We're managing over 30 AWS accounts that utilize EC2, Lambda, and EKS, and we've got tools like AWS Security Hub, GuardDuty, and Config up and running. Despite this, we're finding it challenging to accurately assess how risky our exposed workloads actually are. We receive numerous alerts but still struggle to pinpoint the full context regarding exploit chains, data exposure risks, and identity vulnerabilities. Has anyone set up an integrated system within AWS that provides a comprehensive overview of workload, identity, API, and data risks, rather than just alert notifications?
4 Answers
Have you checked out Kite? It’s a tool I’ve started using, and it might help you manage your cloud security concerns more effectively.
Using just Security Hub and GuardDuty won't give you the complete risk picture since they focus on singular findings. A more effective setup at scale combines three layers:
- **Identity Graph** (understanding IAM relationships and effective permissions).
- **Network Exposure** (assessing security group paths and public access risks).
- **Data Classification** (classifying S3 data sensitivity and monitoring database exposure).
By integrating org-wide Config, IAM Access Analyzer, and VPC Reachability Analyzer with Macie into Security Hub, you can build a detailed correlation layer with tools like Athena or OpenSearch. This approach lets you understand the blast radius of your workloads better. You can find AWS docs on reachability analysis to help guide you: https://docs.aws.amazon.com/vpc/latest/reachability/what-is-reachability-analyzer.html.
It really comes down to your resources and what you're willing to invest. If you have the budget but not much time, solutions like Wiz are a solid option. If you're tight on cash but have extra time, consider free tools like Prowler and Kubescape. And if you're on a shoestring budget with lots of time? You could restrict permissions and only allow changes via validated Terraform modules. It's all about balancing cost, time, and knowledge—there’s no one-size-fits-all answer, but generally, you either reduce the problem or analyze what’s there for deeper insights.
The type of risk you're concerned about is also critical. Risks can range from general exposure to very specific issues based on your unique setup. Without clarity on the specific risks you want to address, you might struggle to find useful solutions. A comprehensive dashboard may seem tempting, but it could lead to a flood of irrelevant data. Could you share more about what type of risks you're most worried about?
That's a good point! It would help to narrow down the exact risks we want to focus on.
I found Wiz's sales pitch pretty pushy compared to Orca's. They both have pros and cons in terms of compliance, but I felt Orca was slightly more technically sound. At the end of the day, it probably comes down to which one offers better pricing.