One of the key factors in minimizing cloud security risk and effectively managing your data is effective user of signatures. A signature is an automated validation of best security practices against the resources on your AWS account. It acts as a check and proof point that activity within security controls is bona fide. Multiple alerts may be generated from a single signature if the validation fails across multiple resources, which enables users to rapidly remediate and gain greater control over their environment.
The Evident Security Platform (ESP®) is a cloud-agnostic solution that comes with out-of-the-box signatures that will work within your public cloud infrastructure. To ensure that the configuration of your cloud environment meets the requirements set forth in your security policy, it is often necessary to create customized signatures that will validate those requirements. Just like it sounds, these are signatures that you can create that are attached to specific controls and map to the elements of your cloud infrastructure.
A custom signature is used when the default best practice protocols are insufficient for a specific need. For example, if you wanted to ensure that each of your EC2 instances was tagged with information for your accounting department, you could write a custom signature to do this.
Here’s how the custom signature works: once developed and launched within your ESP account, it provides automated validation against your organization’s defined best practice. An alert is generated when this validation fails and with integrations, it can publish that alert to other third party systems for response and remediation.
For the Evident Security Platform (ESP), we provide a variety of useful and actionable resources so you can easily initiate custom signature development.
- Copyable signatures: We provide copyable signatures that provide users with a solid starting point. These exist within the control panel of ESP, and any signature that is copyable will have a “Copy & Customize” option on it. Easy to implement, these give ESP users a foundation from which they can get comfortable adding signatures as they discover new elements and resources that need validation. While these versions are usable, they are not copies of the actual code running in the backend; they may not behave exactly like built-in signatures, but that’s among the reasons for customizing them.
- Signature repository: We offer a GitHub repository with a growing list of committed custom signatures. These cover all manner of encryption, network, naming, and other types of controls.
- Custom signature tutorial: We also offer documentation that will walk users through the necessary steps to get custom signatures built and deployed. Included is some sample code and comprehensive instructions to equip users with the necessary ingredients.
If you haven’t yet worked with ESP, check it out. Our two-week free trial will give help you see how continuous monitoring and automated alerts can dramatically save you time while also radically improving your overall cloud security posture.
*** This is a Security Bloggers Network syndicated blog from Cloud Sentry Blog authored by Patrick Flanders. Read the original post at: https://cloudsentry.evident.io/esp-custom-signatures-quick-guide/