How to Secure Amazon EC2 with Falcon Horizon
A number of high profile breaches have been traced back to human errors and misconfiguration within public cloud infrastructure. CrowdStrike’s Cloud Security Posture Management solution, Falcon Horizon, provides monitoring of public cloud services to help organizations proactively identify and resolve potential issues with these growing deployments.
Cloud Security Policies for AWS EC2
Under the policies tab, there is a comprehensive list of supported services for each cloud provider.
Specifically for AWS, one of the most leveraged services is Amazon Elastic Compute Cloud or EC2. EC2 allows users to launch as many or as few virtual servers needed, configure security and networking, and manage storage. Given EC2 is a core AWS service, CrowdStrike offers a number of different policies to ensure the security of those instances. There are also options to enable and customize the severity of each policy as shown below.
For policies that correlate to benchmarks defined by the Center for Internet Security or CIS, the links present additional information about the benchmarks including the rationale statement and audit procedure. However, CrowdStrike’s CSPM policies are not limited to CIS. For EC2, CrowdStrike goes on to offer a policy specifically designed to identify instances with a publicly accessible virtual private gateway (see red box). Exposing those gateways to the Internet increases the risk of compromise from an external attacker. Any findings related to that high severity policy would merit immediate investigation.
Policy Findings and Remediation
Once the policies are enabled and the assessments are scheduled, the main dashboard presents the assessment findings. In this example, filtering the dashboard to focus on AWS reveals a few findings related specifically to EC2.
Drilling down by service, displays the complete summary of those findings along with severity information. By clicking on an individual policy, organizations can get all of the information they need to take action. With the details of the impacted instance and the recommended remediation steps, the issue can be quickly resolved.
Falcon Horizon delivers visibility and assessment of public cloud deployments to quickly identify and remediate potential configuration issues. With CrowdStrike, organizations can leverage the power of multi-cloud environments while also ensuring the security of cloud deployed applications and data.