Professional Documents
Culture Documents
CyberQ Shield Customer Handbook & FAQ
CyberQ Shield Customer Handbook & FAQ
TABLE OF CONTENTS
» Cloud Challenges
» FAQs
As organizations look to increase their cloud footprint, they are realizing that their IT
staff may be lacking cloud security expertise.
All of these factors are compounded by the lack of visibility into the cloud. Many
enterprises have no idea what type and how many cloud resources are running and
how they are configured. As a result, serious misconfigurations often go undetected
for days, weeks, or even longer, and taking the appropriate measures to secure cloud
services and applications can be a challenge. A majority of successful attacks on cloud
services are due to misconfigurations, and Cloud security, compliance and risk man-
agement solutions can help to mitigate these risks.
CLOUD SECURITY CHALLENGES
The following but not limited are the prevalent challenges across the spectrum of cloud.
Data Breaches
There is no concern more palpable than a data breach. It’s something every
organization is focused on. However, few have the resources and strategies in place to
truly tackle it in a worthy manner. This makes it a critical concern (and something that
has to be dealt with in a proactive and preventative way).
Failure to deal with data properly (through deliberate encryption) opens your business
up to huge compliance risks – not to mention data breach penalties, fines, and serious
violations of customer trust. The onus is on you to protect your customer and
employee data, regardless of what any Service-Level Agreement (SLA) says.
Unsecured APIs
The difficult thing about the cloud is that there are so many different possible entry
points for attacks. So while the surface attack area may be smaller in totality, it’s much
more fragmented. Perhaps this can be seen most clearly when it comes to
micro-service architecture and the increasing trend around serverless functions.
APIs are great, but you have to consider how they impact the larger system. Even if the
cloud is technically safe and sound, intruders can hijack data by hacking into
less-secure APIs. This is problematic! The proper cloud security solutions can help you
carefully vet each application to protect against weak points like these.
Insider Threats
It’s a good business practice to trust your employees. Unfortunately, many businesses
take this trust too far – or fail to vet the driving factors behind their trust on the front
end.
According to research from Intel, insider threats are responsible for an incredible 43 %
of all breaches. Half are intentional and half are accidental.
More specifically, businesses need to think about access management and limiting who
can access what and when. Access to cloud applications and data sources should be
given on an as-required basis. Nobody should have more access than is needed to com-
plete their job-related responsibilities.
SOLUTION BY SHIELD
CyberQ Shield helps in securing multi cloud environments and achieving continuous
compliance with security best practices and compliance requirements. CyberQ Shield
automates identification of misconfigurations, compliance enforcement and
assessments with out-of-the-box frameworks for CIS AWS Foundations Benchmark,
ISO 27001, NIST 800-53, CSA-CCM, AWAF (AWS Well Architected Framework), GCAF
(Google Cloud Architecture Framework) etc.
Despite this model, there remains confusion about the demarcation of responsibility
between cloud providers and their customers. According to a Barracuda Networks
survey of 550 IT decision makers, 64% of respondents claimed that their cloud
provider should protect customer data in the cloud, which is clearly the customer’s
responsibility according to the Shared Responsibility Model.
With modern businesses moving their data into the cloud, this dangerous disconnect
between perception and reality can leave many businesses vulnerable. This is why,
according to Gartner, through 2023 at least 99% of cloud security failures are the
result of human mistakes.
FAQ’s
01 What types of security risks does the CyberQ Shield platform detect?
The solution detects and prioritizes a broad range of cloud security risks,
vulnerabilities, policy violations resulting in malware, identity thefts &
data exfiltration.
The solution can be implemented through Low/No code method via Cloudformation,
Terraform or Cloud Shell. On-boarding takes about 5 minutes.
It requires an IAM role with security audit permission in customer accounts.
03 Does the solution require any changes in the customer cloud account?
08 Is it possible to view the entire cloud asset inventory for a cloud account/
environment to find out which resources are in violation point in time?
Yes, the platform automatically discovers in real time all resources in the connected
cloud environment and programmatically prepares CBOM (cloud bill of material), this
information is available in the inventory section of the dashboard.
Yes, Users can enable/disable a rule (globally - for all connected cloud environments)
&/or create an exception for a rule against one or many resources as per the
requirement.
The solution supports Amazon Web Services (AWS), Google Cloud Platform*,
Azure* (*upcoming).
Yes, real time scanning can be enabled for one or all cloud environments which
are connected to the platform.
12 Is it possible to configure the frequency of the autonomous scanning
feature of CyberQ Shield?
Yes, frequency of autonomous scans can be set as per the requirement, the minimum
frequency is 1 hour.
Yes, the platform performs vulnerability scanning for Host, Containers & Serverless
functions.
Yes, the platform can assess thousands of users & service identities and check per-
missions & policies in real time and based on machine learning techniques automati-
cally suggest least privilege access for users & service identities.
Yes, 5 unique Environment tags can be created for each cloud environment which
helps in risk prioritization and remediation.
Yes, tagging crown jewels is possible via the console, users can tag critical tags for
determining context-based risk at resource & environment level
» Security Audit
» AWSElasticBeanstalkReadOnly
» AmazonDynamoDBReadOnlyAccess
» AmazonSNSReadOnlyAccess
» AmazonEMRReadOnlyAccessPolicy_v2
» AWSElasticMapReduceReadOnlyAccess
» AWSElasticFileSystemReadOnlyAccess
18 Does the platform allow Auto Remediation of vulnerabilities?
Yes, 5 unique tags can be created for each cloud environment which helps in risk
prioritization and remediation.
» To fix misconfigurations:
Remediation steps for each and every security policy and auto-remediation for
a subset of the most critical security policies can be applied. Remediations with
audit and links to references along with historical analytics and reporting is made
available.
Shield collects only Resource Configuration metadata from the client's cloud -
nothing more or less.
1. AWAF 7. PCI_DSS_v3.2.1
2. NIST_80053_Rev4 8. GDPR
3. NIST_80053_Rev5 9. SOC2_Type II
4. ISO_27001_2013 10. POPI
5. CSA_CCM_V3 11. HIPAA
6. CCM_v4.0.5 12. AWS_CIS_v1.3.0
Yes, each customer can be added as a tenant for management purposes and switch-
ing of customer dashboard is possible through a single login.
Rules can be disabled for all environments or at a granular level an exception for a rule
can be created for a specific resource name/ID/type &/or environments.
28 Which stakeholders within my organisation will benefit from
using CyberQ Shield?
CyberQ Shield platform’s deep visibility into security and compliance risk coupled
with robust integration with workflow processes enables enterprises to deliver
value across multiple operational teams:
» CISOs
CyberQ Shield’s agentless assessment enables CISOs to optimize their security
budgets, increase their ROI, and reduce operational overhead for improved
efficiency. In addition, CyberQ Shield’s complete cloud coverage and holistic
approach to alert prioritization help ensure security teams improve their overall
cloud security posture.
» Security practitioners
CyberQ Shield’s agentless platform allows security practitioners to instantly
deploy cloud security and compliance without having to rely on DevOps to install
agents, avoiding gaps in coverage and reducing organisational friction. In addition,
CyberQ Shield significantly relieves security alert fatigue and burnout by
effectively prioritising risks based on their accessibility and potential business
impact, rather than just on their severity. This allows security teams to focus on
the 1% of truly critical alerts that need immediate attention and prevents
important alerts from being missed.
» DevOps
CyberQ Shield provides DevOps with continuous monitoring and 100% security
visibility into cloud assets as they test, deploy, and operationalize cloud
workloads. Without the burden of installing agents, DevOps can remain agile
while knowing that any new assets are covered automatically. CyberQ Shield
supports DevOps with an API-first strategy to fully integrate with CI/CD
development processes. CyberQ Shield also provides several off-the-shelf
integrations to fit CyberQ Shield into your existing workflow/pipeline, including
notification systems such as email, Slack, OpsGenie, and PagerDuty and ticketing
systems such as Jira and ServiceNow.
02 How many accounts or projects etc clients have on AWS or GCP or Azure?
03 Which and how many services of cloud service provider are consumed by the
client? For example EC2, API gateway , VPC, S3, Cloudformation, KMS , Glue,
Sagemaker, ACM etc
04 How many resources are configured approximately on all cloud service provider
accounts? Example of resources are EC2s, S3 buckets, Cloudformation stacks,
KMS keys, ACM certificates, API gateways
05 How many and which cloud provider regions are utilized for resources as config-
ured in all cloud accounts? For example us-east-2, us-east-1, ap-south-1,
us-west-1, ap-northeast-1, ap-northeast-2, ap-southeast-1, ap-southeast-2,
ca-central-1, eu-central-1, eu-north-1, eu-west-1, eu-west-2, eu-west-3,
sa-east-1, us-west-2, ap-northeast-3 etc
06 Which of the cloud accounts are utilized for production, QA, HF and Dev
environments?
07 Is the customer using cloud native tagging to identify production and crown
jewel resources/accounts?
08 Does the devops or cloud infrastructure team have access to cloud console access
or only CLI access is provided to the respective teams?
09 What compliance / frameworks are applicable / followed ? e.g. PCI DSS v 3.2.1,
NIST CSF, AWAF, GDPR etc
11 What terminologies cloud and security team internally leverages to identify risks
in the cloud?
12 Are you undergoing any compliance certification or planning to do the same? E.g.
ISO 27001 or SoC 2 Type II etc
13 How are you managing misconfigurations and vulnerabilities in the cloud
currently?
14 How many team members manage cloud security currently and any of them are
shared resources?
15 Have you deployed SSM agents in AWS cloud accounts on the resources?
18 Are you using any third party tool to inventorize cloud bills of materials, if yes,
please share the name?
20 Are you aware about cloud bills of material which are publicly accessible?
22 How many users will use the CyberQ Shield solution in the organization?
ABOUT SECLOGIC
SecLogic provides cloud security & cyber risk management solutions to aid any
organization’s journey towards achieving a secure digital landscape. We
automatically analyze an organization’s risk exposure across thousands of
unique data points, using trusted qualitative and quantitative risk assessment
methodologies, providing holistic risk insights across the threat landscape.
» CyberQ Shield
Next Generation Cloud Security Platform
» CyberQ ORO
Next Generation Organisation Risk Orchestration
https://seclogic.io/
connect@seclogic.io
SecLogic INC