Abstract
Website
Documentation
Nowadays, cloud infrastructure is pretty much the de-facto service used by large/small companies. Most of the major organizations have entirely moved to cloud. With more and more companies moving to cloud, the security of cloud becomes a major concern.
While AWS, GCP, Azure, and DigitalOcean provide you protection with traditional security methodologies and have a neat structure for authorization/configuration, their security is as robust as the person in-charge of creating/assigning these configuration/policies. Also, the massive scale at which cloud services are adopted in enterprises, merged with inevitability of human error, often leads to catastrophic damages to the business.
Few vulnerable scenarios:
- Security groups/policies, password policy or IAM policies are not configured adequately
- S3 buckets and Azure blobs are world-readable
- Web servers are supporting vulnerable SSL ciphers
- Ports exposed to public with vulnerable services running
- If root credentials are used
- Logging or MFA is disabled And many more such scenarios…
Knowing all this, audit of cloud infrastructure becomes a hectic task! There are a few open source tools which help in cloud auditing however none of them provides an exhaustive checklist. Also, setting up all the tools and looking at different result sets is a redundant task. While managing massive infrastructures, system audit of server instances is a challenging task as well.
Cloud Security Suite (CS Suite) is a one stop tool for auditing the security posture of the AWS/GCP/Azure/DigitalOcean infrastructures along with server audit feature. CS Suite leverages capabilities of current open source tools and has plethora of custom checks into one tool to rule them all.