On March 22nd, 2019, CapitalOne experienced a data breach that resulted in the loss of more than 100 million credit card applications. This vulnerability resulted from a misconfigured web application firewall, which caused a server-side request forgery vulnerability. This issue then allowed an attacker to gain access to an AWS IAM role with access to sensitive data within an S3 bucket.
Configuration issues in public cloud platforms, such as Amazon Web Services (AWS), often have devastating security implications. These platforms allow developers and system administrators to quickly deploy and update applications or digital infrastructure. Due to their flexibility, cloud environments constantly change, as developers create and destroy infrastructure throughout the day. Maintaining real-time visibility into such environments is a fiendishly difficult problem for many organizations.
To help customers with this problem, we built a Chariot capability that ingests newly created assets across an entire AWS organization into the scanning pipeline. Read on to learn how you can use Chariot to gain better visibility into your AWS environment.
What is the Amazon Capability?
The Amazon capability uses two techniques to discover assets. Each day, it pulls a new list of all current active assets, using an IAM role in the customer’s AWS account. Additionally, the Amazon capability uses an EventBridge rule to send push notifications to a Chariot webhook every time an asset comes online. These techniques ensure that Chariot’s list of monitored cloud assets remains fresh and prevent Chariot from missing assets that exist between scheduled scans. The Amazon capability places all identified assets into Chariot’s scanning queue, where they are then scanned with other capabilities. Currently, the Amazon capability supports a wide variety of services, such as EC2, ELB, RDS, ECS, EKS, API Gateways, Lambda Functions, Elastic IPs (generic), and Route53.
How to use the Amazon capability
Deploying the Amazon integration is as simple as running a CloudFormation template in your target AWS organization’s management account. For more information on setting up this capability, please see the official documentation. Once configured, Chariot will then enumerate AWS assets on a routine basis.
Getting Started With Chariot
Curious what vulnerabilities you may have within your AWS attack surface? Create a free account on Chariot and configure the Amazon integration. Chariot will have results ready before you can finish your next cup of coffee.
