We are introducing some fantastic new capabilities in this release including event driven harvesting (“EBH”), three new compliance packs, and increased support for Amazon Web Services, Microsoft Azure, and Google Cloud Platform.  Our latest release also includes more than 130 new filters, actions, and general enhancements. Event Driven Harvesting is really exciting as it improves detection and remediation times, as well as provides additional auditable data and context for lifecycle actions and changes to cloud resource and security confirmations.

Twice a quarter DivvyCloud releases a new version of our software, and we are excited to announce our sixth release of 2018! Collaboration with our customers and the broader “cloud” community help shape these releases with improvements to core capabilities around discovery, analysis and automated remediation of cloud infrastructure as well as new features and support for the ever-expanding portfolio of services from the major cloud providers.

Highlights:


 

1. EVENT DRIVEN HARVESTING (BETA)
In this release, we introduce event driven harvesting for AWS resources.  Before this release we exclusively used an API driven polling based approach to discover resources and monitor their configuration relative to policies.  With the addition of event driven harvesting, we now offer a best in class dual layer approach for discovering and monitoring resources. Harvesting can now be triggered based upon events in your cloud as opposed to solely relying on a polling based approach. This dual layer approach provides the best of both worlds – the full immutable discoverability of API harvesting with the speed and richness of event driven harvesting.    At present, this capability is only available for AWS accounts through the use of AWS CloudWatch, but we will be expanding event driven harvesting to Azure, GCP, and Kubernetes in the coming releases. For AWS customers using CloudWatch we help them get the most out of this great service — DivvyCloud now makes CloudWatch events more accessible and actionable — especially in complex environments with a large number of AWS accounts.   Currently, event driven harvesting supports the following AWS resources:

Three Main Benefits of Event Driven Harvesting:

  • Fast Identification & Remediation of Issues with Key Resources – Faster identification, and reaction/remediation to change. In AWS, CloudWatch will identify changes within 90 seconds for key resources  allowing DivvyCloud to collect the information from this event stream. This approach speeds up the ability for us to identify a change, evaluate it against policy, and then take action to remediate policy violations.

  • Specific Data About Any Changes – Event driven harvesting provides rich contextual information and full visibility into who did what, where, and when.  For example, in the image above, in row 4 under “Action” you can see someone created an S3 Bucket. In row 5 you can see someone added tags to a bucket. In row 6 someone put an access control list on a bucket.  You can also see the time under “Date,” as well as the IP address under “Source IP.” This gives you the ability to see that John Smith created an S3 bucket at 11:19 am at a coffee shop in Asheville.

           If you click on the box all the way on the left, you get the exact change that happened with Amazon.

You can view the action, if it was an API change or if it was the console.  You get the user, so if you look at the highlighted word, you’ll see someone was using “root” which is a big “no no.” If root wasn’t being used, you might see “User/ Employee name.” Again, you get all of the exact information about the change.

  • Audit Global Changes Via Event Stream – Consider the above Cloud Event View and imagine you have 300+ accounts.  Using DivvyCloud badges you could say “show me all production changes,” and then across all 75 accounts that are badge production, you get your full, uniform feed of all production changes. Or you can filter the event stream using DivvyCloud Badges to cut the data by project, severity, owner, compliance requirements, etc.  With Native Amazon capabilities, you have to view this data account to account, region by region, vs. DivvyCloud’s new global view of all changes. Our badges give users that layer of fidelity that is vitally important when managing your cloud accounts.

 

2. New Compliance Packs

  • CSA CCM
    The Cloud Security Alliance maintains an industry standard matrix known as the Cloud Compliance Matrix (CCM). This framework contains controls to harden and secure cloud technology and aligns them against other security regimes such as NIST‐800.53, HIPAA and ISO 27001. With 18.6, this compliance standard is now supported within the product.
  • CIS Benchmarks for GCP
    In early September, the Center for Internet Security (CIS) published a new benchmark for security cloud workloads on Google Cloud Platform (GCP). This benchmark contains dozens of security recommendations across Identity & Access Management, Logging/Monitoring, Networking, Storage, Compute and Kubernetes.
  • CIS Benchmarks for Azure
    With release 18.5, we first introduced support for the CIS Benchmarks for Azure, and with 18.6 we’ve added over 25 new Insights and checks against this compliance framework.

 

3. Cloud Compliance (Cloud Account Health Check)
The *New* Cloud Compliance view enables users to get quick visibility into how each cloud account stands relative to one or more compliance frameworks. It provides a top-level view into the number of failed checks based on the selected compliance pack criteria. Badges can be leveraged to tailor the view to specific risk profiles, environments, owners and more.   

This compliance module, in the context of HIPAA for AWS, shows that you are failing 13 of 25 checks.  Why this is great, for example, is you can see how you are doing in your production accounts or the accounts owned by Jay. You can also take badges, and compare Jun Park’s account to Jay’s clouds.  This spread out over hundreds of cloud accounts is going to make it quick and easy to see how you’re trending for this compliance pack. If you put DivvyCloud in place and your risk is terrible across your production clouds, what you want to see over time because you’ve been using insights and bots, is your risk going down and making everything more secure.  

 

4. Filters Library
Filters are one of the key ingredients in how we manage insights and bots. With the 18.6 release, users will now have access to an exhaustive list of all (~600) filters employed in our system. This will be the one-stop location to check when a filter was created, modified, or deprecated. For those who want to see how the filter functions, this page will also let users open and see the source code of the filter definition.

 

5. Additional Cloud Support/Enhancements

    • Amazon Web Services
      • Support for Simple Notification Service (SNS)
      • Support for Simple Email
      • Service (SES) Support for CloudFront
      • Support for visibility into GuardDuty
      • Support for visibility into Lambda account limits
      • Store the boolean property for automatic minor upgrades for RDS instances Store and surface the VPC ID that’s associated with an
      • ElastiCache cluster
      • Support for harvesting of IAM SAML providers
      • Ability to view and modify IAM Role assume role policies
      • Visibility into cross-account private images
    • Google Cloud Platform
      • Support for Pub/Sub
      • Support for Service Account Keys
      • Support for tracking VPC flow logging and Google Private Access at the subnet level
      • Support for identifying legacy networks
      • Enhanced GKE visibility and configuration checks
      • Enhanced visibility into GCP Storage buckets
    • Microsoft Azure
      • Support for Azure Kubernetes Service (AKS)
      • Support for Cosmos DB
      • Support for Graph RBAC
      • Support for Databases
      • Support for Network Peers
      • Visibility into network limits/usage

Interested in learning more? View the full release notes associated with our 18.6 release, or get your free trial and see our features in action.



DivvyCloud mitigates security and compliance risk by providing virtual guardrails for security, compliance, and governance to customers embracing the dynamic, self-service nature of public cloud, and container infrastructure. Customers like General Electric, Discovery Communications, and Fannie Mae run DivvyCloud’s software to achieve continuous security governance in cloud and container environments (AWS, Azure, GCP, Alibaba, and Kubernetes).  First, our software performs real-time, continuous discovery of infrastructure resources allowing customers to identify risks and threats. Second, customers can implement out-of-the-box or custom cloud-native policy guardrails that identify and alert on violations. Third, we automate the enforcement and remediation of these policies.