SBN

The Lightspin Remediation Hub: The Ultimate Centralized Solution for Root Cause Analysis & Remediation at Scale

Remidiation Hub- Widgets (Grouping) (1)

Lightspin’s Remediation Hub centralizes the Lightspin recommended actions and remediations discovered in your cloud environment – an upgrade to our Root Cause Analysis feature which provides the ability to perform remediation at scale. This feature upgrade aims to help you simplify and streamline your ability to easily address and understand the root cause of vulnerabilities in your cloud. 

In most cases, security engineers tackle risks by prioritizing in accordance to severity and remediating risks as rated from critical to low. This is typically a systematic approach that is time intensive and requires a lot of manual curation. Lightspin quickly determines the severity of risks by evaluating the likelihood of and potential impact of threats.  

The Remediation Hub thereby is an efficient method to reduce overall cloud environment risks. The feature identifies the risks with the most impact on the overall account score and provides dynamic remediation to reduce the most risk with minimum actions – 1 action (which solves the core issues) to solve many risks at once.  

Most importantly, the Remediation Hub will:  

  • Identify the risks with the most impact on the overall account risk score. This allows the user to reduce the most risk with minimum actions – with remediation able to solve many issues at once (where relevant).  
  • Cloud Native Application Protection Platforms (CNAPP) offer many solutions, where each one looks from the “asset” point of view. This feature instead, looks from the top at the entire account/tenant and finds the root causes for the tenant’s issues such as vulnerabilities or configuration issues.
  • Provide users the ability to easily apply remediation at scale and take action to improve account health quickly. 

A fresh take in the market 

Lightspin’s Remediation Hub and its root cause analysis is a unique offering for Lightspin as a CNAPP, and unique in the market. This feature is necessary for a CNAPP offering since every account has the potential to hold thousands of risks, and while prioritization helps focus on the most critical issues, it doesn’t identify the root cause for the risk level. 

Lightspin’s Remediation Hub analyzes the following: 

  • Root cause – The root cause of all risks detected in the cloud environment
  • Impact score – The total impact of these root causes on the account’s health score
  • Ready-made Remediation – Generates the proposed remediation to the root cause
  • Workflow – Integrating to ticketing platforms such as Jira/ServiceNow and now also allows assigning tickets to users in Lightspin 

Breakdown of the solution’s features 

Root Cause Distribution 

  • Health Impact – The total impact on the account’s health score, the number of points that will be added to the account’s health score if the root cause is remediated 
  • Related Asset – The root cause asset 
  • Type – The type of the root cause 

Related Risks 

The correlated risks to the root cause, remediating the root cause will remediate all the risks simultaneously.  

Supported Risks Types:
 

  • Attack Paths 
  • Security Findings  
  • Vulnerabilities (CVEs) 

Remediation 

There are different types of remediations; grouping the root causes by remediation types allows the user to correlate the identified health score impact to typical remediations makes it easier to choose the root causes by remediations that are already part of the day-to-day processes in the organization. 

Remediation 

Root Cause Types 

Secure Secrets remediation type recommends how to secure vulnerable secrets (such as passwords, API keys, and certificates). 

 

Insecure Secret Store root cause locates a single secret value found as cleartext on multiple different assets; the secret itself is the root cause for all findings, which can be remediated by securing the single secret. 

 

Secure Template Definition remediation type corrects the code in the single template itself and, thus, fixes multiple security findings caused by the same insecure template. 

 

Insecure Template Definitions root cause discovers a single template (k8s deployment/k8s daemon set/any other template that creates instances) that has security issues in the template itself. Therefore all those issues are propagated to the template’s instances (children), so the template is the same root cause for all issues (findings) and can be remediated by fixing the template. 

 

Right-size IAM remediation type eliminates multiple attack paths by updating the root cause policy/role that gives high permissions to all linked identities rather than each separate identity. 

 

Permissive Identity Object root cause finds a single identity object, such as AWS IAM Policy or GCP Roles, with permissive access permissions and is connected to multiple other identities, such as Users/Groups/Roles, and gives them this permissive access. The policy/role that gives high permissions to all identities is the same root cause for all issues (findings), which can be remediated by updating the policy/ role, rather than each individual identity. 

 

Segregate resource remediation type improves the account health by securing the resource involved in several attack paths.  

 

Resource Overuse root cause points to the same resource being involved in many different attack paths and increasing their risk severity. For example, the same permissive IAM Role is the reason for PE in multiple different attack paths. The role is the same root cause for increased severity in all attack paths and can be remediated by solving the root cause issues with the resource. 

 

Restrict Network Access remediation type restricts the IP address range in the full security group, which is connected to several compute assets that are the main assets in each Attack Path. 

 

Permissive Network Access root cause uncovers a full open security group (0.0.0.0/0), which is connected to several compute assets that are the main assets in Attack Path. This security group is the main root cause that increases all attack paths’ severity as it makes them all Public. The security group is the same root cause for increased severity in all attack paths, which are remediated by restricting network access. 

 

Patch Image remediation type updates a vulnerable image with the latest security patches, remediating findings in which the image is the root cause. 

 

Unpatched Image root cause reveals an image (can be compute Image such as AMI or docker image) that comes with vulnerabilities. Therefore, all compute assets or containers that use the vulnerable Image have all vulnerabilities as well. The vulnerable Image is the same root cause for all issues (vulnerabilities) which can be remediated by updating it with the latest security patches. 

 

Ready-made code

If it exists, the remediation code is added to the root cause.  

Root Cause Table 

The table presents all root causes with their properties, the related asset, findings, and remediation type (as noted above).  

Group By – All Root Causes can be grouped by

  • Account: Focus on a specific account
  • Remediation type: Focus on a specific type or review root causes grouped by remediation type
  • Root cause type: Focus on a specific type or review root causes grouped by root cause type
  • None

Root Cause Details 

By clicking on a root cause, all details can be reviewed. These include: 

  1. Explanation
  2. Root cause graph
  3. Root cause details
  4. Related findings
  5. Remediation 

Details (1)

Remidiation Hub-Risk insight modal (1)

Your one-stop-shop for remediation 

Lightspin’s Remediation Hub provides you with the granular details as well as the visibility and control you need to more effectively understand the risks in your environment and more efficiently remediate them.  

Ready to get more information and see how Lightspin’s prioritization based on graph technology can truly save your organization time and resources?   

Set up a demo today to see the Lightspin difference    

*** This is a Security Bloggers Network syndicated blog from Lightspin Blog authored by Becca Gomby. Read the original post at: https://blog.lightspin.io/the-lightspin-remediation-hub-the-ultimate-centralized-solution-for-root-cause-analysis-remediation-at-scale