Talking about Security Automation: SecurityAutomata, CloudPassage and CloudInspect

Something that’s on our mind a lot is data security. Whenever a new product or solution comes out, what we’ll always look at is the level of security involved. Typically, if something is outside your firewall, it’s out of your control. What happens to the data then? This article takes a look at three available resources around security automation: SecurityAutomata, CloudPassage and CloudInspect.

SecurityAutomata

Launched in June 2011, SecurityAutomata is a wiki resource designed to facilitate information sharing between consumers, service and technology solution providers. It offers a meeting place for stakeholders to discuss automation and programmability of security in physical, virtual and cloud environments. The motivation behind this project is to increase visibility into security automation.

Scope of SecurityAutomata

Currently, the wiki involves the following broad categories:

• Automation/Scripting
• Brokers/Services/Management Frameworks
• Auditing/Compliance
• Blogs/Wikis/Videos
• Commercial Security Technology Products/Solutions
• General Purpose Automation Tools
• Open Source Technology Products/Solutions

Why SecurityAutomata?

The SecurityAutomata project responds to a number of concerns that a sense of automation is necessary for sound security strategies. While there are a number of efforts that are dedicated to publicizing this need and the industry’s response, there is still a long way to go.

Currently, it is cloud and virtualization platform providers that are heading up this change, as many of their stacks require automation to function.

According to security expert Chris Hoff, there are a number of ways to ensure excellent automated security:

1. Design for scale and re-define deployment scenarios
2. Traffic steering/service insertion/context – in both physical and virtual environments
3. Standardize on common telemetry and consistent policy across platforms
4. Increase intelligence shared between infra- and applistructure
5. Leverage guest-based footprint (IaaS)
6. Leverage hypervisor and platform APIs

CloudPassage

Earlier this year, a new startup called CloudPassage announced its automated cloud-based security IT. CEO Carson Sweet called it the industry’s “first and only server and compliance products that specifically provide multiple-level security for elastic cloud servers.”

The products, known as Halo SVM (Server Vulnerability Management) and Halo Firewall are designed to provide data-center managers with automated, highly accurate server exposure assessment, configuration-compliance monitoring and network-access control. These represent the three most crucial practices in server security in both public and hybrid clouds.

Interestingly enough, CloudPassage’s offerings follow the open-source product-introduction model. The company is giving away a free version to begin with, and then offering customers the option to pay for premium services as required.

CloudInspect

Core CloudInspect, created by Core Security is another automated cloud security testing solution that provides security information on AWS instances. It enables users to do the following:

• Verify security of AWS deployments against real, current attack techniques
• Identify and validate critical OS and service vulnerabilities without false positives
• Measure susceptibility to SQL injection, cross-site scripting and other web application attacks
• Validate security controls required by PCI, HIPAA and other compliance requirements
• Obtain actionable information necessary for patches and code fixes
• Certify systems before they go live
• Regular testing to ensure security posture

What are the deliverables?

CloudInspect is an automated process that allows users to quickly initiate security tests. It then returns with a number of reports reflecting the state of the security posture and provides any other information to respond to and correct exposures.

CloudInspect delivers:

• Host Report – Offers details specific to machine instances tested and exploited.
• Vulnerabilities Report – Gives details on exploitable OS and service vulnerabilities. Links to patches and other resources.
• Web Application Vulnerability Report – Describes potential ways of exploiting applications through SQL injection, cross-site scripting, remote file inclusion, etc. Also provides information for code fixes.
• Web Application Executive Report – Summarizes information on vulnerable web pages and how they might be exploited by attackers.

Summary

This article takes a look at the services and resources available for automating security in cloud environments. Ensuring ongoing cloud security entails that you equip each instance with the appropriate security controls, as well as regular assessment for their ability to withstand data breach threats. This article looks at three resources: SecurityAutomata, CloudPassage and CloudInspect.

CCSK Exam Preparation

In preparation for the Certificate of Cloud Security Knowledge (CCSK), a security professional should be comfortable with topics related to this post, including:

• Cloud Security Reference Model (Domain 1)
• Enterprise and Information Risk Management (Domain 2)
• Key Management Best Practices (Domain 11)