Dashboard

Overview

The SecureCloud dashboard is a snapshot of your compliance with security policy and best practices in your cloud account settings . It is made up of widgets representing different aspects of your security posture, each showing the number of items (such as assets) found in violation of your policy along with the total number monitored.

The statistics displayed on the dashboard are adjusted to take into account any exceptions you have defined.

Information for public cloud is available after you have specified public cloud accounts. Until this has been done, the dashboard displays the relevant 'start' widgets instead of the info widgets.

What Can I Do Here?

  • Drill down to see details of the public cloud policy violations by clicking on the desired widget
  • Download an on-demand Security Posture Report - click PDF Report (example)

Public Cloud Detail

Click a widget to drill down to the relevant detail. Most reports can be downloaded as a CSV file, which can contain additional information not shown on the screen.

Risky Ports

The Risky Ports widget is an indication of risk posed to your public cloud environment due to commonly-used ports exposed to the internet. It displays the number of assets that violate policy, along with the total number of assets monitored. Click the widget to display all assets with Risky Ports.

What are risky ports?

In SecureCloud, risky ports are commonly-used ports exposed to the internet. They are therefore considered high risk and could leave your assets open to attack. The list of risky ports can be managed in Configuration and the scope of reporting them further refined in Exceptions.

A default list is included when you install SecureCloud, which you can modify to your requirements:

  • Port 23 - Telnet: Data is plain text and so open to injection
  • Port 110 - POP3: Plain text
  • Port 137-9 NetBIOS meant for file and printer sharing - can be used to obtain system information such as domain, workgroup and system names
  • Port 445 SMB over IP - can be used to obtain system information
  • Port 3389 - RDP - could be breached by brute-force methods for trying username and password combinations

Recommended best practice: In your cloud account security definitions, do not allow ingress from any of the ports listed above.

Permissive Access

The Permissive Access widget is an indication of risk posed to your public cloud environment due to overly permissive ingress access. It displays the number of assets that violate policy, along with the total number of assets monitored. Click the widget to display all assets with Permissive Access.

What is permissive access?

Permissive access in SecureCloud refers to ingress access to an asset that is overly permissive; it is reported in the Dashboard and Asset Security Access. The criteria defining permissive access can vary from one situation to another, even in the same organization. In SecureCloud you can define permissive access in Risk Configuration and further refine the scope of reporting in Exceptions.

You can set one or both of two independent parameters to define permissive access - source subnet and services. If the actual access specified in the vendor's security controls is equal to or more permissive than any of these settings, it will be considered a violation of best practices.

Possible values for source subnet:

  • Any - only when the cloud account's definition allows access from Any source IP, will the access be considered too permissive
  • Larger than class A (default)- only when the cloud account's definition allows access when source subnet is larger than class A, will the be considered too permissive
  • Larger than class B - only when the source subnet is larger than class B, will the access be considered too permissive
  • None - the source subnet is not taken into account when determining whether permitted access is too permissive

Possible values for services:

  • Any (default) - only when Any is specified will the access be considered too permissive
  • Any and TCP/UDP:0-65535 - only when Any, TPC:0-65535 or UDP:0-65535 are specified will the access be considered too permissive
  • None - the service is not taken into account when determining whether permitted access is too permissive

Recommended best practice: In your cloud account security definitions, avoid the use of unlimited ranges; allow traffic to assets only through well-defined ports and IP addresses.

Cloud Security Policy Violations

The cloud security policy violations widget is an indication of risk posed to your public cloud environment due to your cloud vendor security definitions being non-compliant with your cloud security policy. It displays the number of assets that violate policy, along with the total number of assets monitored. Click the widget to display all assets with cloud security policy violations.

What is a policy violation?

  • A cloud security policy violation is a case where a vendor security rule doesn't comply with a cloud security policy rule.

Recommended best practice: Review violations frequently and resolve as needed.

Tag Usage

The Tag Usage widget is an indication of risk posed to your public cloud environment due to assets without tags. It relates only to the native tags specified at your cloud service provider, not to custom tags created in SecureCloud. It displays the number of assets that violate policy, along with the total number of assets monitored. Click the widget to display all assets without tags.

What are Tags?

Tags are a cloud native mechanism of assigning values to your assets in order to identify them and group them with other assets using similar tags. SecureCloud uses these tag values to create logical groups such as environments and applications and additionally has its own mechanism of creating custom tags that can be used instead of or in addition to the native asset tags.

Recommended best practice: Use tags on all assets so you can combine them in SecureCloud into logical groups.

CIS Benchmark for Public Cloud

The CIS Benchmark for Public Cloud widget is an indication of risk posed to your public cloud environment due to your cloud vendor security definitions that are not compliant with the CIS Benchmark for Public Cloud. It displays the number of tests that failed and the total number of tests performed.

The CIS Benchmark for Public Cloud is a subset of the security controls developed by the Center for Internet Security (CIS) and adapted for public cloud services. These controls have gained widespread acceptance as a baseline for public cloud security and can be downloaded from the CIS website. SecureCloud runs an automatic audit process on your monitored cloud accounts, which tests each control and displays its status, together with guidance for remediation.

Click the widget to display your monitored cloud accounts and their CIS test status.

Vulnerable Assets Exposed to the Internet

The Vulnerable Assets widget is an indication of risk posed to your public cloud environment due to assets with vulnerabilities that are exposed to the Internet.

Click the widget to display all Vulnerable Assets.

What are Vulnerable Assets?

Vulnerable assets are those on which a CVE issue has been found.

Common Vulnerabilities and Exposures (CVE) is a list of publicly-disclosed computer security flaws, each of which has a unique CVE ID number. Using vulnerability assessment tools, such as Azure Defender, AWS Integrator, and GCP OS Configuration, SecureCloud identifies assets that have CVEs with an attack vector of type Network. These tools need to be enabled in the vendor account. Additional integrations with other tools can be implemented using APIs that will add the CVEs identified by them to SecureCloud. For more information about additional integrations, contact Tufin support. A CVE will appear in SecureCloud only once, even if identified by different tools.

Recommended best practice:  Regularly review the CVEs found and apply the latest patches needed to address them.

Sensitive Data Compliance

SecureCloud identifies assets that have sensitive data exposed to the internet. Sensitive data includes names, email addresses, credit card numbers, and locations. The Sensitive Data Compliance widget shows the number of assets that include this information.

Click the widget to display all exposed assets with sensitive data (see Sensitive Data Compliance).

Recommended best practice: Regularly review the report and take appropriate measures so that sensitive data is not exposed.

How Do I Get Here?

Main Menu > Dashboard