MontyCloud Blog

Continuous Cloud Security Posture Management with DAY2 Security Bot

Written by Sri Santhanam | Dec 9, 2020 5:41:00 PM

Security posture management can be challenging due to the dynamic nature of cloud infrastructure. In this blog Sri Santhanam explains how you can continuously monitor, detect, and remediate security issues with the DAY2 Security Bot. All you need to do is connect your AWS cloud account to MontyCloud DAY2. DAY2 automatically discovers, inventories, contextualizes and runs checks against 200+ security policies and AWS best practices. Then, it generates a contextual security posture dashboard. You can go a step further and define remediation rules, so you can autonomously enforce security compliance across cloud accounts and regions.

 – Sabrinath Rao

 
Cloud Security is a challenging shared responsibility

Shared responsibility security model is the primary foundational construct of a cloud security strategy. [Gartner] “However, the challenge exists not in the security of the cloud itself, but in the policies and technologies, for security and control of the technology. In nearly all cases, it is the user, not the cloud provider, who fails to manage the controls used to protect an organization’s data.”. Customer responsibility is also increasingly getting difficult due to:

  1. Dynamic nature of cloud footprint
  2. Lack of security expertise in cross-functional teams
  3. Skill gap in keeping up with multiple AWS services
  4. Maintenance and management of too many tools and configurations
  5. Manual execution at scale [of the cloud] with lack of automated workflows
 
Improve your security posture using DAY2 Security Bot

Using DAY2 Security Bot you can:

  1. Monitor and gain continuous visibility into the security posture of your organization, department, or applications
  2. Use built-in 200+ security policies that helps alignment with NIST CSF, NIST SP 800-53, AICPA TSC and ISO/IEC 27001
  3. Use an extensive catalog of automated operations for single-click remediations to respond and fix security issues
  4. Receive real-time notification and reporting into Slack, Microsoft Teams, Email and PagerDuty
 
Activating DAY2 Security Bot

You will need an active DAY2 account and a connected AWS account. Administrators can activate DAY2 Security Bot via DAY2 Bots management Admin menu.

You can readily use built-in security policies and attach them to business context such as departments, accounts, and regions.

DAY2 recommends using the built-in policies to improve your security posture with Industry Security standards such as NIST CSF, NIST SP 800-53, AICPA TSC and ISO/IEC 27001. With built-in policies you also evaluate against AWS security best practices across 72 AWS services.  You can also customize the policies according to your business needs.

With DAY2 Security Bot, you can configure & receive notifications and alerts based on the severity of the policies, in external systems such as in Slack, Microsoft Teams and PagerDuty.

That’s it! The DAY2 Security Bot will analyze your cloud footprint and provide actionable insights.

 
Continuous Assessment and Reporting

Once activated DAY2 Security Bot ensures continuous security monitoring and surfaces extensive insights.

A centralized view of your cloud footprint’s security posture can be visualized via our Insight’s dashboard. Summary charts and customizable filters such as departments, applications, accounts, regions, and resource types enable users to visualize and focus on the right issues to respond in a timely manner.

An application centric security posture can also be visualized for the resources via our apps insights dashboard.

Customer will start receiving real-time notifications in their existing chatops channels improving cross-functional team collaboration and mean time to response.

 

Automated Response Actions

DAY2 offers an extensive catalog of automated remediation actions with recommended single-click response actions. Customers can also use their own remediation scripts. For example, customers can use their custom script to update inbound rules for security groups with specific CIDR address.

Ability to suppress insights is key for reducing noise and team’s effectiveness to focus on actual issues that applies to their business context. Customers will be able to suppress one or more selected insights using the suppress action in Insights dashboard

Comprehensive security policies management, continuous evaluation and faster response times are crucial for the shared responsibility security model. DAY2 Security Bot with its automated solutions help customers continuously improve their security posture at scale.
 
How can I start using this today?

DAY2 Security Bot is available in MontyCloud’s DAY2 platform today, and to learn more about this feature and about MontyCloud’s intelligent Cloud Management Platform, you can request a demo here to see it in action.