Use the Conformity Knowledge Base AI to help improve your Cloud Posture

Users signed in to Conformity from an approved country

Trend Micro Cloud One™ – Conformity is a continuous assurance tool that provides peace of mind for your cloud infrastructure, delivering over 750 automated best practice checks.

Risk Level: Medium (should be achieved)
Rule ID: RTM-006

Cloud Conformity Real-Time Threat Monitoring and Analysis (RTMA) engine detected a Cloud Conformity user authentication session initiated from a non-authorized country.

This rule can help you with the following compliance standards:

  • GDPR
  • APRA
  • MAS
  • AWAF
  • NIST4

For further details on compliance standards supported by Conformity, see here.

Security

An approved country is a well-known region from where the access to your Cloud Conformity account is eligible. A non-approved country is the reverse of an authorized country, from where all Cloud Conformity user authentication requests are evaluated as suspicious or unrecognised.

Cloud Conformity recommends to restrict access to your account from a country where your business is not operating or is known as an abundant source of hacking and cyber attacks.

In order to enable RTMA detection for this conformity rule, you must define the list of approved countries within the rule settings using the Cloud Conformity dashboard. Once the rule is configured and all approved countries are specified, the rule detection becomes active and you will be notified by the RTMA agent for any Cloud Conformity login sessions initiated from a non-approved country.

Important Note:
To adhere to security best practices and benefit from the RTMA detection used by this rule, you need to define first the list of approved countries within the rule settings available on Cloud Conformity dashboard.

Rationale

Monitoring the access to your Cloud Conformity account in real-time is crucial for keeping your account secure. With the Cloud Conformity RTMA logon detection which filters authentication requests made from non-authorized countries you will gain real-time visibility into your account login activity and help you respond fast to any unauthorized access session that represents a threat to your AWS infrastructure.

If the email account used to register with Cloud Conformity gets compromised by a malicious user from a blacklisted (non-authorized) country, the user can gain access to the configuration information (metadata) associated with your Amazon Web Services infrastructure. The attacker cannot obtain direct access to your AWS resources but he/she can gather useful information about your AWS environment and use it to plan elaborate attacks such as phishing attacks, scamming or social engineering attacks on any of the AWS account(s) linked to your Cloud Conformity identity. Other risks involved could be: changing the rule settings, adding his region to the list of approved countries or even disabling the real time monitoring (RTMA) feature.

We highly recommend using Real-Time Threat Monitoring and Analysis (RTMA) for intrusion detection in order to implement geo access restriction for your Cloud Conformity account.

References

Publication date May 24, 2017

Unlock the Remediation Steps


Free 30-day Trial

Automatically audit your configurations with Conformity
and gain access to our cloud security platform.

Confirmity Cloud Platform

No thanks, back to article

You are auditing:

Users signed in to Conformity from an approved country

Risk Level: Medium