In modern Amazon Web Services (AWS) environments, there are typically millions of resources being added and spread across various environments on the regular, and each resource has its own set of configurations, roles, and permissions. The result of this tangled web is that for one in four organizations, resolving misconfigurations manually takes at least a week—and for one in ten, it takes over a month. What's a security team to do?
The answer: don't try to resolve misconfigurations manually. At least, not entirely manually. Why do it all yourself when automation can help?
Benefits of automation include:
Of course, as great as all that sounds, implementing automation can't be done overnight. We're talking about major, pervasive change to your processes and workflows; setting that up within your organization takes time, and a good roadmap. We're here to help you get started with an incremental crawl, walk, run approach.
Using automated notifications is the first step to implementing an automated remediation strategy. Automated notifications can alert resource owners of misconfigurations through whatever channel they prefer, and even offer recommended steps for remediation. This eliminates the need for security teams to work to identify the owner of a resource, and significantly speeds the remediation process—even when the actual fix is done manually.
Automated notifications are a great way to dip your toes in the water and start getting used to working with an automatic process, without having to make any huge changes just yet.
Once you've gotten comfortable with automated notifications, a great next step is to implement automation for security policies and standards associated with compliance. By automating compliance in this way, you'll still have a lot of control over the whole process, but your automation can now help resolve a much wider range of issues.
For this middle phase, you can establish the standards and policies your organization wants to follow—whether those are standard frameworks or custom policies—and use automation to enforce them. This means using specific actions like identifying when an account has a required service turned off and automatically turning it back on. This will also be a huge help in maintaining good security hygiene for your organization.
After you've spent some time working with automated notifications and policy enforcement—and verified that automation isn't going to break anything in your cloud environment—you'll be ready to make the full plunge. That means using automation for a full range of tasks, including:
Implementing a full process like this for automated remediation drastically saves time and creates efficiencies, and ensures a consistent approach to fixing issues across your cloud.
Adding new technologies and workflows to your organization can feel like a daunting task, but it doesn't have to be. All you need is a proper plan to put it into action.
Ready to learn more about how to automate remediation for your organization? Rapid7 and AWS have teamed up for a full ebook on the subject.