Amazon Web Services - Security Risk Identification and Remediation Management
ThreatKey's AWS integration identifies misconfigurations and security risks in your Amazon Web Services environment. It also provides a way to manage and track remediation efforts.
Overview
Strengthen the security of your Amazon Web Services (AWS) environment with ThreatKey's AWS integration. This feature is designed to proactively detect misconfigurations and security risks, providing comprehensive protection for your cloud-based operations. It also comes equipped with a robust mechanism for managing and tracking remediation efforts, ensuring quick and effective resolution of any identified security threats.
Key Features
Security Risk Identification
Utilizing advanced analytics, ThreatKey's AWS integration identifies potential security risks and misconfigurations within your AWS environment. This early detection capability facilitates timely intervention and mitigation, securing your cloud-based operations.
Remediation Management
The AWS integration includes a comprehensive remediation management feature. This tool streamlines the management and tracking of your remediation efforts, leading to swift and efficient resolution of identified security risks.
Reporting and Analytics
Get a deeper understanding of your AWS environment's security posture with detailed reporting and analytics. These insights inform strategic decisions, assist in compliance efforts, and promote continuous improvement in security practices.
Installation and Setup
Setting up the ThreatKey's AWS integration is straightforward. Begin by connecting your AWS account with ThreatKey on the integration page within the ThreatKey platform. Follow the step-by-step setup process to boost the security of your AWS environment.
Connecting
To connect an AWS account, you can either:
- Manually create AWS IAM roles with the appropriate permissions.
- Use the CloudFormation-based connection wizard to setup AWS IAM roles. (Link to CloudFormation template)
Both enrollment flows guide you through the steps to create two AWS IAM roles in your AWS account.
- A read-only role, which is by default called
ThreatKeyAudit. This role is used to evaluate AWS asset details. - A role with the AdministratorAccess policy, which is by default called
ThreatKey. This role is used to set up both the read-only role and CloudTrail event forwarding.
- Sign in to the AWS Management Console:
- Navigate to the AWS Management Console and sign in with your AWS account credentials.
- Install CloudFormation template:
- Navigate to the ThreatKey AWS Source connection page.
- Click "Install Template" which will open the AWS console in a new tab
- Click the checkbox "I acknowledge that AWS CloudFormation might create IAM resources with custom names." then click "Create stack"
- Capture the AWS Role ARN:
- Wait for the stack deployment to reach the completed stage.
- Click outputs and copy the Role ARN
- Enter Role ARN on ThreatKey AWS Source connection page:
- Close the AWS console tab which should bring you back to the AWS Source connection page
- Enter the Role ARN from step 7 in the text box and click "Connect to Amazon Web Services"
- Sign in to the AWS Management Console:
- Navigate to the AWS Management Console and sign in with your AWS account credentials.
-
Access the IAM Dashboard:
- Once logged in, select "Services" from the dropdown and choose IAM under the "Security, Identity, & Compliance" section.
-
Create a new IAM Role:
- On the IAM dashboard, click on Roles from the left pane.
- Click the Create role button.
- Choose Another AWS account under the "Choose the trusted entity type" section.
- For "Account ID", input
742123671053. - In the "Options" section, enable "Require external ID" and provide the UUID that is found on the ThreatKey AWS Source connection page.
- Click Next: Permissions.
-
Attach Policies:
- Search for
AdministratorAccessin the search box. - Select the
AdministratorAccesspolicy from the results. - Proceed by clicking Next: Tags.
- Search for
-
(Optional) Add Tags:
- This step is optional if you don't intend to tag the role.
- If adding tags, provide the necessary key-value pairs.
- Continue by clicking Next: Review.
-
Review and Create Role:
- For "Role name", use the format
ThreatKey-UuidFromAwsSourceConnectionPage(e.g.ThreatKey-FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF). - In "Role description", input
IAM Role used for initial deployment and automatic fixes by ThreatKey. - Review all details to ensure correctness.
- Finalize by clicking Create role.
- For "Role name", use the format
-
Capture the Role ARN:
- Once the role is created, you'll be redirected to the roles list. Locate and select your role.
- The "Role ARN" will be visible on the summary page of the role. Make sure to copy this ARN for any subsequent needs or for sharing purposes.
-
Enter Role ARN on ThreatKey AWS Source connection page:
- Navigate to the ThreatKey AWS Source connection page.
- Click "Skip (Role Already Created)"
- Enter the Role ARN from step 7 in the text box and click "Connect to Amazon Web Services"
Permissions
As of 2021/11/05, the permissions required for the two roles are as follows:
- Read-only role
- Fix/Setup role
Benefits
- Enhanced Security: Proactively identify and rectify potential security risks and misconfigurations in your AWS environment.
- Efficient Remediation: Manage and track remediation efforts effectively, ensuring swift and successful resolution of security issues.
- Informed Decision-Making: Leverage detailed reports and analytics to guide strategic decisions and foster continuous security improvement.
- Streamlined Compliance: Simplify compliance efforts with comprehensive reporting and analytics.
By integrating ThreatKey with your AWS environment, you are taking a significant step towards a more secure, efficient, and resilient cloud infrastructure.
Need help?
Our expert support team is always ready to assist with any issues or questions during the installation and setup process. You can reach them at support@threatkey.com or through our live chat.
Fortify your AWS environment's security posture with ThreatKey's AWS integration today.