As companies expand their use of public cloud infrastructure, human error and misconfigurations are increasingly at the root of security failures. In recent cloud breaches, unintentional public access to cloud storage, such as AWS S3, is one of the most commonly exploited misconfigurations.
Falcon Horizon Policies for Cloud Storage
Falcon Horizon uses CrowdStrike developed policies to monitor the configurations for various cloud services. The policy menu for each cloud provider displays a list of available services – including AWS S3. In addition to authenticated user access, access logging and encryption, there is a policy designed to help organizations identify where public S3 access is configured.
When applicable, CrowdStrike also provides links to the associated CIS Benchmarks. This specific policy is related to two different CIS Benchmarks with a link for each. The supporting documentation explains that CIS 1.20 is designed to ensure that public S3 access is blocked, including the description, rationale, impact and audit procedure.
For each policy, Falcon Horizon enables options to disable or customize the severity per cloud account and region. This helps organizations tune their assessment results with focus on the relevant policies.
The main dashboard provides an overview of the findings across all of the registered cloud accounts. By default, the dashboard reflects the most recent assessments, but menu options are available to quickly reference historical results. In this case, filtering for AWS reveals two findings related to the S3 access configuration policy.
The detailed findings include the severity and service information along with links to a policy description and related documentation from the cloud provider. Understanding that these two buckets are publicly accessible, the documented remediation steps can be used to take action and resolve these findings.
Attacks that leverage cloud misconfigurations are on the rise. Falcon Horizon offers visibility and assessment of multi-cloud deployments so that organizations can quickly identify potential exposures and take action to improve overall cloud security.
- CrowdStrike Tech Center
- Sign up for a weekly Falcon demo
- Request a 1:1 Demo
- Guide to AV Replacement
- CrowdStrike Products