How to Fix Security Misconfigurations Automatically
Mistakes happen, but what happens if someone accidentally introduces a misconfiguration into your public cloud account. Explore the auto-remediation capabilities offered by Trend Micro and unburden your team from manually cleaning up the mess.
Serverless for the win! The wizards at Trend Micro Cloud Conformity have a great repository that you need to know about! We all know, as a cloud engineer, that people can and will make mistakes. So, when someone makes a mistake and introduces a misconfiguration into your public cloud account resources take an automated approach and unburden your team from manually cleaning up the mess.
Let me give an example...
Lets say I am a cloud engineer at your company, and I decide for testing that I want to make a public S3 bucket open to the world. This is a big no no! You can see the steps below that I did to make the public bucket. Please don't do this, it is NOT best practice.
Once I do this, I can monitor in my Trend Micro Cloud Conformity account in real time that this has been done to my underlying AWS account. This can be done in the threat monitoring section on the main dashboard shown below.
However, I don't really want to stare at the console all day tailing events. The beauty of the Trend Micro Cloud Conformity solution is that you can also send alert event data to a number of services such as a subscribed Slack channel. These are shown below. For example, I have email, Slack, and Amazon SNS configured for my account. There are a lot of cool integrations right out of the box.
Now, I have the information provided that this public blunder violates policy, and real time monitoring in place bugging me in Slack shown above. So, where's the auto-remediation? Well, I also have a corresponding function that is at the ready just waiting to fire to auto-correct this blunder. See below.
What sorcery is this? My bucket ACL has been auto-corrected! Well, I'll let you in on a little secret. Here is the public Trend Micro Cloud Conformity GitHub repo of the Lambda functions that you can publish into your AWS account by utilizing the serverless framework. https://github.com/cloudconformity/auto-remediate
If you clone this repo, install the serverless framework (you can follow the instructions here at https://www.serverless.com/framework/docs/providers/aws/guide/installation.) You too can be an auto-remediator! You will need nodeJS installed first as prerequisite. I recommend using Chocolatey if you are a Microsoft Windows customer, or Homebrew if you are on a Mac to do that, and then run the npm serverless package. Once all done, the IDE (Microsoft VS Code) shown below on my system as an example should look like this.
The config.js file is where you can enable and disable which auto-remediation functions that you want to fire. All are documented, in the official GitHub Trend Micro Cloud Conformity repository on which security violation they are designed to fire on. You can then deploy the Lambda functions to your AWS account by using the serverless framework. This will run a Cloud Formation template and corresponding stack and deploy the Lambda functions in your AWS account shown below.
That's it! You are now enabled for auto-remediation my friends! Really cool technology provided from Trend Micro Cloud Conformity. What will they think of next?