Botmetric Brings Unique Click to Fix for AWS Security Group Audit

In today’s day and age, deploying solutions and products on the cloud has become the new norm. However, managing your cloud infrastructure, implementing critical cloud security controls, and preventing vulnerabilities can become quite challenging.

Security & Compliance

Botmetric’s Security & Compliance simplifies the process of discovering and rectifying the threats as well as shortcomings in your AWS infrastructure by providing a comprehensive set of audits and recommendations, which saves a lot of time and makes eliminating unused Security Groups easy.

Botmetric’s Security & Compliance imbibes culture of continuous security and DevSecOps by automating industry best practices for cloud compliance and security. For an AWS user this simplifies the process of discovering and rectifying the threats.

Remediation of Security Threats with Botmetric

At Botmetric, we believe in simplifying cloud management for our customers. To amplify this, we provide the ‘click to fix’ feature for many of our Security & Compliance audits. This feature enables users to implement the best practices recommended by Botmetric simply with the click of a button. While saving a lot of time and effort, it also eliminates the possibility of human error. Moreover, rather than manually fixing each and every resource, Botmetric allows you to select multiple resources and fix them all at once.  

Click to Fix Security Group Audit

In an effort to allow our users to easily secure their cloud, we have recently added ‘click to fix’ feature for all Botmetric security group audits.

Why Botmetric Built Click to Fix for AWS Security Group Audits?

Security groups in AWS provide an efficient way to assign access to resources on your network. The rules that you define in security groups should be scrutinized. For a simple reason that you could end up giving a wide open access resulting in an increased risk of security breaches. The security group audits provided by Botmetric discover issues, such as as security groups having rules with TCP/UDP ports open to public, servers open to public, port ranges open to public,  so on and so forth. These are serious security loopholes that could leave your cloud open to malicious attacks.

Botmetric’s ‘click to fix’ feature for AWS security group audits deletes the vulnerable security group rule, thereby securing access to your cloud resources and protecting your cloud infrastructure.

Botmetric- Click to Fix

List of AWS Security Group Audits provided by Botmetric

  • Database Ports

Protecting database ports is crucial as you wouldn’t want access leaks or open ports to your Database ports. Botmetric scans your database ports open to public, IP and private subnet. Securing these would ensure your database ports safety in a security group.

  • Server Ports

Very essential as a lot of security issues and vulnerabilities have been caused due to server ports. Botmetric secures ports open to public, IP and private subnet.

  • TCP UDP  and ICMP Ports

Relies everything we do on the internet, here Botmetric secures open ports to both public and IP.

There are few more controls for Security Group such as All Traffic and Port Range also secured by the audits.

How to Enable Click to Fix for AWS Security Group Audits?

To use the click to fix for security group audits, please ensure that you have added “ec2:RevokeSecurityGroupIngress” permission to the policy of the role whose ARN is configured for Security and Compliance.

The Bottom line:

At Botmetric, we will continue to add more AWS cloud security and compliance features. We will soon come up with a detailed post on Click to Fix feature for several key AWS Security Audits. Until then stay tuned with us.

This is a newly launched feature by Botmetric. To explore this feature, take up a 14 day trial . If you have any questions on AWS security or AWS security best practices, just drop in a line below in the comment section or Tweet to us at @BotmetricHQ.

5 Point Guide to AWS DR Automation

Disaster Recovery is a procedure to recover technology infrastructure and systems following a disaster. There are 2 types of disasters:
Natural – These include natural calamities like floods, tornado, earthquakes.
Man-Made –  These are disasters caused by human negligence or errors such as infrastructure failure, IT Bugs, cyber-terrorism.
In such cases, not only should we have backups but backups should be copied across multiple regions and multiple accounts.

Here is a 5-point guide for AWS DR automation:

Type of Backups

There are three major levels of recoveries, organization should consider while designing their recovery solution:

File Level Recovery – from files stored in S3.

Volume Level Recovery – from snapshots.

Database Level Recovery – from DB Snapshots.
For every AWS Infrastructure, there are many kinds of resources that need to be backed up for DR purpose:
      EC2 Instance Backups (EC2 AMIs)
      EBS Volume Backups (Snapshots)
      RDS DB Backups (DBSnapshots)
      Elasticache DB Cluster Backups (Elasticache Snapshots)
      Redshift  DB Cluster Backups (Redshift Snapshots)
      Route53 Hosted Zone Backups (S3 Copy Hosted Zone Files)
      CloudFormation Template Backups (CloudFormation Template)

Critical vs Less Critical vs Non-Critical

Depending on the systems and their potential impacts on the business, we can classify strategies into 3 types –
     Most Critical System – Frequency – 1 hour. Retention -1 year
     Less Critical System – Frequency -1 day.  Retention – 180 days 
     Non-Critical System – Frequency -1 week. Retention – 4 weeks.
                                       – Manually Backup if required.

Automated vs Manual backups

In a dynamic cloud environment, with a wide range of services, it is extremely difficult to manage resources and deal with continuous changes beneath them.
For example:
If an organization has 100’s of instances of different types with different roles to play, it becomes impossible to manually create backups and monitor them.
With Automation, you just need to add tags to every instance defining their
role. It will help to create individual policies based on their role.
Let’s say, you have the following definition of instances –
Tag Instance Count Backup Policy

ENV/DEVELOPMENT 30 Once in a week
ENV/MONITORING 5 Once in a month
ENV/PRODUCTION 60  Every 4 hours
ENV/OTHERS 5 Not required(manually)

In the example shown above, automation is a clear winner relative to a manual backup.

Cost Optimized backups

Organizations should make strategies to clean up old backups which are no longer required. This will drastically reduce AWS Infrastructure Cost.
Also, AWS has a limit on the number of backups that can be created in an account.  For e.g. EBS Snapshot limit is 10,000.

Cost Optimized DR Strategy is therefore required to ensure limited backups.
In Botmetric backups jobs, Snapshots to retain parameter(s) ensures to keep the number of snapshots per volume.
Similarly, AMIs to retain ensures to keep number of AMIs per instance.
Let us understand it with an example – If there are 180 Snapshot to retain, and the job execution is once a day it will keep snapshots of 180 days (i.e. 6 months) old. 

If there are 360 Snapshot to retain and the job execution is twice a day, it will keep a backup of 180 days (i.e. 6 months) old. However, it will keep 2 snapshots per volume of the past 180 days.

Note: For safety purpose we will try to keep Snapshot to retain+1.

DR Automation for various AWS Resource

Depending on the AWS Infrastructure and DR Strategy backups can be taken across regions/across accounts.
In Botmetric, we have a wide variety of jobs for various services-

EC2:
          Create EC2 Ami based on EC2 Instance tags
          Copy EC2 Ami based on EC2 Instance tags across regions
          Copy EC2 Ami based on EC2 ami tags across regions
          Copy EC2 Ami based on EC2 Instance tags across accounts
EBS:
          Create EBS snapshot based on ebs volume tags
          Create EBS snapshot based on ec2 instance tags
          Create EBS snapshot based on ec2 instance ids
          Copy EBS snapshot based on ebs volume tags across regions
          Copy EBS snapshot based on ec2 instance tags across regions
          Copy EBS snapshot based on ebs volume tags across accounts

RDS:
         Create RDS snapshot snapshot based on DB Instance tags
         Copy RDS snapshot based on DB Instance tags across regions

REDSHIFT:
         Create Redshift snapshot based on redshfit cluster tags

ROUTE53:
         Create Route53 Hosted Zone backups

In addition to it, for cleaning up of old backups, we have de-register Old EC2 AMIs and Delete Old EBS Snapshots jobs.

Conclusion

In today’s ever changing cloud environment, zeal to achieve continuous availability, robustness, scalability and dynamicity spawned the rise of ‘Backup as a Service’ (BaaS).  With AWS DR automation and smart strategies you can secure make your business ‘disaster-free’. Read about the do’s and don’ts of DR Automation strategy.

Botmetric is an intelligent cloud management platform that is designed to make cloud easy for engineers. Sign up now, to see how Botmetic can help you with your Disaster recovery planning.

 

How to understand your company’s Cloud Security & Compliance with Botmetric?

The concerns about security and policy compliance have made organizations wary of adopting a cloud infrastructure model and storing data in public cloud environments. This also throws an opportunity at cloud service providers to implement the right tools and processes to secure their customers’ cloud infrastructure. As a premier unified cloud management platform, Botmetric leaves nothing that could compromise your cloud security and compliance.

However, before we directly get into the Botmetric offerings, let’s analyze facts on compliance and security.

Why security and compliance are important in the cloud?

Ok. You have decided to move to public cloud computing. But how about your cloud security and compliance to standards? Taking a security-first approach in the cloud and achieving a state of continuous compliance is the answer. This approach can lower your costs, minimize risks, and reduce complexity in your cloud and cloud operations.

The security-first model must focus on maintaining continuous monitoring and management of cloud security risks and threats. You must leverage modern tools and automation techniques to:

  • Monitor security threats through real-time discovery.
  • Understand the security threats through deep insights.
  • Act on threats through automated policies, processes, and controls.
  • Measure security and compliance results through robust reporting capabilities.

And now how would you ensure that your cloud is secure and compliant to these actions? The best method is to use a platform that continuously monitors and manages your cloud security against set policies and compliance processes and framework.

This model would ensure:

  • Complete and unified view across all your cloud accounts
  • Generation of compliance reports
  • Identification, prioritization, and remediation of compliance risks
  • End-to-end lifecycle compliance monitoring
  • Audit reports that demonstrate round-the-clock security management and compliance

Botmetric’s Security & Compliance

At Botmetric, we are committed to your cloud infrastructure’s security requirements and compliance standards. We have one integrated platform for cost, security, and operations that enable you to gain complete control over your cloud with confidence.

Our Cloud Security and Compliance Management platform provides continuous security and compliance assurance for your AWS. The platform is capable of identifying the key risks with over 200+ health checks across cloud network security, IAM access security, cloud data security, business disaster recovery, and infrastructure security.

Dashboard

Botmetric’s Security & Compliance Dashboard opens up snapshots of your cloud security and compliance issues. The issues are monitored, tracked, and compiled in the form of infographics on the dashboard to give you the summary picture. These summaries are all that you need to know about the state of your cloud security.

Botmetric audits your infrastructure, alerting you to the nature and number of risks. You can view in your cloud the health score, and understand how compliant your operations are.

The dashboard displays the following summarized reports:

Cloud Security Summary

These pictorial representations on the dashboard provide easily readable and understandable data on your total number of issues, classified based on severity levels and broken down based on regions.

aws cloud security summary

Cloud Compliance Summary

An integrated policy compliance view gives the overall health score, a total number of checks against compliance, the number of passes, and failures classified based on severity levels.

aws cloud compliance summary

Security Compliance by Policy

Tracks compliance against set policies. You have insights into your default policy, performance policy, and disaster recovery policy etc.

Apart from the dashboard view, the Botmetric Security & Compliance platform offers more detailed and automated metrics and reports on your cloud. These metrics and reports ensure the security health and policy compliance of your cloud infrastructure.

Let’s analyze the details of the Botmetric powered cloud security and policy compliance metrics and reports:

aws security compliance by policy

Policy Compliance Metrics

The policy compliance metrics provides the number of current vulnerabilities with policy compliance and health score. The overall metrics are further classified into critical vulnerabilities, security compliance summary, and recent vulnerabilities to track them all in details.

All these are achieved by Botmetric’s real time scan for your cloud compliance to identify risks and security violations. You can assess and mitigate the vulnerabilities in real time and implement a comprehensive security management for your cloud.

Audit Reports

This feature provides security audit reports and remediation with powerful click-to-fix capabilities. It can be run at any point of time from within the Botmetric platform. However, a daily audit is run automatically by the system. The reports are further classified based on categories, set policies, and groups. A click on the “View Issues” button provides links to the issues. You can’t just stop with viewing the issues; you can fix them in real time! With a powerful click-to-fix solution, you can resolve those issues in seconds without leaving the Botmetric platform.

Remediation History

The remediation history showcases fully traceable audit trail with a detailed record of all security issues fixed to help you keep track of your issues and fixes.

Configure Your Policies

Policies help you to create desired custom audits list with custom definable parameters for more controlled compliance. Apart from self-defined policies, Botmetric also has certified policy compliance such as CIS (Center for Internet Security) for AWS Framework, which certifies your infrastructure compliant of CIS Framework for AWS.

Increased Visibility with Security Reports

Reports are the very essential for discovering previous stages and while performing internal organizational audits. Botmetric has a library of reports where you can share, schedule and download daily audit reports, anytime.

And Botmetric can help!

Botmetric Security & Compliance could Now that you have an understanding of Botmetric’s simple but powerful Security & Compliance platform, the next step would be to implement it for the tight security and compliance measures. All you need to do now is to take a free trial for 14 days!

At Botmetric, we provide intelligent analysis of your cloud requirements, suggest ways and means to optimize your cloud, and get you going with your cloud without security and compliance threats. Talk to our experts and leverage our expertise. support@botmetric.com; and very much social: Twitter, Facebook, or LinkedIn.

Top AWS Cloud Security Concerns Today’s Enterprises Need to Let Go

Given the humongous amounts of data being generated on a daily basis, there is no debate about the fact that cloud computing is crucial to running a competitive, modern digital business. The benefits are manifold – agility offered in IT and enterprise business operations, reduced capital outlays, efficiencies in processes, speed and overall productivity gains. It is not surprising at all then that Gartner has projected that the worldwide public cloud services market will grow 18 percent in 2017 to a total $246.8 billion, up from $209.2 billion in 2016. But despite its near explosive growth, cloud security remains a concern.

In today’s IT threat landscape, keeping pace with the attackers and ensuring security is more important than ever. Even though there is nothing inherently unsecure about the cloud, the fact remains that the responsibility of the apps that run on the cloud lies with the user and not the cloud vendor such as AWS. In fact, AWS features a shared responsibility model, which means that AWS takes responsibility of the facilities, physical security of hardware and virtualization infrastructure, and not the apps that run on it.

Therefore, it really boils down to changing the psychology or concerns mindset when it comes to thinking about cloud security. Here are some highlights for enterprises to deliberate on.

Security is Just the Cloud Vendor’s Responsibility

A number of recent global industry surveys on cloud security have indicated that enterprises consider cloud security is the sole responsibility of the cloud service providers. That’s an extremely flawed and dangerous assumption. Cloud Security is always a collective responsibility shared by the vendor and the user. This is true irrespective of whether you talk about a public or a private cloud. Of course, it has not been easy for the IT Security industry to keep up with the rapid growth of the cloud computing industry.

But that means that organizations need to go the extra mile, for example, by configuring apps that are compatible with the cloud infrastructure they are using. On their part, vendors need to ensure rigorous security on Virtual Machines (VMs) where storage space is shared by multiple clients and on data centres, addressing a lot of complexities with regard to this challenge can be successfully achieved. Regulatory compliance also helps.

For instance, AWS is compliant with PCI DSS 3.2 and many other compliances. This means that users can confidently leverage the certified AWS products and services to meet security and compliance objectives from infrastructure perspective while just focussing on the application level security. Because Amazon has validated PCI DSS compliance against the latest set of criteria. Users including early adopters of the standard can benefit from it.

From a regulatory perspective, Governments should work to mandate encryption and perhaps enforce penalties for companies that suffer data breaches in the times to come. Security vendors have some catching up to do too, to develop new cloud-first products. Currently, a majority of security tools being offered in the market do not work with the cloud, but are meant for the traditional networking environments.

It’s important to establish who is responsible for which aspects of security, so that measures can be put in place to ensure the system and data remain safe. To quote an example, for the Amazon ELB service, which is the shared infrastructure service, its default configuration is susceptible to some known SSL vulnerabilities. Also web application firewalls need to be configured for application level security. In this case, the responsibility to enforce a particular implementation doesn’t lie with Amazon, but with the provisioner to ensure that adequate configuration and testing takes place. Simply pinning the blame on the vendor is not an option. Ultimately, security should be a constant consideration of everyone involved.

Why Keep the IT Department in the Loop?

Often, the biggest risk associated with cloud is as a result of human factors. For example, business functions sometimes may sign up cloud services for their purpose, without even involving the IT department or CISO team.

There is a reason why IT departments are cautious about moving mission-critical applications to the cloud. There are some legitimate fears around security, downtime and control. Bypassing the IT department while making cloud investment decisions presents a genuine risk for enterprises. This is because such instances make it unlikely that security audits have been conducted, or safeguards have been put in place.

A sensible security policy is essential, to ensure that IT is involved in the decision-making process when it comes to any type of IT adoption. This information should be used to develop test cases, which can thoroughly test the status of cloud security. If there are any loopholes in security, they need to be addressed immediately via patches. At the same time, updates also need to be implemented on a regular basis.

Of course, an overly draconian cloud security policy too defeats the purpose since it risks being circumvented. Instead, the aim should be to build a solid security policy that empowers departments to achieve what they need without sacrificing security.

Regulated Bring Your Own Device (BYOD) Policies Will not Help

BYOD can put a whole different spin on security. In fact, 44% of security professionals listed BYOD as their biggest security concern in one recent survey, more than any other aspect of security. On one hand, lost or stolen devices could potentially give an unauthorized access to cloud services, as well as sensitive data stored locally or in caches, to unauthorized persons. BYOD also makes it more challenging to diagnose data breaches, as filtering and monitoring systems may not be in place on employees’ own devices.

In addition, family members and friends of staff may have access to a device used at work, so measures need to be put in place to restrict access to sensitive data.

Of course, BYOD brings with it some huge advantages. It gives staff the freedom to use devices that they are comfortable with, giving them more convenience and better features loaded than those provided by their employers. Implementing an acceptable use policy, as well as controlling access to sensitive data with a password or PIN and Multi Factor Authentication (MFA) can help.

Shared Resources on Public Clouds are Always Risky

Access to data on Virtual Machines (VMs) is a big concern in public clouds. By definition, public clouds share resources between different customers and use virtualization heavily, and this does create additional security vulnerabilities, both from access levels as well as from exploits in the virtualization software.

In theory, VMs hosted on the same physical server could suffer undetected network attacks between each other in the absence of suitable network detection. Hijacking VM hypervisors, and exploiting local storage in memory are also fairly common. Therefore, investigating the controls that providers have in place to secure the cloud environment is important. Vendors accredited to the highest industry standards, such as AWS and AZURE, do make this information available. In general, most security issues are enterprise-specific and are standard server security or admin related problems. Therefore, the best approach to mitigate security risks is tracking critical security patches at VM level and using the latest version of machine images. For critical applications, an External VAPT Security testing and application level security protection are important.

Less Availability of Data Security Breach Identification Solutions in the Market

The best way to ensure that data integrity is not compromised, whether it is through deliberate or accidental modification, is to use resource permissions that can limit the scope of users who can modify the data and also leverage data auditing controls to track who accessed what, from where and when information for compliance purpose.

Even for doing this, the threat of accidental deletion by a privileged user still remains. It could also be an attack in the form of a Trojan using the privileged user’s credentials). Measures such as performing data integrity checks, including Message Integrity Codes (parity, CRC), and Message Authentication Codes (MD5/SHA), or Hashed Message Authentication Codes (HMACs) to detect data integrity compromise are helpful. Above all, there are several solutions available solely for these purposes that provide Host Level Intrusion Detection(HIDS) and File Integrity Monitoring Solutions (FIMS).

Ignoring DevOps, Or Slow in Adopting it

In many ways, DevOps are bringing in a new wave when it comes to cloud security. In the DevOps automation cycle, for example, every code commit triggers a build that tests security and functionality of the application bundles using tools like Amazon Inspector and Selenium. In fact, while Selenium was earlier used for test automation only, it has since emerged as one of the top DevSecOps tools as it can easily trigger security scanning tests along with other application test scripts. At the same time, it also ensures that systems are always patched, vulnerabilities scanned and checked for functioning before deployment.

DevOps are giving enterprises a way to make application quality and security testing more scripted, continuous, and automated. DevSecOps enable an automation approach for security tests throughout development, even on the cloud. They are even integrating security-feature design and implementation into the development lifecycle in ways that wasn’t possible before.

In many ways, DevOps is helping application security to reach a level that many security professionals have been advocating for years. The only way to do this is through automation of security and regulatory compliance tests throughout development and deployment. For organisations, by leveraging automation tools to enforce security and compliance controls, DevSecOps will empower them to achieve regulatory compliance at speed, and at scale. DevSecOps also makes detection and closing of security vulnerabilities faster than before while on the cloud.

Partial Knowledge of Risks Involved

Knowing your cloud compliance and understanding security vulnerabilities completely in real-time is the first and foremost step. Once you are aware, taking steps to ensure business continuity is relatively easier. The comprehensive security process includes enabling auditing controls, logging access data, network security, IAM controls, data governance, passive/active protection for VMs and applications.

It is possible to quickly assess and mitigate vulnerabilities in real time and adopt a comprehensive security management for your cloud, for example with cloud management platforms like Botmetric Security and Governance. With such tools, it is possible to optimally improve your AWS cloud security and identify critical vulnerabilities at Cloud level quickly from various perspectives — data security, Disaster Recovery, user access, network security, etc.

Penetration (or VAPT) Testing is another process used traditionally to understand the risks and test if there is scope for hackers gaining access to application environment. This is equally useful for cloud systems too. And with the cloud, come additional vectors for attacks.

Integrating Security Across your Processes is Secondary

In the initial stages of adoption, companies experimented with storing mostly non-strategic data into the cloud. But now that they have made the transition to moving business critical apps and data into the cloud, processes to ensure compliance with legal and regulatory norms haven’t quite caught up yet.

Also, many organizations fail to integrate security as a seamless feature as part of their continuous methods like DevOps, and for some, security slows down the development methods. In order to realize the full potential of the cloud, built-for-cloud-security products must adhere to the DevOps process.

Amazon VPC is Not Safe

The Amazon Virtual Private Cloud (VPC) provides some great features that you can use to increase and monitor the security for your enterprise data and applications. For example, its security groups act as a firewall for associated Amazon EC2 instances, and they control both inbound and outbound traffic at the instance level. Its network access control lists (ACLs) act as a firewall for associated subnets, and control both inbound and outbound traffic at the subnet level. It also has flow logs that capture information about the IP traffic going to and from network interfaces in the organization’s VPC.

These tools make it possible to monitor the accepted and rejected IP traffic going to and from your instances by creating a flow log for a VPC, subnet, or individual network interface. Additionally, the organization can use AWS Identity and Access Management to control who in the organization has permission to create and manage security groups, network ACLs and flow logs.

To sum up, the risk isn’t from transitioning to the cloud; rather, it is a result of poor policies that might not be conducive to a secure your business whether it’s in cloud or on-premise. What is your take?

May Roundup @ Botmetric: Deeper AWS Cost Analysis and Continuous Security

Cost modelling, budget reduction and cost optimization are some of the top most considerations for businesses irrespective of size. Whether it is an enterprise with 100+ foot print or a small start-up with less than 10 employees, cost reduction is always a great news. This month, we had two awesome news by AWS in regards to cost reduction — 61st Price Reduction slashing the rates of EC2 RIs & M4 Prices and releasing better Cost Allocation for EBS snapshots, and a key Botmetric Security & Compliance product roll-out on CIS Compliance. So in the month of May, focus was on AWS cloud cost analysis and continuous security.

Like every month, here we are presenting May month-in-review, covering all the key activities around Botmetric and AWS cloud.

Product News You Must Know @ Botmetric

Botmetric continues to build more competencies on its platform. Here’re the May month updates:

CIS Compliance for Your AWS

What is about: Auditing your infrastructure as per AWS CIS Benchmark policies to ensure complete CIS compliance of your AWS infra, without you going through complex process or studying docs.

How it will help: It will help AWS users, AWS auditor, AWS system integrator, AWS partner, or a AWS consultant to imbibe CIS AWS Framework best practices. This ensures CIS compliance for your AWS cloud.

Where can you find this feature on Botmetric: Under Security & Compliance’ Security Audit & Remediation console.

To know more in detail, read the blog ‘Embrace Continuous Security and Ensure CIS Compliance for Your AWS, Always.’

Cost Allocation for AWS EBS Snapshots

What is about: AWS has been evolving the custom tagging support for most of the services like EC2, RDS, ELB, BeanStalk, etc. And now it has introduced Cost Allocation for EBS snapshots. Botmetric, quickly acting on this new AWS announcement, incorporated this cost allocation and cost analysis for EBS snapshots.

How it will help: It will allow you to use Cost Allocation Tags for your EBS snapshots so that you can assign costs to your customers, applications, teams, departments, or billing codes at the level of individual resources. With this new feature you can analyze your EBS snapshot costs as well as usage easily.

Where can you find this feature on Botmetric: Under Cost & Governance’s Chargeback console.

To know more in detail, read the blog ‘Cost Allocation for AWS EBS Snapshots Made Easy, Get Deeper AWS Cost Analysis.’

Use of InfluxDB Real-Time Metrics Data Store by Botmetric

What is about: Botmetric’s journey in choosing InfluxDB real-time metrics data store over KairosDB+Cassandra cluster, and key reasons why engineer or an architect looking for a real-time data store featuring a simple operational management should opt for InfluxDB.  

How it helped Botmetric: With the use of InfluxDB, Botmetric could speed-up application development time, while the simple operational management of InfluxDB has been helpful. Plus, team Botmetric was able to easily query data and aggregate it. Above all, InfluxDB offered auto expiry support for certain datasets. Using InfluxDB, Botmetric is able reduce its DevOps effort in cleaning up old data using separate utilities.

Knowledge Sharing @ Botmetric

5 Cloud Security Trends Shaping 2017 and Beyond

While the switch to cloud computing provides many advantages in cost savings and flexibility, security is still a prime consideration for several businesses. It’s vital to consider new cloud technologies in 2017 for countering such rising threats. This guest post by Josh McAllister covered the top cloud security trends that are shaping 2017. Some of them are AI and automation, micro-segmentation, software governance, adopt new security technologies, ransomware and the IoT, and much more. If you are looking to improve your security posture, then this blog post is a must read.  

The Biggest Pet Peeves of Cloud Practitioners and Why You Should Know

Despite adoption, there are a lot of barriers and challenges to a cloud’s adoption and acceleration. So it is for cloud practitioners as well. Botmetric throws some light on it — it could be apprehensions about losing control and visibility over data, having lesser visibility and control over operations compared to on-prem IT infra, fear of bill shock, and more. As a cloud user, do you want to know the top pet peeves of a cloud practitioner and turn them into possibilities or opportunities? Know about these roadblocks here.

A CFO’s Roadmap to AWS Cloud Cost Forecasting and Budgeting

Despite exponential increase in cloud adoption, there is one major fear attached to AWS, for that matter all the cloud’s adoption — how to be on top of cloud sprawl, and how to perfect AWS cost forecasting and budgeting as an enterprise business. To add to it, for today’s CFOs, IT is at the top of their agenda. If  you are a CFO trying to up your game and seeking to build a roadmap for AWS cloud cost modelling, spend forecasting and cloud budgeting, and above all assuage cloud sprawl?  Bookmark this blog.

What is NoOps, Is it Agile Ops?

DevOps is there, but today it is being augmented with NoOps using automation. And by taking a NoOps approach, businesses will be able to focus on clean application development, shorter cycles, and more so increased business agility.

On the other hand, in the journey of DevOps, if you automate mundane Ops tasks, it leads to NoOps. Essentially, NoOps frees-up developers’ time to further utilize their time for more innovation and to bring agility into ops (which is Agile Ops). Do read Botmetric’s take on this.

​Ultimate Comparison of AWS EC2 t2.large vs. m4.large for Media Industry

Two types of AWS EC2 instances, t2.large and m4.large, feature almost similar configuration. With media sites required to handle large number of concurrent visitors at any given time, both these resources seem perfect. This makes it challenging to make a decision on choosing the best resource, in terms of price and performance if you are a media company.  To eliminate this confusion, Botmetric has come up with information break-up of AWS EC2 t2.large vs. m4.large for media companies.  If you are a media company on AWS, this post by Botmetric might interest you.

The Wrap-up

Before we wrap-up this month, we have a freebie to share. Botmetric has always recommended AWS users to use tagging and monitoring as a stepping stone towards ensuring budgeting and cost compliance. To this end, Botmetric has come up with an expert guide that will help save cost on AWS cloud with smart tagging. Download it here.

Until next month, stay tuned with us.

Embrace Continuous Security and Ensure CIS Compliance for Your AWS, Always

By 2021, cybercrime damages will cost the world $6 trillion annually, predicts Cybersecurity Ventures. The dramatic rise in internet crime, right from ransomware epidemic and under-protected Internet of Things (IoT) devices to more sophisticated cyber-attacks, are coercing the businesses across the globe to embrace continuous security and stringent compliance. And if you are on public cloud, especially AWS, then CIS Compliance (Centre for Internet Security Compliance) for your AWS is a must.

Are you a AWS customer, AWS auditor, AWS system integrator, AWS partner, or a AWS consultant looking to implement this continuous security compliance for your AWS? Then look no further. Botmetric’s Security & Compliance has now imbibed CIS AWS Framework best practices to benchmark its audits ecosystem. This ensures CIS compliance for your AWS cloud.

Importance of CIS Compliance For Your AWS

For 16 years, Centre for Internet Security (CIS) benchmarks have been the de facto standard for prescriptive, industry-accepted best practices for securely configuring traditional IT components. Due to exponential increase in the adoption of AWS cloud, CIS came up with several benchmarks customized for AWS. These  best practices go beyond the high-level security guidance already available, providing AWS users with clear, step-by-step implementation and assessment procedures. This is the first-time CIS has issued a set of security best practices specific to an individual cloud service provider — AWS.

The release of the CIS AWS Foundations Benchmark into this existing ecosystem marks one of the many milestones for the maturation of the cloud and its suitability for sensitive and regulated workloads.

CIS AWS Foundations Benchmark Overview

The CIS benchmark for AWS provides prescriptive guidance for configuring security options for a basic set of foundational AWS services. Here’re the list of services that are within the scope of this benchmark:

  • AWS Identity and Access Management (IAM)
  • AWS Config
  • AWS CloudTrail
  • AWS CloudWatch
  • AWS Simple Notification Service (SNS)
  • AWS Simple Storage Service (S3)
  • AWS VPC (Default)

Further, this benchmark is divided into four sections-:

AWS CIS IAM (Identity and Access Management) Benchmark

Imagine this: AWS is like a territory and can be accessed only through few keys. The keys that give access to this territory would be the “root” account. The root account, however, has unrestricted access to all resources in the AWS account and it must be fiercely guarded and its use limited.

The CIS policies for IAM provides recommendations to limit the use of such root account, and if used, provides necessary monitoring guidance to prevent unauthorized use. In addition, it also recommends using multi-factor authentication (MFA), disabling inactive accounts, and having a very strong password policy.

AWS CIS Logging Benchmark (CloudTrail, CloudWatch, S3, AWS Config)

The use of logging API calls is an important recommendation in CIS benchmark. It recommends that all AWS API calls should be logged via CloudTrail, and CloudTrail should be configured to send logs to S3 and CloudWatch for long term and real-time analysis respectively. The logs should be encrypted, and the encryption keys should be rotated on a regular basis.

AWS CIS Monitoring Benchmark (CloudTrail, CloudWatch, SNS)

Monitoring an AWS account is critical to prevent and detect unauthorized use of the account. The benchmark recommends generating alerts by using a combination of metric filters and alarms. Some of the events to monitor and generate alerts against include non-MFA enabled accounts logged in via the console, root account usage, failed authentication attempts, unauthorized changes to IAM, S3, AWS Config and network configuration.

AWS CIS Networking Benchmark (Default VPC)

The networking section of CIS benchmarks make recommendations for configuring security related aspects of the default virtual private cloud (VPC). The recommendations include prohibiting security groups from allowing unfettered ingress access to remote console services such as SSH and RDP from 0.0.0.0/0. The recommendations also ensure the default security group restricts all traffic by default.

How Botmetric Can Help?

Botmetric’s Security & Compliance automatically audits your infrastructure as per AWS CIS Benchmark policies. This ensure complete CIS compliance of your AWS infra, without you going through complex process or studying docs.

With Botmetric, you can:

  • Implements foundational security measures in your AWS account that removes guesswork for security professionals
  • Audits complete AWS infra as per all the aforementioned CIS benchmarks and best practices
  • Evaluates security of your AWS account for continuous security
  • Performs additional audit ecosystem into your environment

The below GIF will guide you on how to go about CIS compliance on Botmetric:

Embrace CIS compliance and CIS benchmark for AWS

Go to Botmetric Audit Report, select CIS Foundation Policy from policy dropdown and check how your AWS cloud infrastructure security stacks up against this policy.

Who should be using CIS Benchmarks

  • AWS Customers
  • AWS Auditors
  • AWS System Integrators
  • AWS Partners
  • AWS Consultants

The Wrap-Up

Get compliant with CIS framework and best practices for your AWS cloud. Go beyond the high-level security guidance already available, with Botmetric.  Perform additional audits of your cloud infrastructure automatically as per AWS CIS benchmark policies, and stay sentinel to vulnerabilities.

If you’re already on Botmetric, do try the CIS Benchmark today to secure and benchmark your AWS cloud security. To know more about continuous security, read the blog post Continuous Security: A Necessity on Cloud.

5 Cloud Security Trends Shaping 2017 and Beyond

A shift from the traditional IT model to cloud-based solutions can be a rewarding strategy. Approximately 85 percent of companies now have a multi-cloud strategy as part of their IT operations. Cloud computing has become one of the most sought-after technologies in the IT market, with a growth rate of 18 percent expected over 2017. And with the cloud growing to meet soaring demand, there’s an increasing need for individual companies to implement stronger security. Here’re top cloud security trends that are shaping 2017. 

1. AI and Automation

IT security experts are pressured to create better software solutions, but implementing those solutions is becoming more reliant on AI. Automation is the only efficient means for monitoring constant activity over multiple channels. The goal is to implement self-sustaining mechanisms for identifying and isolating threats.

End users and even IT staff find it difficult to keep pace with increasing options and complexity. Your staff can become overwhelmed with tracking all the connections and preparing for changing threats. If you manage a smaller organization with limited resources, it could be crucial to add security automation to your IT infrastructure.

Machine learning is making more sustainable automation possible. Amazon Machine Learning, for instance, uses complex algorithms to find patterns in your data it can utilize in developing better data models. It then uses these improved models to process new data. Constant adaptation supports more accurate predictions and better responses.

Amazon Web Services’ (AWS) Senior Product Manager, Venkat Vijayaraghavan, has emphasized that static security rules aren’t adequate anymore. Security systems must enable analysis of traffic in order to detect the persistent and fraudulent bots that are crawling the internet today.

The trend in 2017 is automated systems that “learn” from existing threats to predict and anticipate future dangers. Through collaboration between developers, internet applications today can manage cloud APIs (application programming interfaces) to monitor applications and restore normal status without human intervention.

Tightly Integrated AWS Cloud Security Platform Just a Click Away

2. Micro-segmentation

Virtual networks are being replaced by highly segmented cloud architectures that are detailed to individual user endpoints. This micro-segmentation utilizes the same networking concepts but enhances security by sharing robust central functions across all segments. It uses authentication tools to validate each endpoint before client-server transactions begin.

Micro-segmentation provides a platform where certain connections will require extra security for greater privileges. This ensures isolation for certain endpoints within deployed services while ensuring that others get limited access. It allows system management to define and grant privileges at different levels of granularity, as well as lock down or block suspicious connections.

3. Software Governance

One increasing issue for IT departments is the growth of “shadow IT.” Otherwise known as “stealth IT,” this is the tendency of workers to utilize their own software solutions that IT has not approved or may not be aware of. As mobile devices multiply in 2017, it’s important that you create some accountability for shadow IT users.

Most IT departments are struggling to manage shadow IT issues that can heighten security risks. There’s a possibility that third-party software may contain vulnerabilities or malware that compromise business networks. There must be well-defined policies for software governance.

IT departments should be afforded the tools and authority to monitor and enforce security-focused guidelines. Software governance supports cooperation between IT and business functions. While IT could be more sympathetic to employee needs, employees need to understand that information security is crucial.

You should take steps to ensure that all applications are IT-approved and enforce consequences for introducing “shadow IT” to the network.

4. Adopted New Security Technologies

Leading cloud services such as AWS or Microsoft Azure have focused on better security measures to address customer concerns. Cloud providers are seeking the most advanced technologies to gain customer confidence. These solutions were once available as third-party services but are now being integrated into cloud platforms.

Some of the leading technologies today include:

  • WAF (Web Application Firewall): This monitors all incoming and outgoing traffic for potentially blocking anything that doesn’t meet configured guidelines. Today it’s a built-in feature of AWS.
  • Amazon Inspector: This is a security service for Linux and Windows hosts that allows you to evaluate any collection of resources for potential risks.
  • DDOS Protection Software: This software counters denial-of-service attacks which can occur through flooding your network with phony requests.

5. Ransomware and the IoT

Many hackers are devoted to ransomware, or malware that denies you access to your own data until a price is paid. Ransomware is particularly a threat to cloud data centers, which includes critical information from multiple clients. This could provide a huge pay-off for the hackers.

Ransomware is now the principle concern among APTs (advanced persistent threats). With cyber criminals perfecting their techniques, this becomes a crucial concern for all security vendors.

More vulnerability follows the growth of the Internet of Things, where smart devices are communicating with manufacturers and owners over Wi-Fi. Hackers want access to user information through networking components in everything from dishwashers to automobiles. Maintaining security over the data flooding in from potentially billions of devices will be a daunting task.

At the present time, developers are only beginning to establish industry standards and efficient means of deploying patches and upgrades over a wider spectrum of IT platforms. User error, protection of customer data, exposed APIs, and integration with big data are all security issues that need to be addressed in-depth.

Organizations must also realize that business continuity in the form of data backups and data recovery solutions are an essential part of cloud services. Lost data and cloud outages could represent serious setbacks to profitability and consumer trust.

To Conclude

While the switch to cloud computing provides many advantages in cost savings and flexibility, security is still a prime consideration with online operations. It’s important for you to consider new cloud technologies in 2017 for countering rising threats. Current software and sound principles for IT governance ensure that you can still reap the benefits of cloud computing safely.

 

April Roundup @ Botmetric: Aiding Teamwork to Solidify 3 Pillars of Cloud Management

Spring is still on at Botmetric, and we continue to evolve like seasons with new features. This month, the focus was on how to bring in more collaboration and teamwork while performing various tasks related to cloud management. The three pillars of cloud management, visibility, control, and optimization, can be solidified only with seamless collaboration. To that end, Botmetric released two cool collaborative features in April: Slack Integration and Share Reports.

1. Slack Integration

What is it about: Integrating Slack collaboration tool and Botmetric so that a cloud engineer will never miss an alert or notification when on a Slack channel and quickly communicate/alert it to their team ASAP. 

How will it help: Cloud engineers can quickly get a sneak-peak into specific Botmetric alerts, as well as details of various cloud events, on their desired channel of Slack. Be it an alert generated by Botmetric’s Cost & Governance, Security & Compliance, or Ops & Automation, engineers can see these alerts without logged into Botmetric, and quickly communicate the problem between the team members.

Where can you find this feature on Botmetric: Under the Admin section inside 3rd Party Integrations.

To know more in detail, read the blogBotmetric Brings Slack Fun to Cloud Engineers

2. Share/Email Data-Rich AWS Cloud Reports Instantly

What is it about: Sharing/emailing Botmetric reports directly from Botmetric. No downloading required.

How will it help: For successful cloud management, all the team members need complete visibility with pertinent data in the form of AWS cloud reports. The new ‘Share Reports’ feature provides complete visibility across accounts and helps multiple AWS users in the team better collaborate while managing the cloud.

Where can you find this feature on Botmetric: Across all the Botmetric products in the form of a share icon.

To know more in detail, read the blog ‘Share Data-Rich AWS Cloud Reports Instantly with Your Team Directly From Botmetric.’

Knowledge Sharing @ Botmetric

Continuing our new tradition to provide quick bites and snippets on better AWS cloud management, here are few blogs that we covered in the month of April:

Gauge AWS S3 Spend, Minimize AWS S3 Bill Shock

AWS S3 offers a durability of  99.999999999% compared to other object storage on AWS, and features simple web interface to store and retrieve any amount of data. When it comes to AWS S3 spend, it has something more in it beyond just the storage cost. If you’re a operations manager or a cloud engineer, you probably know that data read/write or data moved in/out also do count  AWS S3 bill. Hence, a detailed analysis of all these can help you keep AWS S3 bill shock to a minimum. To know how, visit this page.

7 Tips on How to Work the Magic With DevOps for AWS Cloud Management

Are you a DevOps engineer looking for complete AWS cloud management? Or are you a AWS user looking to use DevOps practices to optimize your AWS usage? Both ways, AWS and DevOps are modern way of getting things done. You should leverage new age DevOps tools for monitoring, application performance management, log management, security, data protection and cloud management instead of trying to build adhoc automation or dealing with primitive tools offered by AWS.

Get the top seven tips on how to work the magic with DevOps for AWS cloud management.

The Ultimate Cheat Sheet On Deployment Automation Using AWS S3, CodeDeploy & Jenkins

If you’re a DevOps engineer or an enterprise looking for a complete guide on how to automate app deployment using Continuous Integration (CI)/Continuous Deliver(CD) strategies, and tools like AWS S3, CodeDeploy, Jenkins & Code Commit, then bookmark this blog penned by Minjar’s cloud expert.

Botmetric Cloud Explorer: A Handy Topological Relationship View of AWS Resources

Do you want to get a complete understanding of your AWS infrastructure. And map how each resources are connected and where they stand today for building stronger governance, auditing, and tracking of resources. Above all get one handy, cumulative relationship view of AWS resources without using AWS Config service. Read this blog how to get a complete topological relationship view of your AWS resources.

The Cloud Computing Think-Tank Pieces @ Botmetric

5 Reasons Why You Should Question Your Old AWS Cloud Security Practices

While you scale your business on cloud, AWS too keeps scaling its services too. So, cloud engineers have to constantly adapt to architectural changes as and when AWS updates are announced. While all architectural changes are made, AWS Cloud Security best practices and audits need to be relooked too from time to time.

Tightly Integrated AWS Cloud Security Platform Just a Click Away

As a CISO, you must question your old practices and relook at them whether it’s relevant in the present day. Here’re the excerpts from a think tank session highlighting the five reasons why you should question your old practices.

The Rise of Anything as a Service (XaaS): The New Hulk of Cloud Computing

The ‘Cloud-driven aaS’ era is clearly upon us. Besides the typical SaaS, IaaS, and PaaS offerings discussed, there are other ‘As-a-Service(aaS)’ offerings too. For instance, Database-as-a-service, Storage-as-a-Service, Windows-as-a-Service, and even Malware-as-a-Service. It is the era of Anything-as-a-Service (XaaS). Read the excerpts from an article by Amarkant Singh, Head of Product, Botmetric, featured on Stratoscale, which share views on XaaS, IaaS, PaaS, and SaaS.

April Wrap-Up: Helping Bring Success to Cloud Management

Rain or shine, Botmetric has always striven to bring success to cloud management. And will continue to do so with DevOps, NoOps, AIOps solutions.

If you have missed rating us, you can do it here now. If you haven’t tried Botmetric, we invite you to sign-up for a 14-day trial. Until the next month, stay tuned with us on Social Media.

Share Data-Rich AWS Cloud Reports Instantly with Your Team Directly From Botmetric

Once Henry Ford said, “Coming together is a beginning. Keeping together is progress. Working together is success.” This adage holds so true to find success while managing AWS cloud. For the reason that: to achieve complete AWS cloud management is not a one person’s responsibility, but is a shared responsibility and more so a teamwork. And for the teamwork to reap benefits, all the team members need complete visibility with pertinent data in the form of AWS cloud reports in hand. To cater to this need Botmetric has introduced ‘Share Reports’ feature that allows a Botmetric user to share important AWS cost, security or Ops automation reports with multiple AWS users for better collaboration.

If you’re a Botmetric user, you can now:

  • Share the data-rich reports directly from any Botmetric products, thus saving time and effort
  • Educate both Botmetric and non-Botmetric user(s) within your team about various aspects of your AWS infrastructure
  • Highlight items that may need action by other teammates

Why Botmetric Built Share Reports

Currently, Botmetric offers more than 40 reports and 30 graphs and charts. These reports, charts and graphs help for better cloud governance. More so, these data-rich reports offer a great culmination of insights and help keep you updated on your AWS infrastructure.

Earlier, Botmetric empowered its users (those added to your Botmetric account) to download all these reports. However, at times, it’s likely you’ll need to send perpetual reports to other colleagues too that may not be part of your Botmetric Account.

Thus, continuing our mission to provide complete visibility and control for AWS users and your AWS infrastructure, Botmetric now allows you to email/share those reports directly to non-Botmetric user(s) too. By doing so, Botmetric empowers every custodian for cloud in your organization responsible for cloud with pertinent data, even if they are not Botmetric users.

More so, the new share functionality enables you to share specific reports across Cost & Governance, Security & Compliance, and Ops & Automation to custodians who are not Botmetric users in your organization and wish to discover knowledge on certain AWS cloud items.

The new share reports can be used across Botmetric platform in two specific ways:

1. Share Historical Reports

Share all the AWS cloud reports present under reports library on the Botmetric console to other custodians in the team.

Share all the AWS Cloud reports for better cloud management

2. Export and Share Charts and Graphs as CSV Reports

If you find any crucial information in any of the reports under Botmetric Cost & Governance, Security & Compliance or Ops & Automation, you can share using the ‘Share icon’ to any other custodian who isn’t Botmetric user(s) but responsible for cloud.

Share AWS cloud reports on Cost, Security, Ops with the team using Botmetric

For example, you would want to share the list of ports open to public to the person in your team who is responsible for perimeter security. You can do this from Audit Reports section of Security & Compliance.

The Bottom Line:

AWS has more than 70 resources and each resource has multiple family types. With so many variance in AWS’ services, you surely need either holistic information or a particular information at some point for analysis. With Botmetric reports and the new sharability feature, you and your team can together manage and optimize your AWS cloud with minimal effort.    

If you are a current Botmetric user, then Team Botmetric invites you to try this feature and share your feedback. If you’re yet to try Botmetric and want to explore this feature, then take up a 14 day trial . If you have any questions on AWS cloud management, just drop in a line below in the comment section or give us a shout out at @BotmetricHQ.

AWS Cloud Security Think Tank: 5 Reasons Why You Should Question Your Old Practices

Agile deployments and scalability seem to be the most dominant trend in public cloud, today; especially on AWS. While you scale your business on cloud, AWS too keeps scaling its services as well as upgrading its technology from time to time, to keep up with the technology disruptions happening across the globe. To that end, your cloud engineers have to constantly adapt to architectural changes as and when updates are announced. While all these architectural changes are made, AWS Cloud Security best practices and audits need to be relooked too from time to time.

As a CISO, have you ever questioned your old practices and relooked at them whether it’s relevant in the present day.

Here are few excerpts from our AWS Cloud Security Think Tank: A collation of deliberations we had recently at Botmetric HQ with our security experts on why anyone on cloud should question their old AWS cloud security best practices.

1. Relooking at Endpoint Security

“Securing the server end is just one part of enterprise cloud security. If there is a leakage at the endpoints, the net result is adverse impact on your cloud infrastructure.  Newer approaches to assert the legitimacy of the endpoint is more important than ever.” — Upaang Saxena, Botmetric LLC.

As most cloud apps provide APIs, the client authentication mechanisms have to be redesigned. Moreover, as the endpoints are now mobile devices, IOT devices, and laptops that might be anywhere in the world, increasingly the endpoint security is moving away from perimeter based security model giving way to Identity based endpoint security model. Hence, newer approaches to assert the legitimacy of the endpoint is more important than ever.

2. Revisiting Policies Usage

“Use managed policies, because with managed policies it easier to manage access across users. ” Jaiprakash Dave, Minjar Cloud Solutions

Earlier, only Identity-based (IAM) inline policies were available. Managed policies came later. So not all old AWS cloud best practices that existed during inline policies era might hold good in the present day. So, it is recommended to use managed policies that is available now. With managed policies you can manage permissions from a central place rather than having it attached directly to users. It also enables to properly categorize policies and reuse them. Updating permissions also becomes easier when a single managed policy is attached to multiple users. Plus, in managed policies you can add up to 10 managed policies to a user, role, or group. The size of each managed policy, however, cannot exceed 5,120 characters.

3. Make Multiple Account Switch Roles

“We encourage our clients to make multiple account switch roles for access controls as per their security needs.” Anoop Khandelwal, Botmetric LLC.  

Earlier, it was not recommended to switch roles for access controls while using VPC. However, now it is recommended to make multiple account switch roles for access controls as per their security needs. Plus, earlier VPCs came with de facto defaults, which was inherently less than ideal from a security perspective. Now, Amazon VPC provides features that you can use to increase and monitor the security for your Virtual Private Cloud (VPC).

4. Redesigning Architecture for New Attack Vectors

DDOS attacks through compromised IOT devices such as Mirai Bot attacks caught the security professionals by surprise. The possibility of the scale of the attack was not predicted by any security analyst. Such new attack vectors will be designed by hackers to penetrate popular and highly sensitive websites and it would be difficult to anticipate all potential attack vectors. So cloud professionals have to revisit their architecture and be ready with better contingency measures in case of such unanticipated attack vectors.

“You (cloud security engineer) need to relook into your architecture now and then and come up with better contingency measures for new age attack vectors like massively distributed denial of service(DDOS). ” Abhinay Dronavally, Botmetric LLC.

5. New API Security Mechanisms

Today, most enterprise applications consume data from external web services and also expose their data. The authentication mechanisms for the APIs cannot be the same as human user authentication, like earlier days. APIs must fit into machine to machine interactions. Focus more on integration API security mechanisms with specialized API security solution.

“As data breaches can happen through API, integration of API security mechanisms are a must.” — Shivanarayana Rayapati, Minjar Cloud Solutions.

Final Thoughts

As the sophistication of the attacks keep increasing, the security solutions too would have to improve their detection methods. Today’s security solutions leverage Artificial Intelligence (AI) algorithms like Random Forest Classification, Deep Learning techniques, etc. to study, organize, and identify the underlying access patterns of various users. A well thought-through  approach is pivotal in securing your AWS cloud. For that matter, any cloud.

Tightly Integrated Cloud Security Platform for AWS Just a Click Away — Get Started!

Botmetric Cloud Explorer: A Handy Topological Relationship View of AWS Resources

Picture this: A cloud engineer is trying hard to map all his AWS resources to have a complete understanding of the infrastructure. He also wants to map how each resources are connected and where they stand today so that he can build stronger governance, auditing, and tracking of resources. All he wishes for is one handy, cumulative relationship view of AWS resources in a topological view. Of course, there is AWS Config service at his disposal, but it does not provide that topological view.

Plus, getting a complete relationship view of AWS resources can be taxing. For the reason that: when on AWS, we tend to create, delete, and manage resources sporadically. No more worries. Botmetric Cloud Explorer Relationship View has your back!

Why Botmetric Cloud Explorer Relationship View?

“Sometimes, it’s good to get a different perspective,” says a famous adage. You don’t get a complete picture of what’s happening when you are cleaving through the complex roads. You get to figure out what you are looking for only when you take a different perspective. Perhaps, a bird’s eye view will help rather than deep diving into complex data. Likewise, when you deep dive into your cloud data, there are chances you will be lost. However, if you get a bird’s eye view of your AWS resources, then it’s nothing like it.

Of course there is AWS Config service at your disposal, but on a long run, a relationship view of all AWS resources will help manage and evaluate these resources with greater accuracy and less effort.

Here, at Botmetric, we always strive to give a complete picture of your AWS cloud infrastructure, not just the tip of the iceberg. That’s why we built Cloud Explorer that provides a handy topology and relationship view of all your AWS cloud resources.

Botmetric Cloud Explorer’s Relationship View gives the topological representation of your complete AWS infrastructure. In a single glance, you can get a complete view of your resources how they are connected to each other.

The primary function of Relationship View is to track the state of different AWS resources like AWS VPCs, AWS Subnets, EC2 Instances, EC2 volumes, Security Groups, EIP, Route Table, Internet Gateway, VPN Gateway, Network Interface, Network ACL, Customer Gateway, and more.

Botmetric Cloud Explorer Relationship View of AWS Resources

 

And, if you’re an organization or an enterprise with a huge number of servers under a VPC, Botmetric Cloud Explorer’s Relationship View will give you a view of which server is connected to which Subnet. Plus, it also gives topological relationship view of each Security Group the instance is associated to.

Also, if there are multiple VPCs on your AWS account, then Relationship View will give you a glance on which subnets belongs to which VPC. By dragging the VPC on to the side of the topological view you can see the complete details on how the resources  are connected with each other under specific VPC.

Relationship View of AWS Resources

There are other highlights of Botmetric Cloud Explorer Relationship View too, like it provides:

  • Ability to find which security groups are not assigned to any resources
  • Visibility on unused security groups and subnets
  • Real-time view on the resources i.e if you make any change in your infrastructure, then that change in data will immediately reflect on the topological view in Botmetric

Apart from giving a relationship view, Botmetric Cloud Explorer Relationship View can be used as a knowledge sharing too. Plus, it can help your entire team to verify the relationship between each AWS resources and check manually. For instance, which subnet belongs to which VPC or which security group is associated to which Instance. This saves a lot of  time!

Above all, to build stronger governance, tracking of resources is pivotal. With Botmetric Cloud Explorer Relationship View, you can easily and quickly identify the resources that are not utilized and thus help govern the resources timely.

How to Access Botmetric’s Cloud Explorer Relationship View?

The Botmetric Cloud Explorer Relationship View can be accessed from Botmetric Ops & Automation product — an intelligent cloud automation console for smarter cloud operations and management. 

One of the prerequisites to access it is to enable AWS Config for the regions you would want to use this feature with few steps. Because, AWS Config provides you with an AWS resource inventory, configuration history, and configuration change notifications. Primarily to enable security and governance. Above all, it takes a snapshot of the state of your AWS resources and how they are wired together, then tracks changes that take place between them. So, any modification, addition, deletion in your AWS infra gets recorded in AWS CloudTrail.

Once up and running, you can have Botmetric Cloud Explorer Relationship View handy.

Conclusion: Topological Relationship View of AWS Resources is Pivotal

As your business scales on the cloud, usage of resources and modification to them scale too. Instead of diving deep into the complex data at the first glance, you must first get a bird’s eye view of the resource usage for better cloud governance. That is what Botmetric Cloud Explorer Relationship View does. Providing a beautiful visualization of your AWS infrastructure. 

If you want to know more about this feature, do drop in a line below, or take a 14-day free trial

The March Roundup @ Botmetric: Easier AWS Cloud Management with NoOps

Spring is here, finally! The blooming fresh buds, the sweet smell of the roses, and the cheerful mood all around. Earth seems to come to life again. Seasons are vital to the transition and evolution of our planet; it also serves the purpose of the evolution of human consciousness too. Likewise, transition and evolution of your AWS Cloud Management consciousness too plays a vital role in improving the lives — primarily productivity — of DevOps and cloud engineers in your organization.

Your AWS Cloud Management efforts carried out by your DevOps engineers and cloud engineers, either in silos or with an integrated approach, needs to be regularly monitored, nurtured, and evolved from time to time. And when we say AWS Cloud Management efforts, we include AWS cost management, AWS governance, AWS cloud security and compliance, AWS cloud operations automation, and DevOps practices.

There are, of course, a variety of AWS services at your disposal to engineer a fully automated, continuous integration and delivery system, and help you be at the bleeding edge of DevOps practices. It is, however, easier said than done.

Right tools at hand are what that matters the most, especially when you are swimming in a tide of several modules. With agile digital transformations catching up quickly in every arena, it’s high time you must ensure that your team’s every AWS Cloud Management effort count to get that optimal ROI and lowered TCO.

To that end, Botmetric has been evolving all its products — Cost & Governance, Security & Compliance, and Ops & Automation, with several NoOps and DevOps features that make life of DevOps engineers and cloud engineers easier.

More so, you get more out of your AWS cloud management than you think. Explore Botmetric.

In March, Botmetric rolled-out four key product features. Here’re the four new feathers in the Botmetric’s cap:

1. Define Your Own AWS Security Best Practices & Audits with Botmetric Custom Audits

What is it about: Building your own company-wide AWS security policies to attain comprehensive security of the cloud.

How will it help:  Audit your infrastructure and enforce certain rules within your team, as per your requirements. You can put the custom rules or audits on auto-pilot — no need to build and run scripts every time through cron/CLI. Above all, you can automate your AWS security best practices checks.

Where can you find this feature on Botmetric: Under Security & Compliance’ Audit Report Console.

Get more details on this feature here.

2. Increase Operational Efficiency by 5X with Botmetric Custom Jobs’ Cloud Ops Automation

What is it about: Writing Python scripts inside Bometric to automate everyday, mundane DevOps tasks.

How will it help: Empowers DevOps engineers and cloud engineers to run desired automation with simple code logic in Python, and then schedule routine cloud tasks for increased operational excellence. Help engineers free up a lot of time.

Where can you find this feature on Botmetric: Under Ops & Automation’ Automation Console.

Get more details on this feature here.

3. Unlock Maximum AWS RDS Cost Savings with Botmetric RDS Cost Analyzer

What is it about: It is an intelligent analyzer that provides complete visibility into RDS spend.

How will it help: Discover unusual trends in your AWS RDS usage and know which component is incurring the significant chunk of the cost. Get a detailed breakup of RDS cost according to AWS instances, instance types, AWS accounts, AWS sub services, and instance engine.

Where can you find this feature on Botmetric: Under Cost & Governance’ Analyze console.

Get more details on this feature here.

4. AWS Reserved Instance Management Made Easy with Botmetric’s Smart RI

What is it about: Automatically modify reservation as soon as there is a modification available without going to AWS console.

How will it help: Reduce the effort involved in modifying the unused RIs. Automate modification of RIs that occur multiple times a day as soon as the unused RIs are found. Saves that much amount of cost that could have been wasted due to unnecessary on-demand usage, along with wasted RIs.

Where can you find this feature on Botmetric: Under Cost & Governance’ RI console.

Get more details on this feature here. You can also read it on AWS Week-in-Review.

Knowledge Sharing @ Botmetric

Continuing our new tradition to provide quick bites and snippets on better AWS cloud management, here are few blogs that we covered in the month of March:

The Road to Perfect AWS Reserved Instance Planning & Management in a Nutshell

98% of Google search on ‘AWS RI benefits’ shows that you can get great discounts and save tremendously compared to on-demand pricing. The fact is, this discounted pricing can be reaped provided you know what RIs are, how to use them, when to buy them, how to optimize them, how to plan them, etc. This blog covers all the details how to perfect your AWS RI planning and management.

DevSecOps: A Game Plan for Continuous Security and Compliance for your Cloud

DevOps makes it possible for the code to deploy and function seamlessly. And where does “security” stand in this Agile, CI/CD environment? You cannot afford to compromise on security and turn your infrastructure vulnerable to hackers, for sure! So, here comes the concept of “DevSecOps” — the practices of DevSecOps. If you’re looking to bring Security Ops into DevOps, then bookmark this blog.

3 Effective DDoS Protection & Security Solutions Apt for Web Application Workloads on AWS

NexusGuard research quoting 83% increase in Distributed Denial of Service (DDoS) attacks in 2Q2016 compared to 1Q2016 indicates that these attacks seems to continue being prevalent even beyond 2017. Despite stringent measures, these attacks have been bringing down web applications and denying service availability to its users with botnets. Without a doubt, DDoS mitigation is pivotal. If you’re a security Ops engineer, then this blog is a must read.

5 Interesting 2017 DevOps Trends You Cannot Miss Reading

In 2017, there is a lot of noise about what will be the future of DevOps. Here is a look at five interesting 2017 DevOps trends  you cannot miss reading and what our thought leaders think.

Don’t Let 2017 Amazon AWS S3 Outage Like Errors Affect You Again

On February 28th, 2017, several companies reported Amazon AWS S3 Cloud Storage Outage. Within minutes, hundreds and thousands of Twitter posts started making rounds across the globe sharing their experiences how their apps went down due to this outage. No technology is perfect. All technologies might fail at some point. The best way forward is to fool-proof your system against such outages in the future, as suggested by Team Botmetric.

To Conclude:

Rain or shine, Botmetric has always striven to improve the lives of DevOps and cloud engineers. And will continue to do so with DevOps, NoOps, AIOps solutions. Get 14-Day Exclusive Botmetric Trial Now.

If you have missed rating us, Botmetric invites you to do it here. Until the next month, stay tuned with us.