How to Remediate R-SECURE Solution Using Security Hub? (Rapyder’s Security Hub Remediation)

Remediate R-SECURE Solution Using Security Hub
April 22, 2022

Security is vital in any organization as it aggregates alerts if malpractice exists in the working environment. It comes with best practices or protocols necessary for the organization to run the entire infrastructure smoothly.

AWS offers one such service w.r.t security named Security Hub. Once enabled, Security Hub will continuously scan the AWS accounts for configuration errors using various security standards and roll up security check results at the account and multi-account level to understand your overall security state.

It also uses summary dashboards and filtering rules to identify and prioritize which findings from AWS security services and partner security integrations are most important and require the most immediate attention.

What is R-SECURE?

R-SECURE is a solution built by Rapyder based on Security Hub AFSBP Standard (AWS Foundational Security Best Practices). This solution focuses on AFSBP control ids given by AWS for findings in the security hub console. It is developed so that it is possible to remediate almost all the findings with a single click. Using the R-SECURE solution, it is also possible to perform cross-account remediations.

Working Architecture

R-Secure Working Architecture

The above diagram illustrates the working of the R-SECURE Solution.

Steps to Remediate

Let’s take an example of control ID EC2.19, which checks whether unrestricted incoming traffic for the security groups is accessible to the specified ports like 80, 443, 3389, etc., that have the highest risk. It deletes the specified ports with Inbound Traffic source points as 0.0.0.0/0(Anywhere).

Note: Create a Security Group with ports 80 and 443 with the Inbound Traffic source points as 0.0.0.0/0 and one port as 3389 with the Inbound Traffic source point (MyIP) as given in the image below for this example.

Creating security group

1. Open Security Hub from AWS Console, click on Go to Security Hub and select the Security Standard AFSBP (AWS Foundational Security Best Practices).

Note: The Security Group with the mentioned configuration created initially will now show up in the Security Hub Findings.

Security Group with the mentioned configuration created

2. In AFSBP Security standards, type EC2.19 in the filter windows to see the finding.

AFSBP Security standards

3. Confirm the finding from the resource attribute and make sure the compliance status of EC2.19 is Failed to remediate.

4. Open the EC2.19 finding.

5. Select the finding, and from Actions, click on R-SECURE Remediate.

clicking on R-SECURE Remediate

6. Once clicked, the EC2.19 finding will remediate.

7. To see the entire workflow of EC2.19, open Step functions from AWS Console.

8. Click on burger-shaped three dashes on the left of the screen, and select State Machines from the list

9. From the State Machine list, select R-SECURE-Orchestrator.

10. In R-SECURE-Orchestrator, select the execution with the status Running.

11. Once execution with status running is opened, the entire workflow of EC2.19 can be seen in Graph Inspector. The Execution status changes from Running to Succeeded once the entire workflow has succeeded.

Graph inspector

12. Once the status is Succeeded, the ports (80, 443) configured initially with source points 0.0.0/0 are deleted from the list. The image below confirms that port 3389 with the source point set as (MyIP) has not been deleted.

The ports configured initially with source points

13. Lastly, to confirm, go to Security Hub, where the workflow status of EC2.19 has been changed from NEW to RESOLVED as the remediation is complete.

Confirmation in security hub

Conclusion

As stated earlier, Security plays a vital role in a working environment, and the R-SECURE solution using Security Hub as its core helps to follow the best practices and works to remediate finding according to the AWS security standards and compliance. It shows all the control with the Severity level, Compliance status, and the number of Failed Checks and helps to remediate almost all findings with a single click. To know more about R-SECURE, Contact us.

To know more about such services, see the Blogs.

Happy Reading 😊

Written by – Chaitanya Karadkhedkar

Cloud Computing Insights and Resources

Gen AI and Education: Transforming Learning in the Digital Age

“Gen AI illuminates the path to an empowered and digitally fluent education.” Generation AI (Gen AI) is revolutionizing the future of […]

cloud security, cyber threats

Cloud Security in 2024: Fortifying Your Digital Fortress Against Emerging Threats

In an age where our lives are intertwined with the digital world, protecting our online data is paramount due to […]

Transforming Document Processing with Rapyder’s Intelligent Document Processing

In the age of rapid technological advancement, organizations are constantly seeking innovative ways to streamline their operations and reduce the […]