Security is the foundation of TrackIt’s AWS professional service practice. TrackIt’s security services are designed around AWS best practices as outlined in the Well-Architected Framework, and CIS Cloud Security Benchmarks.
TrackIt’s security offering includes two core components:
TrackIt’s security offerings are designed to provide a holistic approach to your AWS security needs. Our security assessments and penetration tests work together to fortify your cloud infrastructure, making it resilient against threats while enabling you to leverage the full potential of AWS’s capabilities.
TrackIt’s AWS Security Assessment
Compare your existing AWS environment against the benchmarks set by the AWS Well-Architected Framework and CIS Cloud Security Benchmarks.
Our team of cloud experts will analyze your AWS configurations, applications, and data controls, identifying vulnerabilities, areas for improvement, and strategies to enhance your security posture.
TrackIt will deliver a remediation report highlighting areas of strength and weakness, plus recommendations for a more secure AWS cloud.
AWS SECURITY ASSESSMENT
TrackIt’s Security Assessment includes the following reviews:
- AWS Account Structure: Ensuring secure and well-organized account architecture for effective access control and risk mitigation.
- Service Control Policies (SCP): Reviewing and assessing your organization’s permissions and guardrails at the account, organizational unit, and organization level.
- Central Control Configurations: Enforcing effective implementation of security controls and configurations for a centralized and robust security posture.
- AWS Tools: Reviewing current AWS tools and identifying opportunities to increase automation and improve efficiency.
- IAM: Assessing your identity and access management posture including single sign-on (SSO), multi-factor authentication (MFA), external identity federation, credential rotation policies, and password policies to strengthen security controls and ensure robust access management practices.
- Detective Controls: Enhancing security incident detection and response through effective integration of services such as AWS CloudTrail, AWS Config, and GuardDuty for comprehensive logging, monitoring, and threat intelligence.
- Network and Application Security: Conducting a thorough assessment of network and application security measures, encompassing security groups, NACLs, network firewalls, private links, service endpoints, VPN, web application firewall (WAF), and DDoS mitigation tools,to ensure effective protection against threats and vulnerabilities.
- Monitoring and Log Management: Evaluating your organization’s monitoring and log management processes including CloudWatch log configuration, AWS ElasticSearch, CloudWatch log metric filter, and analysis of S3 logs using GuardDuty and Macie for proactive threat detection and effective incident response.
- Encryption Policies: Reviewing encryption policies including encryption of S3 buckets, EBS volumes, RDS database, Elasticsearch/OpenSearch, and AWS Certificate Manager to protect data at rest and in transit.
- Security Incident Response Plan: Evaluating your organization’s security incident response plan covering documentation, processes, roles and responsibilities, incident escalation procedures, and coordination with stakeholders to ensure a resilient and well-coordinated response to security events.
- Application Architecture: Conducting a thorough analysis of architectural design, deployment patterns, resource configurations, and integration of security services within the application stack to optimize application architecture in alignment with AWS security best practices.
- Prowler and Cloudsplaining: Performing a comprehensive Prowler (v3 with configuration) scan and review coupled with a cloudsplaining scan and review to identify security vulnerabilities, misconfigurations, and potential privilege escalation risks within your AWS environment.
TrackIt Security Assessments are typically conducted over three weeks.The assessment will include periodic discussions with your team to understand objectives and review policies and procedures.
DELIVERABLES
- A detailed overview of your current AWS security posture
- Recommendations based on AWS best practices
- A detailed list of current risk factors rated based on priority with recommended remediation efforts
- A list of additional tools that may improve your AWS security and efficiency
Penetration Testing
Recognize and fix security vulnerabilities in your networks and applications.Penetration tests conducted by TrackIt follow the Penetration Testing Execution Standard (PTES) Technical Guidelines, ensuring adherence to best-practices throughout the testing process. Our penetration testing methodology aligns with AWS’s policies and utilizes the latest ethical hacking techniques.
A Pen Test conducted by TrackIt is composed of four phases: Discovery, Vulnerability Analysis, Vulnerability Exploitation, and Security Reporting.
During the discovery phase, a TrackIt security engineer will gather useful information for the Penetration Test. We will speak with relevant company team members to gather information and understand project goals. Steps in the Discovery phase include:
- Intelligence gathering including employees, internet footprint, email addresses, social networks, chat rooms, mailing lists, domain names, and external footprint
- Foot scanning including DNS, instances, ports, services, SNMP sweeps, ping sweeps, and packet sniffing
During the Vulnerability Analysis phase, TrackIt’s security expert will perform passive and active scanning to find potential security threats.
Steps taken include:
- Passive / Active scanning
- Traffic monitoring
- Public research
- Vulnerability validation
- Identification of patch level vulnerabilities
- Identification of weak web applications
- Identification of weak ports and services
- Cracking passwords
In the Vulnerability Exploitation phase, TrackIt’s security expert will try to exploit found vulnerabilities from the Vulnerability Analysis. This will be done using tools, custom scripts, and existing exploits. Testers will always ask permission before exploiting vulnerabilities that could lead to denial of service or impact users’ experience. Steps taken include:
- Countermeasure bypass
- Fuzzing
- Brute-force attacks
- DNS requests
- Data exfiltration
TrackIt’s security expert will outline:
- Found vulnerabilities into a security report
- Calculating CVSS scores
- Description of each vulnerability
- Recommended remediation steps
Did You Know?
Cloud security isn’t solely the responsibility of AWS. This is clearly outlined in AWS’s shared responsibility model. The model delineates the “Security OF the Cloud” as the responsibility of AWS. This means that AWS is accountable for ensuring the security of the underlying infrastructure, including hardware, software, networking, and facilities.
“Security IN the Cloud” is your responsibility. Customers are responsible for maintaining secure AWS configurations, securing data (both in transit and at rest) and implementing robust identity and access management controls. Understanding the shared responsibility model is a critical aspect of maintaining a secure and compliant AWS environment.
TrackIt’s security services will manage your “Security IN the Cloud” responsibilities. We will ensure your cloud infrastructure is properly secured based on industry best practices.
