How to Secure Identity Services with Falcon Horizon
The shift to leverage public cloud infrastructure not only increases an organization’s attack surface, but also introduces different tools and processes for configuring and securing those environments. Identity Access Management (IAM) service configurations are often a top concern given that it is used to securely control access to AWS environments. CrowdStrike’s Cloud Security Posture Management solution, Falcon Horizon, monitors the various cloud services to identify possible misconfigurations and human errors.
Falcon Horizon Assessment Findings
The main dashboard presents the latest assessment findings based on CrowdStrike developed policies. In this example, filtering to focus on AWS reveals a few findings related specifically to Identity Access Management. While the top 5 findings include two IAM policies, drilling down on “Findings by Service” will reveal the complete list of open issues under Identity Access Management.
For this account, there are findings related to user privilege as well as two multi-factor authentication policies.
Clicking on an individual policy reveals the detailed findings as well as the recommended remediation steps to resolve the issue.
Identity Access Management Policies
Those findings highlight just a few examples of the IAM policies that can be monitored by Falcon Horizon. Under the policies tab, there is a comprehensive list of supported Amazon services including IAM. Some of those policies correlate to benchmarks defined by the Center for Internet Security or CIS. However, CrowdStrike’s policies are not limited to CIS benchmarks. For IAM, there are additional options around password management and complexity that go beyond the CIS recommendations.
For policies that do correlate to benchmarks, CrowdStrike includes a link to the complete description and rationale of the benchmark as well as the audit and remediation procedures.
For each policy, there is an option to view a more detailed description including service subtype, remediation steps, alert logic and documentation links. At the account and region level, customers also have the ability to define a customized severity for each policy and disable those policies that are deemed not necessary.
Falcon Horizon delivers visibility and assessment of public cloud deployments to quickly identify and remediate potential configuration issues. With CrowdStrike, organizations can leverage the power of multi-cloud environments while also ensuring the security of cloud deployed applications and data.