The Leader in Cloud Infrastructure Entitlement Management (CIEM)
CloudKnox Introduction
CloudKnox proactively addresses insider threats by delivering continuous detection and remediation of the over-privileged machine and human users leveraging our patented Activity-based Authorization APIs. CloudKnox Security is now part of Microsoft!
Challenges & Goals
CloudKnox wanted an onshore-offshore model for the automation of cloud compliance of AWS, GCP and AZURE platforms.
- Have sound and core knowledge of CloudKnox product
- Provide comprehensive automated suites to test the complex Compliance
- Automate end to end Compliance Dashboard and include validators to validate all the results.
Solutions
After having a clear understanding of the product from CloudKnox, Neova implemented the following solutions:
- Neova helped CloudKnox to build a robust and stable test automation framework for compliance automation using Java, TestNG and Maven.
- Cloud – CIS BENCHMARKS, PCI & WAF– CloudKnox monitors cloud environments for threat events, implements least privilege recommendations and also validates configurations against the controls established as best practices in the CIS, PCI and WAF Benchmarks for different clouds.
- Our Automation solution included creating & updating all the possible configurations of AWS/Azure/GCP to validate against all the Benchmark recommendations. Implementations were done using Java, TestNG and Maven.
- Data Generation – Our Automation solution included Cloud Data Generation scripts in the cloud as if an end-user would use the cloud. Major services include AWS/AZURE/GCP for interactions with internal & external resources:
- AWS : S3, EC2, Lambda, IAM, CloudTrail, CloudWatch, SNS, SQS, Config, VPC, CloudFront, Athena and many more. Implementations were done using Java, TestNG and Maven.
- Azure : Azure Kubernetes Service (AKS), Azure DNS, Key Vault, Security Center, Storage, Virtual Network, Compute, SQL Database, Cosmos DB, Identity, Batch. Implementations were done using Java, TestNG and Maven.
- GCP : Compute, Storage, Cloud SQL, Cloud Bigtable, Kubernetes Engine,Virtual Private Cloud (VPC), Cloud IAM, Cloud Security Scanner, Cloud DNS, Monitoring, Cloud Dataflow. Implementations were done using Java, TestNG and Maven
- Data validation – Our Automation solution also included the middle layer where the CloudKnox dashboard collects the data from the respective Cloud platforms and the automated validator scripts validates the tests and generates the report accordingly.
- CI/CD – We achieved Continuous Integration & Testing of various activities via pipelined jobs using Jenkins.