As 2020 draws to a close, we are pleased to announce our last major release of the year, 20.7. We think of each release as an opportunity to give back to our community of customers, and 20.7 is no different. While this year has been difficult for everyone, we were inspired by many of our customers’ continued commitment to cloud security and the DivvyCloud by Rapid7 product. This well rounded release includes a new Microsoft Azure Security Pack, expanded support for Azure resources, added AWS support, and several enhancements applicable to all clouds.
Azure Security Pack
The new Azure Security Pack is a collection of DivvyCloud by Rapid7 Insights focused on security and compliance best practices for Azure Cloud. We have modeled this new pack to align with Azure Security Center (ASC) recommendations, which form the foundation of several features and services within Azure, including Azure Advisor, ASC Secure Score, and ASC Regulatory Compliance. Our Azure Security Pack works natively to evaluate and identify configuration problems with Azure resources and services, but it does not require you to use the ASC service to achieve these checks.
This is the first edition of this new Compliance Pack and includes 38 Insights covering 45 ASC recommendations. Specifically, it includes checks around issues like:
- Only secure connections to your Redis cache should be enabled.
- System updates on virtual machine scale sets should be installed.
- Deprecated accounts should be removed from subscriptions.
- Authorized IP ranges should be defined on Kubernetes Services.
Be on the lookout for updates (more Filters and Insights!) to this Compliance Pack in subsequent releases.
Expanded Support for Azure
In addition to the Azure Security Pack, we’ve added support for several Azure resources, including:
- Added visibility, tag, and delete lifecycle support for Azure Application Gateway
- Added the new resource Azure Firewall, Azure’s managed, cloud-based network security service to protect network resources.
- Added support for Azure Firewall Rule and Azure Firewall Rule Collection.
Expanded Support for AWS
As part of 20.7, we’ve included features and enhancements for AWS. Some noteworthy changes include:
- Added visibility, tag, and delete lifecycle capability for AWS Lightsail instances, relational databases, disks, and load balancers.
- Added direct linking support for the new AWS Lightsail resource.
- Added visibility, tag, and delete lifecycle support for Route 53 Resolver logging configurations.
- Added a new filter, SSL Certificate Uses Unknown/Missing Validation Record, to identify AWS ACM certificates that use DNS validation and have an unknown/missing DNS record.
- Enhanced the filter, Volume Type, to add support for filtering the new gp3/io2 EBS volume types that were announced by AWS.
- Improved AWS NotificationTopic harvesting inefficiencies in lookups for linked subscriptions.
Expanded Support for All Clouds
As with all of our releases, we focus on making improvements to support all clouds. The enhancements that are generic to all clouds in Release 20.7 include:
- The ability to select between filtering at the source or destination level in the Access List Rule Source/Destination Network filter (previously named the Access List Rule Source Network filter).
- Compliance Scorecard improvements, like improved sorting for exports and inclusion of Insight notes within a new tab of the export, sorted alphabetically by Insight type.
- The addition of Entitlement for Data Collections through which admins are able to delegate access to data collections to basic users. Depending upon the access granted, basic users will be able to read, create, edit, and/or delete data collections and data collection elements.
- The addition of a new filter, Cloud Provider Name In/Not In List, which permits searching for resources based on their cloud provider name. This search is similar to the existing Resource Name Regular Expression filter. Because it doesn’t use regular expressions, it is less flexible but a bit faster.
- The Insight CSV export now includes the fields for a description and the author of an Insight and also maps the severity to the human readable label.
For a complete list of items in this release, please refer to the official 20.7 Release Notes.
DivvyCloud by Rapid7 protects your cloud and container environments from misconfigurations, policy violations, threats, and IAM challenges. With automated, real-time remediation, DivvyCloud by Rapid7 customers achieve continuous security and compliance, and can fully realize the benefits of cloud and container technology.
*** This is a Security Bloggers Network syndicated blog from DivvyCloud authored by Jamie Gale. Read the original post at: https://divvycloud.com/feature-release-20-7/?utm_source=rss&utm_medium=rss&utm_campaign=feature-release-20-7