AWS Public Sector Blog

Assess your security posture to identify and remediate security gaps susceptible to ransomware

Self-Service Security Assessment with ransomware analysis modulesAs government agencies and public sector organizations modernize their IT and migrate to the AWS Cloud, the ability to gain a full, clear view of the security of their environments is a primary challenge they experience. This lack of visibility leads to blind spots and gaps in their security posture, leaving opportunity for security issues to arise.

At Amazon Web Services (AWS), security is the top priority. To help identify and remediate security gaps caused by account configurations out of line with AWS best practices, AWS has developed a primary set of services customers should use to aid in protecting their accounts. Amazon GuardDuty, AWS Security Hub, AWS Config, and AWS Well-Architected reviews help customers maintain a strong security posture over their AWS accounts. As more organizations deploy to the cloud, especially if they are doing so quickly, and they have not yet implemented the recommended AWS services, there may be a need to conduct a rapid security assessment of their cloud environment. As a result, AWS developed a new open source Self-Service Security Assessment (with ransomware analysis modules) tool that provides customers with a point-in-time assessment to quickly gain valuable insights into the security posture of their AWS account. The tool helps to identify key security controls directly impacting the ability to protect against ransomware. With just a few clicks, customers can start an automated security assessment of their existing AWS account environment, generate easy-to-read reports of their account’s security posture, and receive remediation recommendations and mitigating controls. For continuous monitoring of their security posture, AWS recommends enabling AWS Security Hub’s Foundational Security Best Practices standard, which also provides automated security checks.

How does it work?

The Self-Service Security Assessment is deployed using a simple AWS CloudFormation template that includes a dedicated Amazon Virtual Private Cloud (Amazon VPC) with two subnets, one NAT Gateway, one Amazon Elastic Compute Cloud (Amazon EC2) instance, and one Amazon Simple Storage Service (Amazon S3) bucket. Once deployed, open source projects Prowler and ScoutSuite are downloaded and installed within the Amazon EC2 instance and begin locally scanning AWS accounts using AWS APIs to run more than 256 point-in-time checks. The checks look at current AWS settings across services like AWS CloudTrail, Amazon CloudWatch, Amazon EC2, Amazon GuardDuty, AWS Identity and Access Management (AWS IAM), Amazon Relational Database Service (Amazon RDS), Amazon Route 53, and Amazon S3 and assesses them against security best practices.

Each tool generates easy-to-consume reports that highlight risk areas in the environment and stores the reports into a newly created Amazon S3 bucket in the account. While the tool’s current design captures a point-in-time snapshot of the AWS environment, the tool receives regular updates from AWS security professionals based on new and emerging tactics and techniques.

Security gaps identified in the report include readily identifiable corrections and AWS remediation recommendations. Customers can also engage AWS Professional Services for tailored guidance to run the assessment across large, more complex AWS footprints and remediate issues at scale.

The Self-Service Security Assessment (with ransomware analysis modules) can be deployed and run in about 30 minutes, and costs less than $1 (USD) to scan, output, and store the results. The tool can be run on-demand and on multiple accounts but today each run must be done separately per account. However, customers may develop their own automated processes to run the assessment on a recurring basis as part of their overall security practices.

Getting started

To get started, visit the Self-Service Security Assessment (with ransomware analysis modules) in the AWS Labs GitHub repository.

Check out other security and ransomware resources for the public sector.