PRODUCT HANDBOOK FOR CUSTOMERS

TABLE OF CONTENTS

» Cloud Challenges

» Cloud Security Challenges

» Solution by CyberQ Shield

» FAQs

» Few Profiling Questions for Clients

CLOUD CHALLENGES
The Cloud is Inherently programmable
Cloud infrastructure is driven by cloud applications and APIs, which enable
developers to scale up and spin down large amounts of infrastructure via code.
As easy as it is to make infrastructure changes, it is also just as easy to introduce
misconfigurations.

The Cloud has enabled a “sprawl” of new services and technologies

When concepts such as microservices are combined with new technologies such as
containers, Kubernetes, and serverless Lambda functions, there are many more
resources to manage than just traditional servers, networks, and databases.

The Cloud features fundamentally new technologies that are quite

different from what are found in physical data center environments
For example, IAM permissions enable users to access resources in an account regard-
less of network segmentation. IAM therefore can facilitate a new type of lateral
movement that cannot be detected with traditional security tools.

As organizations look to increase their cloud footprint, they are realizing that their IT
staff may be lacking cloud security expertise.

The size and complexity of enterprise environments make it incredibly

difficult to know what is running where
Typical public cloud infrastructure can contain thousands or tens of thousands of
resources, regions, and accounts. It can be very easy for a developer to create the
wrong resource, be too liberal with permissions, or lose track of where critical cloud
assets are stored.

All of these factors are compounded by the lack of visibility into the cloud. Many
enterprises have no idea what type and how many cloud resources are running and
how they are configured. As a result, serious misconfigurations often go undetected
for days, weeks, or even longer, and taking the appropriate measures to secure cloud
services and applications can be a challenge. A majority of successful attacks on cloud
services are due to misconfigurations, and Cloud security, compliance and risk man-
agement solutions can help to mitigate these risks.
CLOUD SECURITY CHALLENGES
The following but not limited are the prevalent challenges across the spectrum of cloud.

Data Breaches
There is no concern more palpable than a data breach. It’s something every
organization is focused on. However, few have the resources and strategies in place to
truly tackle it in a worthy manner. This makes it a critical concern (and something that
has to be dealt with in a proactive and preventative way).
Failure to deal with data properly (through deliberate encryption) opens your business
up to huge compliance risks – not to mention data breach penalties, fines, and serious
violations of customer trust. The onus is on you to protect your customer and
employee data, regardless of what any Service-Level Agreement (SLA) says.

Compliance with Regulatory Mandates

It’s commonplace for organizations – particularly smaller and mid-size companies
to assume that they’re getting maximum protection simply by working with a cloud
solutions provider. But there’s more to it than meets the eye.
Compliance goes beyond international and federal regulations. There are also
additional industry mandates that must be addressed. Examples include EU data
protection, PCI DSS, FISMA, GLBA, HIPAA, and FERPA – to name a few.
The right cloud security solutions provide the technical capacity to abide by
regulatory mandates, but there has to be regular oversight and granular attention
to detail. Under the responsibility model, the cloud provider offers security of the
cloud, while the end user provides security in the cloud.

Lack of Cloud Security Expertise

According to the Cloud Security Alliance “Cloud Adoption Practices & Priorities
Survey Report,” 34% of companies are currently avoiding the cloud because they
don’t believe their IT and business managers have the knowledge & experience to
handle the demands of cloud computing. This makes it one of the top-four concerns
businesses have in regards to cloud security.
The average enterprise now has between three and four cloud environaments. This
creates added layers of complexity that require technical competence and relevant
experience.
This speaks to a larger trend that we’ll expect to see emerge in the coming months
& years. Rather than just having managerial experience and financial literacy, IT and
business managers will be required to bring technical cloud competency to the table.
This doesn’t mean they’ll have to be cloud experts, but basic understanding and the
ability to lead targeted initiatives becomes integral.
Cloud Migration Issues
Cloud migration is happening in droves, but it has to be handled properly (otherwise, it
exposes the business to unnecessary risk). According to one report, the four biggest
challenges facing businesses are visibility into infrastructure security (43 %), compli-
ance (38 %), setting security policies (35 %), and security failing to keep up with the
pace of change in applications (35 %).
As a result, security professionals and IT pros are feeling overwhelmed by everything
that’s asked of them.
Simpler and more straightforward migration strategies will help businesses manage
this transition flawlessly. Trying to accomplish everything at once is a major mistake.
The migration process should be broken down into stages to reduce the risk of critical
errors that could corrupt data and/or lead to vulnerabilities.

Unsecured APIs
The difficult thing about the cloud is that there are so many different possible entry
points for attacks. So while the surface attack area may be smaller in totality, it’s much
more fragmented. Perhaps this can be seen most clearly when it comes to
micro-service architecture and the increasing trend around serverless functions.

APIs are great, but you have to consider how they impact the larger system. Even if the
cloud is technically safe and sound, intruders can hijack data by hacking into
less-secure APIs. This is problematic! The proper cloud security solutions can help you
carefully vet each application to protect against weak points like these.

Insider Threats
It’s a good business practice to trust your employees. Unfortunately, many businesses
take this trust too far – or fail to vet the driving factors behind their trust on the front
end.
According to research from Intel, insider threats are responsible for an incredible 43 %
of all breaches. Half are intentional and half are accidental.
More specifically, businesses need to think about access management and limiting who
can access what and when. Access to cloud applications and data sources should be
given on an as-required basis. Nobody should have more access than is needed to com-
plete their job-related responsibilities.
SOLUTION BY SHIELD

CyberQ Shield helps in securing multi cloud environments and achieving continuous
compliance with security best practices and compliance requirements. CyberQ Shield
automates identification of misconfigurations, compliance enforcement and
assessments with out-of-the-box frameworks for CIS AWS Foundations Benchmark,
ISO 27001, NIST 800-53, CSA-CCM, AWAF (AWS Well Architected Framework), GCAF
(Google Cloud Architecture Framework) etc.

» 100% agentless deployment - No introduction of network packet or

infrastructure changes
» Single pane of glass for managing multi-cloud* security
» Low/No touch provisioning (cloud account onboarding & security
assessments can be done as DIY)
» Automatically detect and remediate (via opt-in approach) misconfigurations
& exposed assets in the cloud environment
» Security rule sets are based on curated “suite of plugins” derived from CIS,
ISO 27001, NIST 800-53,CSA-CCM, cloud provider best practice etc.
» Security Risk categorization - Network, Data & Identity* Comprehensive
visibility and control of every deployed resource through Inventorization
» Detect & prevent unusual behavior and activities by human and machine
identities by assessing Identity posture in real time
» Streamlines reporting and audits with automated dashboards and reports
» Certified by CIS

1K+ 20K+ 10+

Shield Best Security Security Standards
Practices Checks & Benchmarks

100% 200+ 1k+

Agentless IaaS & Risks across
PaaS Assets Network, Data &
Solution
Identity
Shared Responsibility Model

Customer Responsibility Cloud Service Provider Responsibility

Security is a shared responsibility between the cloud provider—such as Amazon Web

Services (AWS), Microsoft Azure, Google Cloud Platform etc. In "shared responsibility
model," the cloud provider is responsible for “security of the cloud,” which includes all
the infrastructure that runs cloud services. While the major cloud providers go to
great lengths to secure the infrastructure of their environment, it is up to the
customer to secure their use of the cloud services. The customer is responsible for
“security in the cloud."

Despite this model, there remains confusion about the demarcation of responsibility
between cloud providers and their customers. According to a Barracuda Networks
survey of 550 IT decision makers, 64% of respondents claimed that their cloud
provider should protect customer data in the cloud, which is clearly the customer’s
responsibility according to the Shared Responsibility Model.

With modern businesses moving their data into the cloud, this dangerous disconnect
between perception and reality can leave many businesses vulnerable. This is why,
according to Gartner, through 2023 at least 99% of cloud security failures are the
result of human mistakes.
 FAQ’s
01 What types of security risks does the CyberQ Shield platform detect?

The solution detects and prioritizes a broad range of cloud security risks,
vulnerabilities, policy violations resulting in malware, identity thefts &
data exfiltration.

02 How is the solution implemented?

The solution can be implemented through Low/No code method via Cloudformation,
Terraform or Cloud Shell. On-boarding takes about 5 minutes.
It requires an IAM role with security audit permission in customer accounts.

03 Does the solution require any changes in the customer cloud account?

The solution is 100% agent-less. It doesn’t introduce any network packet,

Infrastructure change or Credentials based scanning.

04 Does the platform support CSPM, CIEM, CWPP capabilities?

Yes, the platform supports CSPM, CIEM & CWPP capabilities.

05 What are the advantages of Shield’s agent-less approach vs. agents

and network scanners?
Security solutions that rely on agents or network scanners can be slow to
deploy and have a significant impact on asset performance. Because it is
virtually impossible to deploy agents everywhere, some assets will inevitably
be exposed to security threats. And network scanners require open ports that
may pose a security risk if not configured and maintained correctly.
The CyberQ Shield platform deploys in minutes, rather than days or weeks,
and it has zero impact on asset performance. CyberQ Shield also eliminates
the risk of visibility gaps as it automatically discovers and monitors all assets
across your cloud estate and does not require any updates as new assets are
added.
06 Is it possible to scan and assess a single service (AWS S3) to understand
the security gaps?
Yes, the users (SecOps or DevSecOps) can use the LIVE Scan feature, it runs all
applicable checks against selected services and assesses all resources which are
launched in a cloud environment.

07 Is it possible to scan and assess a single resource (E.g. AWS S3 Bucket)

after all the security gaps/risks identified by CyberQ Shield have been
remediated?
Yes, the Run Scan After Remediation feature available in the Risk & Scan Report
section of the dashboard allows users (SecOps or DevSecOps) to quickly check/de-
bug fixes performed by the user in their respective AWS environment after gaps are
notified by CyberShield.

08 Is it possible to view the entire cloud asset inventory for a cloud account/
environment to find out which resources are in violation point in time?
Yes, the platform automatically discovers in real time all resources in the connected
cloud environment and programmatically prepares CBOM (cloud bill of material), this
information is available in the inventory section of the dashboard.

09 Is it possible to bypass/create exceptions to any SBP rules (Shield Best

Practices checks in-built in the platform) if such rule is not applicable for
my environment or IT security & Compliance practice?

Yes, Users can enable/disable a rule (globally - for all connected cloud environments)
&/or create an exception for a rule against one or many resources as per the
requirement.

10 Which cloud service provider (CSP) platforms does CyberQ Shield

support?

The solution supports Amazon Web Services (AWS), Google Cloud Platform*,
Azure* (*upcoming).

11 Does the platform support real time scanning

Yes, real time scanning can be enabled for one or all cloud environments which
are connected to the platform.
12 Is it possible to configure the frequency of the autonomous scanning
feature of CyberQ Shield?
Yes, frequency of autonomous scans can be set as per the requirement, the minimum
frequency is 1 hour.

13 Does the platform support vulnerability Scanning?

Yes, the platform performs vulnerability scanning for Host, Containers & Serverless
functions.

14 Does the platform Support IAM security?

Yes, the platform can assess thousands of users & service identities and check per-
missions & policies in real time and based on machine learning techniques automati-
cally suggest least privilege access for users & service identities.

15 Does the platform support Environment Tagging?

Yes, 5 unique Environment tags can be created for each cloud environment which
helps in risk prioritization and remediation.

16 Does the platform support Resource Tagging?

Yes, tagging crown jewels is possible via the console, users can tag critical tags for
determining context-based risk at resource & environment level

17 What permissions are needed for scanning?

» Security Audit
» AWSElasticBeanstalkReadOnly
» AmazonDynamoDBReadOnlyAccess
» AmazonSNSReadOnlyAccess
» AmazonEMRReadOnlyAccessPolicy_v2
» AWSElasticMapReduceReadOnlyAccess
» AWSElasticFileSystemReadOnlyAccess
18 Does the platform allow Auto Remediation of vulnerabilities?

Yes, Automated remediation can be enabled through a remediation policy which

can be created by a Admin users by specifying cloud environment, resource type,
resource ID, region, remediation type - One-Click &/or Auto remediation while
creating the policy.

19 Does the platform support Tagging?

Yes, 5 unique tags can be created for each cloud environment which helps in risk
prioritization and remediation.

20 What are the primary use cases for CyberQ Shield ?

» To demonstrate regulatory compliance:

Businesses in heavily regulated industries, such as financial services, healthcare,
and utilities, can benefit from CyberQ Shield’s out-of-the-box and customizable
compliance templates covering CIS AWS foundation benchmark, ISO 27001, NIST
800-53,CSA-CCM and AWAF. There’s no need to recruit human capital as cloud
experts to scan and assess posture of the cloud.

» To fix misconfigurations:
Remediation steps for each and every security policy and auto-remediation for
a subset of the most critical security policies can be applied. Remediations with
audit and links to references along with historical analytics and reporting is made
available.

» To perform security due diligence of the cloud assets:

Organizations undergoing mergers and acquisitions can quickly gain insight into a
target company’s cloud assets and security posture.

» To manage multi-cloud environments:

For enterprises managing multi-cloud deployments, CyberQ Shield consolidates

security and compliance management in a single platform, ensuring consistent
security practices across the multi-cloud estate, while reducing TCO and licensing
costs.
21 Will Scanning impact the performance or availability of my cloud
services?
Though speculated often scanning will not impact performance nor availability of
your cloud services, especially while using CyberQ Shield. The platform’s calls to
cloud resources are minimal and restricted to performing only a few at a time .

22 What type of data does Shield collect from my cloud estate?

Shield collects only Resource Configuration metadata from the client's cloud -
nothing more or less.

23 Which compliances & benchmarks are supported at present?

1. AWAF 7. PCI_DSS_v3.2.1
2. NIST_80053_Rev4 8. GDPR
3. NIST_80053_Rev5 9. SOC2_Type II
4. ISO_27001_2013 10. POPI
5. CSA_CCM_V3 11. HIPAA
6. CCM_v4.0.5 12. AWS_CIS_v1.3.0

24 Can new compliances or benchmarks be requested?

Yes, this is possible.

25 Does the platform allow RBAC for managing multiple customers?

Yes, each customer can be added as a tenant for management purposes and switch-
ing of customer dashboard is possible through a single login.

26 Is it possible to view the entire cloud inventory including the vulnerable

resources?
Yes, the inventory section contains all the information at service, resource level.

27 Can I disable a particular rule which is not applicable?

Rules can be disabled for all environments or at a granular level an exception for a rule
can be created for a specific resource name/ID/type &/or environments.
28 Which stakeholders within my organisation will benefit from
using CyberQ Shield?
CyberQ Shield platform’s deep visibility into security and compliance risk coupled
with robust integration with workflow processes enables enterprises to deliver
value across multiple operational teams:

» CISOs
CyberQ Shield’s agentless assessment enables CISOs to optimize their security
budgets, increase their ROI, and reduce operational overhead for improved
efficiency. In addition, CyberQ Shield’s complete cloud coverage and holistic
approach to alert prioritization help ensure security teams improve their overall
cloud security posture.

» Security practitioners
CyberQ Shield’s agentless platform allows security practitioners to instantly
deploy cloud security and compliance without having to rely on DevOps to install
agents, avoiding gaps in coverage and reducing organisational friction. In addition,
CyberQ Shield significantly relieves security alert fatigue and burnout by
effectively prioritising risks based on their accessibility and potential business
impact, rather than just on their severity. This allows security teams to focus on
the 1% of truly critical alerts that need immediate attention and prevents
important alerts from being missed.

» DevOps
CyberQ Shield provides DevOps with continuous monitoring and 100% security
visibility into cloud assets as they test, deploy, and operationalize cloud
workloads. Without the burden of installing agents, DevOps can remain agile
while knowing that any new assets are covered automatically. CyberQ Shield
supports DevOps with an API-first strategy to fully integrate with CI/CD
development processes. CyberQ Shield also provides several off-the-shelf
integrations to fit CyberQ Shield into your existing workflow/pipeline, including
notification systems such as email, Slack, OpsGenie, and PagerDuty and ticketing
systems such as Jira and ServiceNow.

» Governance, Risk, and Compliance

Governance, Risk, and Compliance (GRC) – CyberQ Shield enables GRC teams to
maintain continuous compliance with a single platform and replace multiple tools
such as vulnerability management, malware scanning, and file integrity
monitoring. CyberQ Shield can run critical checks required to comply with more
than 35 compliance frameworks and benchmarks, including AWS CIS, Windows
CIS, PCI-DSS, HIPAA, GDPR, and SOC 2. GRC teams can modify out-of-the-box
compliance templates or create custom frameworks by choosing the controls that
meet the organization’s unique compliance needs.
Few Profiling Questions
for Clients
To be followed by Sales & Presales
01 Which cloud provider client infrastructure is hosted on ? e.g. AWS, GCP, Azure

02 How many accounts or projects etc clients have on AWS or GCP or Azure?

03 Which and how many services of cloud service provider are consumed by the
client? For example EC2, API gateway , VPC, S3, Cloudformation, KMS , Glue,
Sagemaker, ACM etc

04 How many resources are configured approximately on all cloud service provider
accounts? Example of resources are EC2s, S3 buckets, Cloudformation stacks,
KMS keys, ACM certificates, API gateways

05 How many and which cloud provider regions are utilized for resources as config-
ured in all cloud accounts? For example us-east-2, us-east-1, ap-south-1,
us-west-1, ap-northeast-1, ap-northeast-2, ap-southeast-1, ap-southeast-2,
ca-central-1, eu-central-1, eu-north-1, eu-west-1, eu-west-2, eu-west-3,
sa-east-1, us-west-2, ap-northeast-3 etc

06 Which of the cloud accounts are utilized for production, QA, HF and Dev
environments?

07 Is the customer using cloud native tagging to identify production and crown
jewel resources/accounts?

08 Does the devops or cloud infrastructure team have access to cloud console access
or only CLI access is provided to the respective teams?

09 What compliance / frameworks are applicable / followed ? e.g. PCI DSS v 3.2.1,
NIST CSF, AWAF, GDPR etc

10 Data should reside in which country as per organization policy / regulatory

requirement?

11 What terminologies cloud and security team internally leverages to identify risks
in the cloud?

12 Are you undergoing any compliance certification or planning to do the same? E.g.
ISO 27001 or SoC 2 Type II etc
13 How are you managing misconfigurations and vulnerabilities in the cloud
currently?

14 How many team members manage cloud security currently and any of them are
shared resources?

15 Have you deployed SSM agents in AWS cloud accounts on the resources?

16 On which email ID do we have to create a super admin account for CyberQ

Shield access?

17 Which user has ADMIN access in your cloud accounts?

18 Are you using any third party tool to inventorize cloud bills of materials, if yes,
please share the name?

19 Do you have public S3 Buckets supporting any business applications or web-

sites?

20 Are you aware about cloud bills of material which are publicly accessible?

21 Are you using an AWS organization to manage cloud accounts?

22 How many users will use the CyberQ Shield solution in the organization?
ABOUT SECLOGIC
SecLogic provides cloud security & cyber risk management solutions to aid any
organization’s journey towards achieving a secure digital landscape. We
automatically analyze an organization’s risk exposure across thousands of
unique data points, using trusted qualitative and quantitative risk assessment
methodologies, providing holistic risk insights across the threat landscape.

Our Flagship Products:

» CyberQ Shield
Next Generation Cloud Security Platform

» CyberQ ORO
Next Generation Organisation Risk Orchestration

SecLogic’s ability to tailor solutions across quadrants is strengthened through

delivery of seamless support services built on the customer first foundation.

https://seclogic.io/

connect@seclogic.io

SecLogic INC

HQ: 4th Floor, 90 Canal St, Boston, MA 02114, United States