Deployment - Serverless Security

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
1 hour 13 minutes
Difficulty
Beginner
CEU/CPE
1
Video Transcription
00:00
>> Now that we understand
00:00
the mechanism behind CloudGuard Serverless Security,
00:00
let's roll up our sleeves and start deploying.
00:00
In our use case,
00:00
since we're deploying to AWS,
00:00
we'll be talking about an AWS-oriented deployment.
00:00
The overall process consists of the following steps:
00:00
Onboarding a designated AWS environment
00:00
into CloudGuard Native,
00:00
enabling serverless security,
00:00
enabling runtime protection,
00:00
and creating exclusions and rules.
00:00
First, we need to onboard
00:00
an AWS environment into CloudGuard Native.
00:00
CloudGuard Native has two operation modes
00:00
for managing AWS accounts,
00:00
either read-only or full protection.
00:00
Read-only allows you to monitor and examine
00:00
AWS accounts within CloudGuard.
00:00
Full protection, on the other hand,
00:00
has a more proactive level of enforcing
00:00
access and tamper protection on your AWS assets,
00:00
managing security groups, and
00:00
controlling direct access to your cloud assets.
00:00
There are a few methods to perform
00:00
onboarding from a step-by-step process using
00:00
CloudGuard and the AWS console
00:00
to automating the process using bash scripts,
00:00
terraforms, and REST API calls.
00:00
In our case, we'll focus on
00:00
onboarding from the CloudGuard portal.
00:00
To begin, we navigate to environments
00:00
and add a new AWS environment.
00:00
Now we need to select an operation mode.
00:00
In our case, we'll use full protection.
00:00
The next steps involve following the CloudGuard wizard,
00:00
which instructs you how to prepare
00:00
an IAM policy in the designated AWS account,
00:00
granting appropriate permissions to CloudGuard to
00:00
access the AWS account for information about resources.
00:00
Additionally, details on how to create an
00:00
IAM role in the AWS account to be used
00:00
by CloudGuard to access the cloud account using
00:00
the IAM permissions defined in the previous step.
00:00
Let's assume we've performed
00:00
these easy and straightforward steps
00:00
listed in the wizard,
00:00
and we've arrived to this summary screen.
00:00
Based on the number of entities in the AWS environment,
00:00
the process may take a few minutes to complete,
00:00
this completes the onboarding process.
00:00
Once fully onboarded, you can view
00:00
your AWS environment and its status.
00:00
Now that things are onboarded,
00:00
let's enable serverless protection.
00:00
To enable, we navigate it to
00:00
environments and choose Enable Serverless Protection,
00:00
now we create a cross-account role.
00:00
After acknowledging we create a stack.
00:00
After the stack is created,
00:00
the additional permissions are granted to CloudGuard,
00:00
and CloudGuard completes
00:00
the process of enabling protection.
00:00
When this is complete, as
00:00
indicated in the CloudGuard wizard,
00:00
you can see the serverless functions in
00:00
the protected assets lists for
00:00
the account in the protected assets page.
00:00
You can now examine the static code results and
00:00
the posture findings generated from the scan.
00:00
Now it's time to enable
00:00
the runtime functions self-protection
00:00
to allow the comprehensive protection
00:00
that is expected from CloudGuard.
00:00
To enable, we navigate to
00:00
the serverless functions page,
00:00
we select the desired function from the list.
00:00
Now we switch auto protect on,
00:00
the profiling will commence,
00:00
and we'll complete the allow list.
00:00
Since we'd like to block
00:00
malicious actions that are not in the allowed list,
00:00
we toggle on block on
00:00
detect once auto-protect is done applying itself.
00:00
Finally, let's define an exclusion which will
00:00
manually add access in the list to an allowed asset,
00:00
in this case, text files under the logs directory.
00:00
First, we select our target function
00:00
and navigate to its rules and exclusions tab.
00:00
Then we create a new exclusion
00:00
and select its target in our case, a file.
00:00
Now we enter the exclusions pattern,
00:00
which is a string or a set of
00:00
strings that matches against actions.
00:00
If an action matches the pattern,
00:00
it is added to the list
00:00
and excluded from further inspection.
00:00
In our case, since we're matching
00:00
text files under the temp logs directory,
00:00
we used this pattern.
00:00
Finally, we select the scope
00:00
this exclusion applies to a specific function,
00:00
a group of functions,
00:00
or the entire set of functions in the environment.
00:00
There you have it. We've gone through how
00:00
CloudGuard can protect your serverless functions,
00:00
constantly analyzing and profiling
00:00
the behavior of the function components,
00:00
providing built-in function self-protection.
00:00
We've examined the implementation of
00:00
CloudGuard serverless security in AWS.
00:00
If you'd like to enhance your knowledge on implementing
00:00
the solution on other platforms such as Azure,
00:00
please refer to the product documentation.
00:00
Thank you for taking this session.
00:00
I hope you found it useful
00:00
>> and I'll see you in the next one.
Up Next