How Falcon Horizon Secures Cloud Storage

Introduction

As companies expand their use of public cloud infrastructure, human error and misconfigurations are increasingly at the root of security failures. In recent cloud breaches, unintentional public access to cloud storage, such as AWS S3, is one of the most commonly exploited misconfigurations.

Video

Falcon Horizon Policies for Cloud Storage

Falcon Horizon uses CrowdStrike developed policies to monitor the configurations for various cloud services. The policy menu for each cloud provider displays a list of available services – including AWS S3. In addition to authenticated user access, access logging and encryption, there is a policy designed to help organizations identify where public S3 access is configured.

falcon horizon policies

When applicable, CrowdStrike also provides links to the associated CIS Benchmarks. This specific policy is related to two different CIS Benchmarks with a link for each. The supporting documentation explains that CIS 1.20 is designed to ensure that public S3 access is blocked, including the description, rationale, impact and audit procedure.

cis benchmark

For each policy, Falcon Horizon enables options to disable or customize the severity per cloud account and region. This helps organizations tune their assessment results with focus on the relevant policies.

policy edits

Assessment Results

The main dashboard provides an overview of the findings across all of the registered cloud accounts. By default, the dashboard reflects the most recent assessments, but menu options are available to quickly reference historical results. In this case, filtering for AWS reveals two findings related to the S3 access configuration policy.

CSPM dashboard

The detailed findings include the severity and service information along with links to a policy description and related documentation from the cloud provider. Understanding that these two buckets are publicly accessible, the documented remediation steps can be used to take action and resolve these findings.

falcon horizon s3 findings

Closing

Attacks that leverage cloud misconfigurations are on the rise. Falcon Horizon offers visibility and assessment of multi-cloud deployments so that organizations can quickly identify potential exposures and take action to improve overall cloud security.

More resources

 

CrowdStrike Falcon Free Trial
 

Try CrowdStrike Free for 15 Days Get Started with A Free Trial