R-SECURE Solution (Rapyder’s Security Hub Remediation)

April 22, 2022

R-SECURE Solution (Rapyder’s Security Hub Remediation)

Security plays a vital role in any organization as it aggregates the alerts if there is some malpractice in the working environment. It comes with best practices or protocols which are necessary for the organization to run the entire infrastructure smoothly.

AWS offers one such service w.r.t security named Security Hub. Security Hub, once enabled, will continuously scan the AWS accounts for configuration errors using various security standards and rolls up security check results at the account and multi-account level to understand your overall security state.

It also uses summary dashboards and filtering rules to identify and prioritize which findings from AWS security services and partner security integrations are most important and require the most immediate attention.

What is R-SECURE?

R-SECURE is a solution built by Rapyder based on Security Hub AFSBP Standard (AWS Foundational Security Best Practices). This solution focuses on AFSBP control ids given by AWS for findings in the security hub console. It is developed in such a way that it is possible to remediate almost all the findings with a single click. Using the R-SECURE solution, it is also possible to perform cross-account remediations.

Working Architecture

The above diagram illustrates the working of the R-SECURE Solution.

Steps to Remediate

Let’s take an example of control ID EC2.19 where it checks whether unrestricted incoming traffic for the security groups is accessible to the specified ports like 80, 443, 3389, etc., that have the highest risk. It deletes the specified ports which have Inbound Traffic source points as 0.0.0.0/0(Anywhere).

Note: Create a Security Group with ports 80 and 443 with the Inbound Traffic source points as 0.0.0.0/0 and one port as 3389 with the Inbound Traffic source point (MyIP) as given in the image below for this example.

1.Open Security Hub from AWS Console, click on Go to Security Hub, and select the Security Standard AFSBP (AWS Foundational Security Best Practices).
Note: The Security Group with the mentioned configuration created initially will now show up in the Security Hub Findings.

2. In AFSBP Security standards, type EC2.19 in the filter windows in order to see the finding.

3. Confirm the finding from the resource attribute and make sure the compliance status of EC2.19 is Failed in order to remediate.

4. Open the EC2.19 finding by clicking on

5. Select the finding and from Actions, click on R-SECURE Remediate.

6. Once clicked, the EC2.19 finding will remediate.

7. To see the entire workflow of EC2.19, open Step functions from AWS Console.

8. Click on burger shaped three dashes on the left of the screen, select State Machines from the list.

9. From the State Machine list select R-SECURE-Orchestrator.

10. In R-SECURE-Orchestrator, select the execution with the status Running.

11. Once execution with status running is opened, the entire workflow of EC2.19 can be seen in Graph Inspector. The Execution status changes from Running to Succeeded once the entire workflow are succeeded.

12. Once the status is Succeeded, the ports (80, 443) configured initially with source points 0.0.0/0 are deleted from the list. From the image below, it is confirmed that port 3389 with source point set as (MyIP) has not been deleted.

13. Lastly, to confirm, go to Security Hub, where the workflow status of EC2.19 has been changed from NEW to RESOLVED as the remediation is complete.

Conclusion

As stated earlier, Security plays a vital role in a working environment, and the R-SECURE solution using Security Hub as its core helps to follow the best practices and works to remediate finding according to the AWS security standards and compliance. It shows all the control ids with the Severity level, Compliance status, and the number of Failed Checks and helps to remediate almost all findings with a single click. To know more about R-SECURE, Contact us.

To know more about such services, see the Blogs.

Happy Reading 😊

Written by – Chaitanya Karadkhedkar

Cloud Computing Insights and Resources

What is a Hybrid Cloud Strategy? What are its Advantages?

A hybrid cloud strategy is a method that companies use to decide which portions of hybrid cloud infrastructure are most …

What is a Hybrid Cloud Strategy? What are its Advantages? Read More »

AWS Launches the Second Infrastructure Region in India – Hyderabad

On November 22, 2022, AWS launched its new AWS region in Hyderabad. The AWS Asia-Pacific Hyderabad region is the second …

AWS Launches the Second Infrastructure Region in India – Hyderabad Read More »

Three Ways Cloud is Improving Customer Experience

Three Ways Cloud is Improving Customer Experience 

Ever since the cloud rose to popularity in the 2000s owing to its various advantages over traditional computing, businesses have …

Three Ways Cloud is Improving Customer Experience  Read More »