• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Cloud   »   Top 10 AWS Security Tips: #9 Conduct Vulnerability Assessments

Top 10 AWS Security Tips: #9 Conduct Vulnerability Assessments

  • Posted on:April 10, 2013
  • Posted in:Cloud
  • Posted by:
    Trend Micro
0

In this series, Mark and I have talked about hardening your AWS resources (both inside and outside of your instances) and preforming ongoing monitoring. The last two tips are around measuring your overall security so that you can understand your risks and measure your progress.

It may be an old adage but it still rings true… You can’t manage what you can’t measure. You may have layer upon layer of defense, but unless you conduct a vulnerability assessment you don’t really know where you stand.

Assess Your IaaS

Conducting a vulnerability assessment includes identifying and prioritizing vulnerabilities in all areas of your system. You start by cataloging the vulnerabilities through a mixtures of tools, services and manual evaluation. Then you move on to prioritizing the vulnerabilities and evaluating ways of mitigating.

Tools and services often take two forms, network scanners or host-based. Within these two forms there are passive and active scanners. Some vulnerabilities can only be detected on the instance or with privileged network access.

If you are running a network scan against your AWS instances, you need to fill out the AWS Vulnerability / Penetration Testing Request Form. This way, AWS knows you will be conducting a scan and your connectivity won’t be disrupted.

Feeling Vulnerable?

Once you know where you stand, its time to work towards improving your security posture. You start with the most serious vulnerabilities and work your way down the list.

Remediation can take many different forms. It may be as simple as closing a port, or turning off a service. In other cases it requires a software patch or a rule from an intrusion prevention system. No matter how you remediate, it is important to verify that remediation is in place and protecting the vulnerability.

The number of unmitigated vulnerabilities in your application makes a great metric to track over time in order to understand if you are continually improving.

 

Stay tuned for the next (and final) tip where we look at another important way to evaluate your security.


Have any tips for how you conduct vulnerability assessments on AWS? Please share them in the comments! And if you’re interested in securing your EC2 or VPC instances, check out our new Deep Security as a Service for cloud servers, currently in free Beta.

Related posts:

  1. Top 10 AWS Security Tips: #10 Penetration Testing
  2. Top 10 AWS Security Tips: #3 Build a Secure Base Amazon Machine Image (AMI)
  3. Top 10 AWS Security Tips: #7 Monitor Your Instances
  4. Top 10 AWS Security Tips: #5 Create Restrictive Firewall Policies

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Fujitsu and Trend Micro Demonstrate Solution To Secure Private 5G
  • Trend Micro Receives 5-Star Rating in 2021 CRN® Partner Program Guide
  • Smart Factory Cyber Attacks Knock Out Production for Days
  • Eliminate Hesitations: Security Simplified For Those Building In The Cloud
  • Nuffield Health Depends on Managed XDR with Trend Micro Vision One
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.