Security Insights is supported for both AWS and Azure. Findings can be made into security insights without deploying Valtix Gateways. Simply add a Cloud account as indicated in the Cloud Provider Setup section of this guide and Valtix will continuously analyze the Cloud accounts and provide near real-time updates of all cloud assets and security findings across severity levels.
To get started, navigate to Discovery -> Inventory to display a Summary view of the findings across Cloud asset types:
- Security Groups
- Route Tables
- Network Interfaces
- Load Balancers
Customers often struggle with the proliferation of security groups. Security groups are often shared amongst resources that could present risk as changes made to a security group intended for a specific resource could impact a larger group.
Security Groups provides a list of all security groups on the filtered account(s) and provides details on the number of resources utilizing the same. The Is Inbound Public and Is Outbound Public fields indicate security group rules configured with 0.0.0.0/0.
In the filter window, select preset filters with selection options to filter the list of security groups with the option to create a rule based on the filtered selection.
Rules provide a view of specific security group rules. In this view, filtering is performed using the selection window. Filters can be used to identify rules based on port information.
Ports provide a port-centric view of the security groups. This is used to quickly identify security groups that are open on a specific port.
Shows a listing of all subnets discovered in Cloud accounts. This view can provide details about subnets that are publicly accessibly through based on whether auto-assign public IP is enabled.
Shows a listing of route tables discovered in Cloud accounts. This view can provide details about whether there are public internet inbound and internet outbound routes.
Shows a listing of network interfaces discovered in Cloud accounts. This view also shows Private and Public IP addresses for any of the network interfaces.
Shows a listing of VPCs and/or VNet's discovered in Cloud accounts.
Shows a listing of Applications indicated by the presence of Cloud Service Provider Application Load Balancers deployed. This view identifies whether a Valtix Gateway and Security Policy is applied to secure the Application. The secured field shows options to move forward with a Create Rules workflow for an application that has not yet been secured.
Shows a listing of Cloud Service provider Load Balancers discovered in the Cloud accounts. This view allows filtering to determine whether an Application front-ended by a Load Balancer has a Cloud Service Provider WAF enabled, or not.
Shows a listing of Instances or VMs with summary information on the number of security groups and interfaces for each Instance or VM.
Shows all Instance and Load Balancer tag key values discovered in Cloud accounts.
Shows Certificates. This is currently only supported for AWS Certificate Manager. This is useful to display all Certificates with associated Issuer, Domain Name and Expiry Date.
Shows a high level map view by Region of Cloud assets in cloud accounts.
Valtix provides a default set of Insight Rules that are used to identify findings in your Cloud accounts. Certain settings of an existing Insight Rule can be modified (e.g., Severity, Action, Category). New Insight Rules can be created by selecting an Inventory category (e.g., Security Groups, Applications, Load Balancers, Tags, etc.), defining a Search Filter criteria, selecting Add Rule and specifying the additional required information. The new Insight Rule will appear in the Insights -> Rules and will operate against the existing and any newly discovered inventory.
Findings is a list of inventory resources that have been determined based on the configured Insight Rules. The Search bar can be used to further filter the inventory list.