Ensuring that all your AWS instances and accounts are secured from misconfigurations, overly permissive access rights, and data leakage can be a massive undertaking. Axonius Cloud Asset Compliance for AWS allows you to quickly understand how each Amazon instance adheres to or deviates from cloud compliance benchmarks.
Get a full view of IAM across all AWS Accounts.
Axonius maps all AWS accounts to the rules in the CIS benchmark related to IAM, such as: avoiding use of the root account, rotating credential and access keys, confirming password strength, and more to make sure accounts and instances are configured securely.
Ensure every activity on AWS instances is logged.
Axonius checks every AWS to ensure that CloudTrail is enabled with log file validation, that the S3 bucket used to store logs is not accessible, and more.
Monitor accounts to check for unauthorized activity.
Implement a log metric filter and alarm for unauthorized API calls, management console sign-in without MFA, usage of the root account, IAM policy changes, CloudTrail config changes, and more.
Verify that sensitive instances aren’t allowing incoming traffic.
Ensure that no security groups allow ingress from 0.0.0.0/0 to port 22 or 3389, making sure the default security group of every VPC restricts all traffic and that routing tables for VPC peering are least access, and more.