The new IAM Security Packs include two pack options:
- IAM Security (with Access Explorer)
- IAM Security (without Access Explorer)
The first pack IAM Security (with Access Explorer) includes a total of 39 Insights, with three Insights that are included with our Cloud IAM Governance - Access Explorer add-on module, and as such, will require licensing for that module.
The second pack IAM Security (without Access Explorer) includes 35 Insights, all of the same Insights included in the original pack, but omits the three Insights that require licensing for the Cloud IAM Governance (Access Explorer) add-on module. Allowing customers that may not have the module access to InsightCloudSec's out-of-the-box compliance pack for IAM Security.
The IAM Security Packs provide prescriptive guidance for configuring IAM security options with an emphasis on IAM security best practices. The three Insights that require the IAM licensing support AWS. The other 41 insights provide broader coverage spanning seven CSPs.
Before you get started with any compliance packs, you will need to have the following:
- A functioning InsightCloudSec platform installation
- The appropriate permissions to apply this Compliance Pack to your desired infrastructure
- Note that licensing for the Cloud IAM Governance Module is required to access/implement all of the Insights included in the IAM Security (with Access Explorer) pack
- Familiarity with your organization’s compliance requirements
If you have questions about implementing this compliance pack or other general questions, reach out to us via [email protected].
The IAM Security (with Access Explorer) Compliance Packs includes three Insights that require licensing for the IAM Governance (Access Explorer) add-on module. These Insights provide these valuable risk visibility:
- Show me the Principals with the most Wildcards for Services. Or those with most Services for which
they have 90% (user defined threshold) or more of the total actions in a service.
- Show me the Principals with the most Wildcards for Resources.
- Show me Resource Policies that are not protected by Conditions
The remaining 41 Insights are included in both Packs (IAM Security (with Access Explorer) and IAM Security (without Access Explorer) and cover a broad range of IAM security best practices over 7 CSPs including:
- API Access Key is Inactive
- Password Complexity Checks
- Cloud Account with Active Root account
- Unused Policies
- Unused Groups
- Principal Unused in 90 Days
- Cloud Role trusting unknown external account
- Resource Policy using NotAction or NotPrincipal
- Cloud User is Deprecated
*If you have specific questions on this capability or need more information around our Cloud IAM Governance (Access Explorer) add-on module, reach out to [email protected].
In addition, to explore more details around our automation capabilities, take a look at our documentation on BotFactory.
Updated about a month ago