AWS Resource Inventory

Upon setting up the AWS connector, it starts discovering the resources in your AWS account. The inventory and the metadata of the resources are pushed to the Qualys portal. For a list of the resources that are getting collected, refer to Resources List.

To fetch the updated resources, you need to select Run from the quick actions menu for the AWS connector.

What do you achieve?

- Get centralized visibility of services/resources across your multiple AWS accounts.

- Identify services/resources running your AWS account. For a list of resources getting collected, refer to Resources List.

- Identify the number of non-compliant resources.

- View resource details and their associations with other resources.

- Locate the resources by querying the resource attributed, account & region, etc.

- Search tagged/untagged resources using AWS tags.

- Trend chart and time range will help you understand how the resources have varied over the past 7 or 30 days. You can also specify the custom range.

AWS Inventory for Cloud Identity Entitlement Management

The AWS Inventory now includes support for Cloud Identity Entitlement Management. This security and identity management solution helps organizations control access to cloud-based resources and applications, following the principle of least privilege.

How Does CIEM Help Secure Your Cloud?

CIEM solves the following challenges in your cloud environment.

Complexity

In the cloud, identities extend beyond just users or service accounts; machine identities also exist. As Cloud infrastructures grow in complexity, managing identity entitlement guarantees control over the various identities in the infrastructure. Thereby reducing the management complexities. 

Access Control

Reducing the challenges of maintaining the principle of least privilege. Cloud admins often provide excessive permissions to various personas. Managing the associated privileges can go a long way in securing the cloud network.

Identity Lifecycle Management

Helps automate and keep user and service identity lifecycles up to date, including onboarding, offboarding, and role changes.

Audit and Compliance

Maintain audit trails to ensure compliance with industry regulations and internal policies.

Emerging Threats: Stay ahead of emerging security threats and vulnerabilities.

How Does TotalCloud Assist in Managing Identity Entitlement?

TotalCloud AWS Inventory has introduced additional resources to the inventory specific to CIEM. These resources can help track the permissions associated with the identities in your environment. The Policy Analyzer reviews these resources and checks them against newly introduced insights to show gaps in identity entitlements. 

Resources List

TotalCloud will discover and fetch the following resources and their corresponding attributes to display in the inventory. We support only the following resource type.

- RDS
- Network ACL
- S3 Bucket
- IAM User
- VPC
- Security Group
- Lambda Function
- Subnet
- Internet Gateway
- Load Balancer
- Instance
- Route Table
- EBS Volume
- Auto Scaling Group
- EKS Cluster
- EKS Node Group
- EKS Fargate Profile
- VPC Endpoint
- VPC Endpoint Service
- IAM Group
- IAM Policy
- IAM Role

For IAM resources, the Policy Analyzer does not work on China accounts. TotalCloud only creates an inventory of the Policies. They will not be analyzed with Insights.

 

© 2024 Qualys, Inc. All rights reserved. Privacy Policy.