some Components in Scope
Sample Configuration Benchmarking
Ensure that MFA is enabled on privileged users
Ensure there are no guest users
Ensure that “Automatic provisioning of monitoring agent” is set to On
Ensure ASC Default policy setting “Monitor System Updates” is not disabled
Ensure that “Secure transfer required” is set to “Enabled”
Ensure that no databases allow ANY IP
Ensure that “OS Disk” is encrypted
Ensure web app redirects all HTTP traffic to HTTPS in Azure App service
Ensure that “Threat Detection Types” is set to “All”
Ensure that logging for Azure KeyVault is enabled
Ensure that audit profile captures all the activity
Value Proposition
-------
-
Report of Configuration Issues and Risks Observed
-
Remediation Strategy
-
Benchmarking Comparison Report
-
Hardening Standards Report
-
Risk Score