Cloud Security Auditing by Comparing AWS Config, Prowler, and Scout suite
Home :: Cloud Security Auditing by Comparing AWS Config, Prowler, and Scout suite
Introduction
According to the 2022 Cost of Data Breaches Report, cloud misconfiguration was responsible for 15% of data breaches, with an average cost of $4.14 million per breach (Ponemon Institute, 2022). According to a 2021 report, 48% of organizations intend to migrate. At least half of their applications will be migrated to the cloud within the following twelve months, with 20% planning to migrate all of their applications (Loukides, 2021). This tendency will persist as more organizations adopt hybrid or remote work and continue to shift at least a portion of their on-premises data center or other computing infrastructure into the cloud. Because of this resource transition, appropriately evaluating and internal auditing cloud resources is essential. Migrating resources from on-premises to the cloud is impossible without risk; many companies lack the experienced staff to ensure a properly configured cloud environment and design. The absence of appropriate organizational knowledge, combined with steady new offerings and modifications to current cloud services from cloud service providers, make properly securing an organization from attack more difficult. Misconfigurations can occur, which leads to horrible results.
For instance, Capital One recently suffered a massive data breach of its cloud infrastructure, and during that attack stole the personal information of over 100 million users (Zscaler, 2021). Badly, Capital One was oblivious to the infringement until someone notified them six months after it occurred that their customer information had been compromised (Zscaler, 2021). Relying on this timeline, regular supervision and alerting had yet to be implemented, and their cloud infrastructure contained one or even more misconfigurations.
A correctly implemented auditing tool would have likely discovered these misconfigurations, allowing for proper remediation before a breach occurred. Surprisingly, several tools can detect and recommend best practices for correcting cloud misconfigurations, ensuring that a company’s data is adequately protected. AWS Config, Prowler, and Scout Suite are examples of easily accessible tools.
1.1 AWS Config
AWS Config offers an in-depth examination of the configuration of AWS resources in one AWS account. This contains how the resources are linked to one another and how they were previously configured so that you can observe how the configurations and interactions change over time. An AWS Config is an entity that can work on all AWS resources such as Amazon Elastic Compute Cloud (EC2), Simple Storage Service (S3), an Amazon Elastic Block Storage (EBS) volume, a virtual private cloud, a security group and many more. The main advantage of this tool includes continuous assessment, support for almost every resource in AWS, and continuous monitoring. This tool has many features, including specifying the type of resources that AWS Config should record, setting up an S3 Bucket to store all the configuration history and changes made to the resources, and many more. This tool has many benefits; how difficult is it to configure? How is it complex to configure the required feature correctly in AWS Config?
1.2 ProwlerProwler is an open-source security audit tool to perform scans on AWS and Azure cloud providers. Prowler can provide security best practices like cloud assessments, incident response, continuous monitoring, forensic readiness, and security audits. It also provides faster execution, visualization of the data with dashboards, and personalized support.ย It contains numerous controls covering CIS, ISO27001, FFIEC, SOC2, AWS FTR, and custom security frameworks. This research paper provides Is prowler as accurate as others. How difficult is it to scan AWS Cloud Infrastructure with prowler? How are the results generated?
1.3 Scout suite
Scout Suite is a free and open-source compliance tool for cloud cluster environments, primarily for cloud security. Scout Suite can capture configuration information from highly secured risk areas for manual audit by researchers by using the API exposure by the provider of cloud services. After wrapping up a security audit, Scout Suite can instantly present a concise and comprehensive security risk overview to researchers, eliminating the requirement for researchers to navigate the intricate Web console details. Scout suite can run on multiple cloud service providers, including Amazon Web Services, Microsoft Azure, and Google Cloud. Is it true that the emphasis on multiple cloud environments leads to minimal coverage for each cloud service?ย
2. Test Environment
The test environment was configured with several resources according to the best cloud security practices. This environment is the same for all three tools, and the infrastructure as a service is designed in Amazon Web Services in the us-east-1 region.
The following resources are used for the test environment:
- Root Account to give all the required permissions to design the infrastructure.
- Identity Access Management.
- Roles and users (users are assigned to Research_project role)
- Virtual private cloud (Infrastructure designed in VPC)
- Public and private subnets (for security best practices)
- Load balancer running in the public subnet and configured with security group to allow traffic from all over the world and NAT to access the private subnet.
- EC2 instance running in private cloud configured with security group using AWS best practice.
- Simple Storage Service running in a private subnet configured security group.
- Cloud watch alarm for EC2 instance.
- S3 bucket to store the database and to store the AWS Config output.
The Design of the AWS Infrastructure is as follows: A root account was created, and two users were created (Figure 1). These two users are assigned to a user group (Figure 2). This user group is assigned to the role called Research_project (Figure 3). All the required permissions are given to the Research project.
ย
Figure 1:
Figure 2:
Figure 3:
Figure 4:
A VPC (Virtual Private Cloud) is created, and two private subnets are created in it. Four subnets are created because of the scalability. To create a Loadbalancer, at least two subnets for availability zone are required. A load balancer is created in subnet-public-1 us-east-1, and an EC2 instance is created in private subnet-private-1 us-east-1.