Hackers of India

Cloud Security Suite: One Stop Tool for AWS/GCP/Azure/DigitalOcean Security Audit

By  Jayesh Chauhan  on 04 Dec 2019 @ Blackhat : Arsenal

This Tool Demo covers following tools where the speaker has contributed or authored
CLOUD SECURITY SUITE

Abstract

Website
Documentation
Nowadays, cloud infrastructure is pretty much the de-facto service used by large/small companies. Most of the major organizations have entirely moved to cloud. With more and more companies moving to cloud, the security of cloud becomes a major concern.

While AWS, GCP, Azure, and DigitalOcean provide you protection with traditional security methodologies and have a neat structure for authorization/configuration, their security is as robust as the person in-charge of creating/assigning these configuration/policies. Also, the massive scale at which cloud services are adopted in enterprises, merged with inevitability of human error, often leads to catastrophic damages to the business.

Few vulnerable scenarios:

Knowing all this, audit of cloud infrastructure becomes a hectic task! There are a few open source tools which help in cloud auditing however none of them provides an exhaustive checklist. Also, setting up all the tools and looking at different result sets is a redundant task. While managing massive infrastructures, system audit of server instances is a challenging task as well.

Cloud Security Suite (CS Suite) is a one stop tool for auditing the security posture of the AWS/GCP/Azure/DigitalOcean infrastructures along with server audit feature. CS Suite leverages capabilities of current open source tools and has plethora of custom checks into one tool to rule them all.