How to Secure Amazon EC2 with Falcon Horizon
Introduction
A number of high profile breaches have been traced back to human errors and misconfiguration within public cloud infrastructure. CrowdStrike’s Cloud Security Posture Management solution, Falcon Horizon, provides monitoring of public cloud services to help organizations proactively identify and resolve potential issues with these growing deployments.
Video
Cloud Security Policies for AWS EC2
Under the policies tab, there is a comprehensive list of supported services for each cloud provider.
Specifically for AWS, one of the most leveraged services is Amazon Elastic Compute Cloud or EC2. EC2 allows users to launch as many or as few virtual servers needed, configure security and networking, and manage storage. Given EC2 is a core AWS service, CrowdStrike offers a number of different policies to ensure the security of those instances. Some of those policies monitor for misconfigurations while other look for indicators of attack or malicious behaviors.
For policies that correlate to compliance benchmarks, the links present additional information about the different compliance regulations including the rationale statement and audit procedure. However, CrowdStrike’s CSPM policies are not limited to compliance. For EC2, CrowdStrike goes on to offer a number of additional policies that look beyond compliance requirements.
Policy Findings and Remediation
Once the policies are enabled and the assessments are scheduled, the main dashboard presents the assessment findings. In this example, filtering the dashboard to focus on AWS reveals configuration findings for EC2 as well as a behavior finding.
Drilling down on EC2 through the “Top 10 Service Misconfigurations” chart displays the complete summary of those findings along with severity information.
By clicking on an individual policy, organizations can get all of the information they need to take action. With the details of the impacted instances and the recommended remediation steps, the issue can be quickly resolved.
Conclusion
Falcon Horizon delivers visibility and assessment of public cloud deployments to quickly identify and remediate potential configuration and behavioral issues. With CrowdStrike, organizations can leverage the power of multi-cloud environments while also ensuring the security of cloud deployed applications and data.
