Dash AWS Compliance Scanning
See how Dash cloud security scanning enables teams to automate cloud security and compliance.
AWS Cloud Security Scanning
Organizations building and managing production services in Amazon Web Services must set proper security standards and be aware of cloud security configuration.
Under the AWS cloud shared responsibility model, customers are responsible for implementing and maintaining cloud security settings such as access control, audit logging, backup and disaster recovery (DR), firewall/networking and encryption in order to maintain security and compliance with standards such as HIPAA, SOC 2, and HITRUST.
Dash ComplyOps provides security scanning and continuous compliance monitoring that makes it easy for teams to manage cloud compliance. Teams can run hundreds of Dash provided security scans or write custom scans and security controls.
Download Out Guide To Architecting For Cloud Compliance
Dash Managed Security Scans
Dash Managed Security Scans provide cloud security teams with hundreds of cloud security and compliance scans for AWS. Managed scans cover a wide range of cloud security best practices and regulatory compliance standards such as HIPAA, SOC 2, and HITRUST across AWS cloud services. Managed scans are available in Dash ComplyOps and may be automatically enabled to identify cloud security issues.
Amazon EC2
- Security Group: All Ports Open To All
- Security Group: DNS port open to all
- Security Group: FTP port open
- Security Group: MsSQL port open to all
- Security Group: Unrestricted network traffic within security group
- Security Group: Use of port ranges
- Unencrypted EBS volumes
Amazon IAM
- Password expiration disabled
- Minimum password length is too short
- Lack of key rotation
- Role uses Inline policy
- Managed policy allows NotActions
- Managed policy allows sts:AssumeRole *
Amazon Redshift
- Redshift cluster publicly accessible
- Redshift cluster database unencrypted
- Redshift Security Group allows all
Amazon RDS
- RDS backup disabled
- RDS instance storage unencrypted
- RDS Security Group allows all IP addresses
Amazon S3
- S3 Bucket world-writable
- S3 Bucket world-readable
- S3 Bucket access logging disabled
Amazon SNS
- AddPermission authorized to all principals
- DeleteTopic authorized to all principals
- Publish authorized to all principals
Additional AWS Cloud Service Scans
Dash is continually adding additional compliance scans and cloud services to our scanning and continuous compliance monitoring offerings. Below is a list of some of the other AWS services Dash provides security scanning and monitoring insight.
- Amazon CloudFormation
- Amazon CloudTrail
- Amazon CloudWatch
- Amazon Elastic Load Balancer (ELB/ELBv2)
- Amazon Lambda
- Amazon Route53
- Amazon SES
- Amazon SNS
- Amazon SQS
- Amazon VPC
Want To Learn More About Dash Compliance Scanning?
Dash Custom Cloud Security Scanning
In addition to Dash Managed Scans, security teams may leverage AWS Config and Dash Custom Scanning to build new scans and cloud security controls. Teams can define security rules and conditions and map findings to regulatory standards and cybersecurity frameworks such as HIPAA, HITRUST, and SOC 2.
- Build custom cloud security standards targeting individual AWS services
- Centralize security findings in Dash compliance center
- Connect to regulatory framework controls
Create Scan & Security Controls
Security teams can build custom security scans using Dash. Teams can draft custom scans using Lambda and CloudFormation syntax, deploy rules. Custom scans can be connected to your security program, mapped to compliance standards and metadata.
Identify and Resolve Security Findings
After defining custom scans, teams can view security findings in the Dash Compliance Center and easily respond and resolve cloud security concerns. Teams can see how custom scans affect compliance with regulatory and cybersecurity frameworks and can also connect findings to output services such as JIRA and Webhooks.
Connect To Compliance Standards
Teams can connect custom security scans can be to HIPAA, SOC 2 and HITRUST security standards and measure how custom scans affect your regulatory and cybersecurity standards. Additionally, teams can view compliance reports and inventory compliance controls across their AWS cloud environment.
Building Secure and Compliant Applications?
Connect Dash Cloud Scanning To Your Security Program
Security teams can extend Dash ComplyOps scanning and monitoring capabilities by connecting 3rd party solutions. Teams can connect Dash security and compliance findings into existing security solutions and workflow tools.
JIRA
Connect Dash security findings to your JIRA boards and existing security workflow. Manage Dash issues to within existing DevOps team systems.
Trello
Connect Dash security findings to your Trello boards. Easily view and resolve security issues across your Todo lists and team workflow.
SIEM and Logging Solutions
Connect Dash security findings to your SIEM solution or logging solution. Aggregate, analyze, and sort through Dash security findings alongside other security events.
Webhooks and Other Solutions
Dash provides output to webhooks, so your team can connect almost any solution and build Dash security findings into your workflow.
AWS Cloud Compliance With Dash ComplyOps
Dash ComplyOps provides teams with a solution for building and monitoring security programs in Amazon Web Services. ComplyOps enables organizations to create robust cloud security policies and security programs and then enforces polices through compliance monitoring. ComplyOps provides AWS security scanner functionality and allows teams to find and resolve potential security and compliance issues.
Automated Cloud Security Monitoring
Dash continuous compliance monitoring provides teams with automated security scanning of your AWS cloud environments. Dash identifies security issues within individual AWS services such as Amazon EC2, S3, RDS and IAM and provides steps for remediating cloud issues. Unlike traditional single point-in-time audits, teams can use ComplyOps to continually audit and monitor cloud security issues and ensure the integrity of your cloud security posture.
Streamlined Compliance
Dash security policies and cloud scanning is built around HIPAA, HITRUST and SOC 2 compliance standards, so your team can easily manage regulatory compliance in AWS. Each security scan is mapped to compliance standards so your team can see determine your state of compliance in AWS. Dash makes it easy to develop a robust cloud compliance program and enforce security standards across AWS resources to meet compliance requirements.
AWS Security Reports
Dash cloud security reports provide security teams with a solution for validating cloud security efforts. Teams can utilize AWS cloud security reports to see security safeguards, determine gaps and help teams answer security risk assessments (SRAs).
Cloud Native Security
Dash is built for AWS cloud environments. Teams can deploy the Dash application via the AWS Marketplace and can leverage specific AWS security tools such as AWS GuardDuty to extend the security and capabilities of Dash ComplyOps. Dash operates as a true nerve-center for AWS security and compliance.
Implement Dash AWS Security Scanning
Automate cloud security and compliance in AWS