C3Mが4.2.0をリリース

facebookで共有
twitterで共有
linkedinで共有
emailで共有
printで共有
whatsappで共有

The 4.2.0 release brings loads of new functionalities, features, and policies including the much-awaited C3M Risk Score which is an Industry-First.

All customers are encouraged to go through the new changes and take this upgrade.

For more information, please reach out to us at [email protected].

Features

Risk Score for Alerts

C3M’s risk scoring framework helps security teams identify high-risk, high-impact resources and provides deep insights and context into all the related entities that may contribute to the risk of a resource. Based on the vendor-neutral and industry-accepted CVSS framework from FIRST.org and Risk Impact based on C3M Intelligence, you get a 0-10 risk score with full context for all your cloud assets based on factors like exploitability, exposure, and impact. The risk score value can fall between 0 – 10, the higher values indicating greater security risk. NOTE : This release supports AWS resources ONLY and subsequent releases will see support for Azure and GCP resources.
How can Risk Scoring help?

Alert Findings Screen

Completely re-designed Alert Findings screen which can help administrators with the below

Alert Overview Dashboard

CP playbooks support to extend our SOAR offering. You can leverage our predefined actions and configure auto-remediations for GCP policy violations. Playbooks are based on a serverless framework, and you need to deploy the remediation module in a designated GCP project.
The dashboard also comes with the following enhancements

Inventory Dashboard

The existing Explore -> Inventory -> Resource Center has been moved to Explore -> Inventory
Inventory dashboard also comes with the following NEW features

Event-Based Alerts

Create Rule
Pre-defined rules

Just-in-Time Provisioning phase 2

C3M now supports Just-In-Time(JIT) provisioning with SAML 2.0.
With JIT 2.0, enterprises can automate the user login process, enabling new users to register with C3M(post successful SSO authentication) and access cloud accounts provisioned for them in their Identity Provider.

Cross - Account Access

Support for AWS Cloud.
Cross-Account access is a recommended best practice by AWS to grant third parties access to your organization’s AWS Cloud Accounts. It eliminates the need to create IAM Users in each account.
Quick Guide:
Create an IAM Role in your AWS Account and grant access to an AWS account hosting C3M Cloud Control. For SaaS customers, the access should be granted to the AWS accountID shared by the C3M team.

Ability to re-generate scheduled reports

Users can now regenerate a cloud account report on-demand rather than waiting for the scheduled time to get the report.

Stream GCP IAM Logs using DataFlow

Streaming GCP IAM Logs to the C3M platform will be supported via Data Flow templates to provide better access control features. This will replace the current approach of creating push subscriptions via a GCP pub/sub topic.

Support for custom roles while onboarding GCP Projects

The standard GCP roles (project viewer, organization viewer, and folder viewer) which were mandatory for onboarding GCP projects and organizational accounts can now be substituted with the custom roles. This helps in enforcing the principle-of-least-privilege while onboarding accounts.

Account Deletion Support

C3M now supports the deletion of cloud accounts from the UI. Administrators have permission to delete cloud accounts from the C3M Platform.

Note : The deleted account count would be added to your cloud license. However, you cannot re-onboard the same account again in C3M. If such a need arises, contact C3M Support.

New Compliance Support

NESA IAS V1.1
NESA is the UAE federal authority responsible for drafting the UAE Information Assurance Standards, a set of standards and guidelines for all entities in critical sectors. They are mandatory for all government, semi-government, and business organizations referred to as critical infrastructure to the UAE.
GCP CIS Benchmark 1.1.0
Support for GCP CIS Benchmark 1.1.0 is added.

新しいポリシー


Ensure CloudWatch metrics is enabled for Web ACL rules

Ensure Sampled Requests is enabled for Web ACL rules

Ensure Web ACL default action is set to ‘Block’ for allow conditions

Web ACL should have tags

Ensure ElastiCache clusters have tags

Ensure ElastiCache Redis clusters have in-transit encryption enabled

Ensure ElastiCache Redis clusters have at-rest encryption enabled

Ensure Multi-AZ feature is enabled for ElastiCache Redis clusters

Ensure DynamoDB tables are encrypted with customer-managed CMK

Ensure DynamoDB have tags

Ensure DynamoDB tables have Point in Time recovery enabled

Ensure unused DynamoDB tables are removed

Ensure Binary Authorization is enabled on Kubernetes Clusters

Ensure DNSSEC is enabled for Cloud DNS

Ensure Cloud DNS DNSSEC key-signing key is not created using RSASHA1

Ensure Cloud DNS DNSSEC zone-signing key is not created using RSASHA1

Ensure Cloud DNS zones have labels

関連記事

C3Mプレイブック

Playbookは、C3M Cloud Control PlatformにSecurity Orchestration Automation and Response (SOAR)の機能をもたらします。

Read More "