Cloud Risk Assessment
RiskSek provides a Holistic View of the Risk associated within your Applications using our Intelligent Risk Assessment and Scoring Approach
Cloud Risk Assessment
RiskSek provides a Holistic View of the Risk associated within your Applications using our Intelligent Risk Assessment and Scoring Approach
Cloud Infra Security
Focuses on configuration review and risk associated with your Cloud Infrastructure components.
Approach
Cloud Configuration Review
Cloud services configuration reviews on AWS and Azure.
Standards Benchmarking
Benchmarking against organization configuration standards and/or industry frameworks such CIS Controls and AWS Well Architected Framework
Scope of Assessment
Some Services in Scope
Some Components in Scope
Sample Configuration Benchmarking
Ensure that MFA is enabled on root account
Ensure S3 buckets are private
Ensure Network ACLs (NACLs) are configured properly
Ensure EC2 security groups have proper inb ound and outbound access
Ensure data is encrypted in transit and at rest
Ensure proper IAM policies are attached to groups or roles
Ensure encryption on EBS
Log filters and alarms exist for critical items
Review AWS Config outputs
Some Services in Scope
Some Components in Scope
Sample Configuration Benchmarking
Ensure that MFA is enabled on privileged users
Ensure there are no guest users
Ensure that “Automatic provisioning of monitoring agent” is set to On
Ensure ASC Default policy setting “Monitor System Updates” is not disabled
Ensure that “Secure transfer required” is set to “Enabled”
Ensure that no databases allow ANY IP
Ensure that “OS Disk” is encrypted
Ensure web app redirects all HTTP traffic to HTTPS in Azure App service
Ensure that “Threat Detection Types” is set to “All”
Ensure that logging for Azure KeyVault is enabled
Ensure that audit profile captures all the activity
Value Proposition
Report of Configuration Issues and Risks Observed
Remediation Strategy
Benchmarking Comparison Repor
Hardening Standards Report
Risk Score