ManageEngine Cloud Security Plus License
The cloud has opened up new ways of doing business. The ease of deployment, adaptive scalability, and affordable cost of the cloud platform are driving many organizations to adopt it. However, meeting compliance requirements and growing security concerns related to data loss and unauthorized access make it difficult to realize the full potential of the platform.
The licensed ManageEngine Cloud Security Plus combats these security problems and protects your cloud. Provides full visibility into your AWS and Azure cloud infrastructures. Comprehensive reports, a simple search mechanism, and customizable alert profiles allow you to track, analyze, and respond to events in your cloud environments. This makes it easier for your business to function smoothly in a secure cloud.
Cloud Security Plus Auto Configuration Feature for AWS
When it comes to controlling your Amazon Web Services (AWS) environment, a cloud log management tool with out-of-the-box support for CloudTrail logs comes in handy. However, before your log management solution can receive logs from CloudTrail, your AWS environment must be optimized. You can set things up manually in AWS or let your cloud log management tool do it for you.
The licensed Cloud Security Plus is the kind of standalone cloud log management tool you need. With an automatic configuration feature, Cloud Security Plus can self-prepare your AWS environment for CloudTrail log generation and transmission. The workflow for the Cloud Security Plus auto-configuration feature looks something like this:
- AWS stores CloudTrail logs in folders within S3 buckets. AWS’s notification service, Simple Notification Service (SNS), can be customized to generate notifications when CloudTrail log files are moved to S3 buckets.
- As soon as SNS triggers a notification, the name of the newly created log file is added to the queue in the AWS queue service (Simple Queue Service) (SQS). Cloud Security Plus retrieves the sequence of log file names from the SQS queue. It then extracts the corresponding log files from the S3 repository.
To set up and run this mechanism yourself, you must enable CloudTrail, S3, SNS, and SQS and assign the correct permissions to each service. Cloud Security Plus saves you from all these hassles. All you have to do is enter your AWS Secret Key ID and Access Key, and Cloud Security Plus will prepare your AWS setup.
Forensic Analysis Using CloudTrail Logs
Protecting your cloud infrastructure from all attacks is virtually impossible. In the event of an attack on your cloud environment, you must act immediately to detect the clues left by the attacker. After that, you’ll need to perform a forensic analysis to piece together the clues and find the cause of the attack.
In a cloud environment, logs give you all the clues you need. For example, CloudTrail logs all events that occur on its Amazon Web Services (AWS) platform. But when it comes to log analytics, you can’t extract information from CloudTrail logs alone, you need a cloud log management tool.
Cloud Security Plus for AWS Log Management
Our proprietary cloud management tool, Cloud Security Plus, helps you control your entire cloud environment. After retrieving your AWS CloudTrail logs and S3 server access logs, Cloud Security Plus analyzes them to provide you with important information about your AWS environment.
Cloud Security Plus also saves you from the cumbersome setup process required for any log management tool to start retrieving CloudTrail logs. It has an auto-configuration feature that performs all AWS configuration steps for you.
The Role of Cloud Security Plus in Forensics
Performing forensics manually is exhausting. However, with flexible log storage and an efficient search mechanism, Cloud Security Plus breaks new ground.
- Keep the collected logs for as long as you need them. Archived logs are an excellent reference for identifying threats.
- Drill down into log data to get the information you’re looking for with Cloud Security Plus’ lightning-fast search.(Thanks, Elasticsearch!)
- Identify who led the attack and view all activity the user performed on AWS.
To understand how important CloudTrail logs can be, let’s look at an example:
A multinational cloud computing company hosts its critical applications on AWS. The root user’s credentials, which they failed to remove after the initial settings, somehow fell into the hands of a rogue employee. This employee decided to wreak havoc by shutting down all servers running company applications.
In this case, Cloud Security Plus reports could help this company to find the root cause of the attack. In particular, the Recent Changes in Status of EC2 Instances report provides all the details needed to terminate EC2 instances. You could also retrieve the fraudulent employee’s username from the unsubscribe activity log and use the Cloud Security Plus search tab to get a detailed list of all activities performed by the user on AWS.
