Using the AWS console, one is restricted to a list view of VMs for a single account and region at a time. While this is helpful, the lists do not provide a visual mapping of the complete AWS environment. Troubleshooting security issues can be hampered.
Cloudvisory continuously discovers AWS infrastructure, delivering an interactve visual mapping of AWS Accounts, Regions, VPCs, VMs, network flows and even other hybrid or multi-cloud environments. This mapping illustrates the exact make up of the AWS enviornment. As new workloads spin up or down the mapping will be immediately refreshed for an up-to-date representation of the deployment.
Tags and Meta Data are critical for organizing workloads and associated security policies into groups to speed management and control. In AWS you can manage tags to organize workloads, but there is not an option to organize Security Groups based on Infrastructure memberships. Additionally, certain Tags need to be managed securely which is not yet an option in AWS. In many cases, Dev/Ops teams are using complex coding and scripting in an attempt to organize Security Groups or worse, they are using very “open,” and generic settings which leave the environment at risk. Tags and Meta Data are critical for organizing workloads and associated security policies into groups to speed management and control.
In Cloudvisory, the Security Orchestration plane allows for the creation of natural language policies and the association of those policies to workloads via Infrastructure memberships, Tags, Secure Tags and Group memberships (such as application or application tier). This orchestration plane allows for the organization, automated calculation, and provisioning of immutable policies, even as the environment undergoes change. Granular and more segmented policy control becomes a reality using Cloudvisory. The graphical user-interface provides dramatic ease of use, speeding up Dev/Ops and insuring consistent and perfect security.
Using the AWS Console to list and manage security groups is limited to a single Account in a single Region.
The AWS Console provides a list of network flows limited to a single VPC in a single Account in a single Region. Operational teams require information beyond this list: holistic, contextual information about workload location by account, regions, VPC etc…are typically needed by operations teams in order to service and troubleshoot the underlying cloud deployment.
CSP’s visual representation of AWS and related flows is visual and contextual. Using Cloudvisory, one can quickly identify non-compliant network flows and alert teams to potential threats. CSP also continuously monitors security policies for real-time compliance and alerts on rogue or accidental changes. Below, visual flow data specifically points out compliant and non-compliant net-flow details to quickly identify risk and potential malicious activity.
In Cloudvisory, flow data has added richness. Cloudvisory flow information is summarized per workload and logical group for an enhanced understanding of the environment and faster triage of infected or malicious actions.
Cloudvisory is constantly monitoring the security policy state to confirm it remains immutable and compliant. If an accidental or malicious change to the policies are identified, Cloudvisory detects and alerts, and can even take automatic corrective action to return the AWS environment back to its compliant state.
AWS offers strong, native security controls to protect cloud environments, that if used properly, can deliver workloads that are more secure than those in traditional data centers. Cloudvisory is uniquely positioned to help you leverage and realize the full power of these tools through:
1) Automated and continuous Discovery and Visualization of your entire AWS Deployment
2) Organization and Orchestration of granular, micro-segmented Security Group Policies
3) The automatic provisioning of exacting security controls
4) The non-stop monitoring and enforcement of data flows and policies to ensure security policies remain immutable and the environment remains protected.
Cloudvisory’s Security Platform (CSP) provides the necessary automation vital to your AWS cloud security strategy. CSP’s organization, visibility, control and enforcement helps deliver immutable security across your AWS and Hybrid deployments.