AWS Security Hub Integration
- Database security alerts generated by SecureCloudDB can be pushed into AWS Security Hub. To set this up in SecureCloudDB, click on "Alerts" in the main menu, select "Destinations" in the submenu, hit the blue add button in the lower right corner of the “Destinations” table and follow the set-up prompts.
Create Your Own Security Rules
- In addition to the Foundational Security Rules that come standard with SecureCloudDB, you may now create custom Security Rules. To do so, select “Foundational Security” in the main menu. Then, under “Inventory” select “Custom Rules”. Hit the blue add button in the lower right corner of the “Custom Security Rules” table and follow the set-up prompts.
Customize Your Risk Assessment Report
- SecureCloudDB provides a Risk Assessment Report, which generates risk scores using a proprietary methodology that analyzes the number and severity of security violations in addition to other indicators.
- Now you can create your own Risk Assessment Report by selecting or excluding the rules that are factored into the security risk score calculation.
- To create your own report, select “Foundational Security” in the main menu and click on “Reports”. Then, select “Custom Reports” and click on “Custom Risk Assessment Report”. From there, click the pencil icon in the upper right corner of the report and select or deselect the rules to include the evaluation and hit “Update”.
Expanded Database Activity Monitoring Capabilities
- Filter functionality has expanded within Database Activity Inventory to include the ability to segment activity by Database, User, Provider and Service. To access this capability, select "Operational Security" in the main menu, select "Inventory", and then select "Database Activity". The "Filter" button is is in the upper right corner of the report.
- Monitor AWS Redshift and RDS instances (MySQL, including MariaDB, and PostgreSQL with and without Aurora) in addition to AWS DynamoDB.
Alert Set-Up Upgrades
- Now you can create alerts for Database Activity Monitoring in addition to setting up alerts based on Security Rules. To create a new alert, select “Alerts” in the main menu, then “Policies”. Next, click on the blue add button at the bottom right of the "Policies" table. In the next window, select the alert type you are creating - “Database Activity” or “Security Rules” - and follow the prompts.
- Additional upgrades to our alert set-up wizard include the ability to set-up alert rules based on tags. This provides more granular control in terms of what specifically you want to be alerted about, thereby helping reduce alert fatigue.
When setting up alerts pertaining to “Database Activity”, you may now select the database itself or select tags to match the Provider or Service. Additionally, you may use custom tags.
When setting up alerts pertaining to “Security Rules”, you may now select the security rule itself or use rules that include tags for:
- Violation Severity (Info, Warning, Critical)
- Authoritative Source (CIS Benchmarks, AWS Best Practices, SecureCloudDB Assessments)
- Risk Category (Auditability, Business Continuity, Data Exposure, Data Protection)
Out of the box, each new organization is automatically set up with default “Security Rules” alerts regarding critical violations. This ensures you’re alerted to the most severe issues straight away. As you build out your alerting process, these alerts can be turned off or modified.
Home Dashboard Upgrades
- Noteworthy violations are summarized in the new “Important Violations” table. Click the drop-downs for each category to see which databases are in violation.
- The “Security Violations” table, in the center of the dashboard now tallies every violation by category in an easy to see count in the header.
- To access the home dashboard, click on “Dashboard” in the main menu, then select “Home” in the submenu.