How to Secure Identity Services with Falcon Horizon

Introduction
The shift to leverage public cloud infrastructure not only increases an organization’s attack surface, but also introduces different tools and processes for configuring and securing those environments. IAM service configurations are often a top concern given that it is used to securely control access to AWS environments. CrowdStrike’s Cloud Security Posture Management solution, Falcon Horizon, monitors the various cloud services, like IAM, to identify possible misconfigurations, human errors and malicious behaviors.
Video
Falcon Horizon Assessment Findings
The main dashboard presents the latest assessment findings based on CrowdStrike developed policies. In this example, filtering to focus on AWS reveals a few high severity findings related to Identity Access Management. Drilling down on IAM in the “Top 10 Services with Misconfigurations” chart will reveal the complete list of findings for Identity Access Management.
For this account, there are findings for two different multi-factor authentication policies.
Clicking on an individual policy reveals the detailed findings as well as links to the recommended remediation steps to resolve the issue.
Identity Access Management Policies
Those findings highlight just a few examples of the IAM policies that can be monitored by Falcon Horizon. Under the policies tab, there is a comprehensive list of supported Amazon services including IAM. Each policy is shown along with a default severity and policy category. While some policies are related to configurations, others are looking at potentially malicious behaviors.
For each policy, there is an option to view a more detailed description including remediation steps, alert logic and documentation links. Customers also have the ability to define a customized severity for each policy and disable those policies that are deemed not necessary at the account and region levels.
Also, some of those policies correlate to different compliance benchmarks. In those cases, CrowdStrike includes links to the complete description and rationale of the requirement as well as the audit and remediation procedures.
However, CrowdStrike’s policies are not limited to compliance requirements. As an example, for IAM there are behavioral policies around LoginProfiles and roles that are outside any of the currently supported compliance specifications.
Conclusion
Falcon Horizon delivers visibility and assessment of public cloud deployments to quickly identify and remediate potential issues. With CrowdStrike, organizations can leverage the power of multi-cloud environments while also ensuring the security of cloud deployed applications and data.
More resources
