Vulnerability Management Policies
Policies
Enable (Tool) Vulnerability Scan
Risk: Critical
Target: EC2
Compliance:
Description
Scanning EC2 instances monthly using the <Tool> Vulnerability Assessment is important for understanding and managing security risks on your cloud infrastructure. The tool can help identify vulnerabilities in software, configurations, and networking components, which malicious actors can exploit to gain unauthorized access to your systems or data.
By scanning your EC2 instances regularly, you can discover and promptly address any potential security threats. This helps to ensure that the security of your cloud environment is top-notch and that your data is safe and secure.
Resolution:
(Tool) = Qualys: Securing Amazon Web Services with Qualys
(Tool) = Tenable: Creating a Vulnerability Management Scan
(Tool) = CrowdStrike: CrowdStrike Vulnerability Management
(Tool) = Rapid7: Setting up an InsightVM Scan
(Tool) = Aqua: Setting up a container scan
(Tool) Found Critical Vulnerabilities
Risk: Critical
Target: EC2
Compliance:
Description
Critical vulnerability could allow attackers to access the underlying operating system, resources, and data. To prevent the Critical vulnerability from affecting EC2 instances, update the firmware, disable the Management Engine if necessary, implement access controls and security policies, monitor the instance for suspicious activity, and use strong authentication measures.
Resolution
(Tool) = Qualys: Securing Amazon Web Services with Qualys
(Tool) = Tenable: Creating a Vulnerability Management Scan
(Tool) = CrowdStrike: CrowdStrike Vulnerability Management
(Tool) = Rapid7: Setting up an InsightVM Scan
(Tool) = Aqua: Setting up a container scan
(Tool) Found High Vulnerabilities
Risk: High
Target: EC2
Compliance:
Description:
High vulnerability could allow attackers to access the underlying operating system, resources, and data. To prevent the High vulnerability from affecting EC2 instances, update the firmware, disable the Management Engine if necessary, implement access controls and security policies, monitor the instance for suspicious activity, and use strong authentication measures.
Resolution:
(Tool) = Qualys: Securing Amazon Web Services with Qualys
(Tool) = Tenable: Creating a Vulnerability Management Scan
(Tool) = CrowdStrike: CrowdStrike Vulnerability Management
(Tool) = Rapid7: Setting up an InsightVM Scan
(Tool) = Aqua: Setting up a container scan
(Tool) Found Medium Vulnerabilities
Risk: Medium
Target: EC2
Compliance:
Description:
Medium vulnerability can enable attackers to gain control of a target system and affects EC2 instances with Intel processors with Intel Management Engine firmware. To prevent the Medium vulnerability from affecting EC2 instances, update the firmware, disable the Management Engine if necessary, implement access controls and security policies, monitor the instance for suspicious activity, and use strong authentication measures.
Resolution:
(Tool) = Qualys: Securing Amazon Web Services with Qualys
(Tool) = Tenable: Creating a Vulnerability Management Scan
(Tool) = CrowdStrike: CrowdStrike Vulnerability Management
(Tool) = Rapid7: Setting up an InsightVM Scan
(Tool) = Aqua: Setting up a container scan