Dashboard

Overview

The SecureCloud dashboard is a snapshot of your compliance with security policy and best practices in your cloud account settings . It is made up of widgets representing different aspects of your security posture, each showing the number of items (such as assets) found in violation of your policy along with the total number monitored.

The statistics displayed on the dashboard are adjusted to take into account any exceptions you have defined.

Information for public cloud is available after you have specified public cloud accounts. Until this has been done, the dashboard displays the relevant 'start' widgets instead of the info widgets.

What Can I Do Here?

  • Drill down to see details of the public cloud policy violations by clicking on the desired widget
  • Download an on-demand Security Posture Report - click PDF Report (example)

Public Cloud Detail

Click on a widget to drill down to the relevant detail. Most reports can be downloaded as a CSV file, which can contain additional information not shown on the screen.

Risky Ports

The Risky Ports widget is an indication of risk posed to your public cloud environment due to commonly-used ports exposed to the internet. It displays the number of assets that violate policy, along with the total number of assets monitored. Click on the widget to display all assets with Risky Ports.

What are risky ports?

In SecureCloud, risky ports are commonly-used ports exposed to the internet. They are therefore considered high risk and could leave your assets open to attack. The list of risky ports can be managed in Configuration and the scope of reporting them further refined in Exceptions.

A default list is included when you install SecureCloud, which you can modify to your requirements:

  • Port 23 - Telnet: Data is plain text and so open to injection
  • Port 110 - POP3: Plain text
  • Port 137-9 NetBIOS meant for file and printer sharing - can be used to obtain system information such as domain, workgroup and system names
  • Port 445 SMB over IP - can be used to obtain system information
  • Port 3389 - RDP - could be breached by brute-force methods for trying username and password combinations

Recommended best practice: 

  • In your cloud account security definitions, do not allow ingress from any of the ports listed above.

Permissive Access

The Permissive Access widget is an indication of risk posed to your public cloud environment due to overly permissive ingress access. It displays the number of assets that violate policy, along with the total number of assets monitored. Click on the widget to display all assets with Permissive Access.

What is permissive access?

Permissive access in SecureCloud refers to ingress access to an asset that is overly permissive; it is reported in the Dashboard and Asset Security Access. The criteria defining permissive access can vary from one situation to another, even in the same organization. In SecureCloud you can define permissive access in Risk Configuration and further refine the scope of reporting in Exceptions.

You can set one or both of two independent parameters to define permissive access - source subnet and services. If the actual access specified in the vendor's security controls is equal to or more permissive than any of these settings, it will be considered a violation of best practices.

Possible values for source subnet:

  • Any - only when the cloud account's definition allows access from Any source IP, will the access be considered too permissive
  • Larger than class A (default)- only when the cloud account's definition allows access when source subnet is larger than class A, will the be considered too permissive
  • Larger than class B - only when the source subnet is larger than class B, will the access be considered too permissive
  • None - the source subnet is not taken into account when determining whether permitted access is too permissive

Possible values for services:

  • Any (default) - only when Any is specified will the access be considered too permissive
  • Any and TCP/UDP:0-65535 - only when Any, TPC:0-65535 or UDP:0-65535 are specified will the access be considered too permissive
  • None - the service is not taken into account when determining whether permitted access is too permissive

Recommended best practice: 

  • In your cloud account security definitions, avoid the use of unlimited ranges; allow traffic to assets only through well-defined ports and IP addresses.

Cloud Security Policy Violations

The cloud security policy violations widget is an indication of risk posed to your public cloud environment due to your cloud vendor security definitions being non-compliant with your cloud security policy. It displays the number of assets that violate policy, along with the total number of assets monitored. Click on the widget to display all assets with cloud security policy violations.

What is a policy violation?

  • A cloud security policy violation is a case where a vendor security rule doesn't comply with a cloud security policy rule.

Recommended best practice: 

  • Review your applications and assets and resolve all violations.

Tag Usage

The Tag Usage widget is an indication of risk posed to your public cloud environment due to assets without tags. It relates only to the native tags specified at your cloud service provider, not to custom tags created in SecureCloud. It displays the number of assets that violate policy, along with the total number of assets monitored. Click on the widget to display all assets without tags.

What are Tags?

  • Tags are a cloud native mechanism of assigning values to your assets in order to identify them and group them with other assets using similar tags. SecureCloud uses these tag values to identify your applications and additionally has its own mechanism of creating custom tags that can be used instead of or in addition to the native asset tags.

Recommended best practice: 

  • Use tags on all assets to define important asset characteristics such as application and environment, as described in Global Application Visibility.

CIS Benchmark for Public Cloud

The CIS Benchmark for Public Cloud widget is an indication of risk posed to your public cloud environment due to your cloud vendor security definitions that are not compliant with the CIS Benchmark for Public Cloud. It displays the number of tests that failed and the total number of tests performed.

The CIS Benchmark for Public Cloud is a subset of the security controls developed by the Center for Internet Security (CIS) and adapted for public cloud services. These controls have gained widespread acceptance as a baseline for public cloud security and can be downloaded from the CIS website. SecureCloud runs an automatic audit process on your monitored cloud accounts, which tests each control and displays its status, together with guidance for remediation.

Click on the widget to display your monitored cloud accounts and their CIS test status.

How Do I Get Here?

Main Menu > Dashboard