Cloud & API Security

• CyTech AQUILA - Cloud Security Posture Management (CSPM)

CyTech AQUILA - Cloud Security Posture Management (CSPM)

Overview:

CSPM helps secure your cloud infrastructure by discovering and evaluating cloud services (e.g., storage, compute, IAM) against CIS benchmarks to identify and remediate configuration risks that may affect data confidentiality, integrity, and availability.

Key Features:

• Cloud Provider Support: Compatible with AWS, GCP, and Microsoft Azure.

• Evaluation Frequency: Resources are evaluated every 24 hours using read-only credentials.

• Findings & Dashboards:

  • High-level insights in the Cloud Security Posture dashboard.

  • Detailed findings available on the Findings page.

Pre-requisites

1. Access to CyTech - AQUILA

   • Only users assigned the "Owner" or "Admin" role can access the Log Collector installation resources within the platform.

To navigate to CSPM Module please follow the instructions below:

Step 3: Choose Cloud Security Posture Management (CSPM).

Step 4: Hover into leftmost panel to view all the CSPM sections.

Here in the CSPM Dashboard you can view all the evaluations. Such as Account Evaluated, Compliance Score, Compliance by Center in Internet Security (CIS), Findings and Posture Trends.

1. Account Evaluated: 
   • This refers to the specific cloud accounts that have been assessed for security compliance. An "account" in this context typically represents a collection of cloud resources under a single administrative domain within a cloud service provider (e.g., an AWS account, an Azure subscription). Evaluating an account involves checking its resources and configurations against security benchmarks.

     
     

     
     
2. Compliance Score:
   • The compliance score is a metric that indicates how well a cloud account or resource adheres to predefined security benchmarks, such as those set by the Center for Internet Security (CIS). It is usually expressed as a percentage, with a higher score indicating better compliance. This score helps organizations quickly assess their security posture and identify areas needing improvement.
     

     
     
     

3. Compliance by Center for Internet Security (CIS):

   • This refers to the evaluation of cloud resources against the security guidelines and best practices defined by the CIS benchmarks. These benchmarks provide a set of controls and recommendations to secure cloud environments. Compliance by CIS helps organizations ensure their configurations align with industry standards for security.
     

     
     
     

4. Findings:
   • Findings are the results of the security assessments conducted by the CSPM module. They detail specific issues or misconfigurations identified during the evaluation process. Each finding typically includes information about the affected resource, the nature of the issue, its severity, and recommended remediation steps.
     

     
     
     

5. Posture Trends:
   • Posture trends refer to the analysis of changes in security posture over time. This involves tracking improvements or regressions in compliance scores and findings. Understanding posture trends helps organizations identify patterns, measure the effectiveness of their security initiatives, and make informed decisions about future security strategies.
     

     

6. Recent Findings:
   
   • In this section, a list of recent findings can be found below with their details. Such as Result, Resource ID, Rule Name, Cis Section, and Last Checked. 

     

In the Findings Dashboard - it shows you all the detailed misconfigurations evaluated by our CSPM Module. Here you view the Result, Resource ID, Resource Name, Resource Type, Rule Number, Rule Name, CIS Section, Last Checked and Cloud.

Misconfigurations

• This section gives an overview of all misconfiguration findings detected from cloud integrations across AWS, GCP, and Azure.
  • Overall Resolve Findings
    • Displays the percentage of resolved vs. unresolved misconfigurations. It includes a progress bar and a warning message urging users to follow remediation steps to maintain cloud security.

Findings Tab

• All Results Tab
• Lists all misconfiguration findings from all cloud providers in one consolidated view.
• Amazon AWS Tab
• Filters the findings to only show results from Amazon Web Services (AWS).
• Google Cloud Platform Tab
• Shows findings that pertain exclusively to GCP (Google Cloud Platform) assets.
• Azure Tab
• Filters results to display only Azure-related misconfiguration findings.

---

Lists of Findings

• Search & Filter Function

  • Search Bar: Quickly locate specific misconfiguration results by keyword.

  • Filter Button: Apply advanced filters (e.g., cloud type, severity, category) to narrow down the displayed results.

• Result: The result indicates the outcome of a security assessment for a specific rule or check. It typically shows whether the resource passed or failed the evaluation based on compliance with the security benchmark.
• Resource ID: This is a unique identifier assigned to a specific cloud resource within an account. The Resource ID helps in precisely identifying and referencing the resource in security assessments and reports.
• Resource Name: The resource name is the human-readable name assigned to a cloud resource. It helps users easily identify and manage resources within their cloud environment.
• Resource Type: This refers to the category or kind of cloud resource being evaluated, such as a virtual machine, storage bucket, database instance, etc. Understanding the resource type is crucial for applying the correct security checks and benchmarks.
• Rule Number: The rule number is a unique identifier for a specific security rule or check within a benchmark. It helps users quickly reference and locate the rule in documentation or reports.
• Rule Name: The rule name provides a descriptive title for a security rule or check. It summarizes the purpose or focuses of the rule, such as "Ensure encryption is enabled for storage buckets."
• CIS Section: CIS Sections refer to categories of security best practices defined by the Center for Internet Security (CIS) benchmarks. These sections group related security controls and guidelines that help ensure cloud resources are configured securely.
• Last Checked: This indicates the most recent time when a particular resource or configuration was assessed for compliance with security benchmarks. It helps users understand how up to date the security posture information is.
• Cloud: In CSPM, "Cloud" refers to the specific cloud service provider or environment being assessed. This could include platforms like AWS, Azure, or Google Cloud. The CSPM module evaluates resources within these cloud environments against security benchmarks. 

---

By clicking each of the misconfigurations , it will show you all the details such as Evidence, Remediation and Rule Info.

Note: The  icon is only clickable on failed results, pressing on a successful result does not open a pop up window.

In the evidence tab, it will give you the details of information that supports the misconfiguration.

Remediation tab shows all the needed instructions to resolve the misconfigurations, and you can also "Add a Task" function.

Rule info tab shows the full details such as Description, Rationale, and References.

Task Management Section- Displays all tasks created to mitigate identified vulnerabilities from cloud security findings.

• Search & Filter Function

  • Search Bar: Allows quick lookup of specific tasks by keyword.

  • Filter Button: Opens advanced filtering options (e.g., severity, assignee, status).

---

• Task Table
• Displays task details including:

  • ID: Unique identifier for each task

  • Task Name

  • Relation: Link to associated misconfiguration or finding

  • Severity: Impact level of the issue

  • Assignee: Person responsible for the task

  • Status: Current progress (e.g., new, in progress, completed)

  • Start/End Date, Created At: Timeline info for tracking progress

  • Actions: Manage or update the task

---

Reports Section 

In this section, users can View and Manage their Test Report.

The user can add new reports by pressing the "+ New Report Button". After providing the title for the report, it will automatically generate a report. 

After setting up the report, the user can access it by pressing the "👁️" emoji. Users can also download it by pressing the download button at the top right of the pop-up window.

Conclusion:

The Cloud Security Posture Management (CSPM) module monitors user-owned cloud applications to detect malicious behavior and identify risks from improper cloud service implementations. By continuously scanning cloud environments and providing real-time threat detection, the module ensures compliance with industry standards, identifies misconfigurations, and delivers actionable remediation guidance. This proactive approach helps organizations maintain a strong security posture, reduce vulnerabilities, and protect sensitive data across their entire cloud infrastructure.

              If you need further assistance, kindly contact our support at support@cytechint.com for prompt assistance and guidance.