How to Secure Identity Services with Falcon Horizon

Introduction

The shift to leverage public cloud infrastructure not only increases an organization’s attack surface, but also introduces different tools and processes for configuring and securing those environments. Identity Access Management (IAM) service configurations are often a top concern given that it is used to securely control access to AWS environments. CrowdStrike’s Cloud Security Posture Management solution, Falcon Horizon, monitors the various cloud services to identify possible misconfigurations and human errors. 

Video

Falcon Horizon Assessment Findings

The main dashboard presents the latest assessment findings based on CrowdStrike developed policies. In this example, filtering to focus on AWS reveals a few findings related specifically to Identity Access Management. While the top 5 findings include two IAM policies, drilling down on “Findings by Service” will reveal the complete list of open issues under Identity Access Management.

CSPM Identity dashboard

For this account, there are findings related to user privilege as well as two multi-factor authentication policies.

CSPM Identity IAM

Clicking on an individual policy reveals the detailed findings as well as the recommended remediation steps to resolve the issue.

CSPM Identity MFA

Identity Access Management Policies

Those findings highlight just a few examples of the IAM policies that can be monitored by Falcon Horizon. Under the policies tab, there is a comprehensive list of supported Amazon services including IAM. Some of those policies correlate to benchmarks defined by the Center for Internet Security or CIS.  However, CrowdStrike’s policies are not limited to CIS benchmarks. For IAM, there are additional options around password management and complexity that go beyond the CIS recommendations.

CSPM Identity Policies

For policies that do correlate to benchmarks, CrowdStrike includes a link to the complete description and rationale of the benchmark as well as the audit and remediation procedures.

CSPM Identity Benchmark

For each policy, there is an option to view a more detailed description including service subtype, remediation steps, alert logic and documentation links. At the account and region level, customers also have the ability to define a customized severity for each policy and disable those policies that are deemed not necessary.

CSPM policies edit

Conclusion

Falcon Horizon delivers visibility and assessment of public cloud deployments to quickly identify and remediate potential configuration issues. With CrowdStrike, organizations can leverage the power of multi-cloud environments while also ensuring the security of cloud deployed applications and data.

More resources

CrowdStrike Falcon Free Trial
 

Try CrowdStrike Free for 15 Days Get Started with A Free Trial