The following are common activities that users are performing in the Secure State service: InfoSec engineers are reviewing findings and developing action plans to address them, management is monitoring progress on the count of findings and types of findings, and admins are ensuring that the accounts are setup correctly. In an effort to continuously surface actionable insights and improve user experience, we’ve recently introduced dashboard improvements to help further simplify these three common activities.
Findings overview and new Overview views
InfoSec engineers spend a significant amount of time in the service reviewing the three main findings pages: Violations (all), Violation by Rule, and Findings by Object. Each of these views have different strengths and aide in investigating findings in a different manner.
Violations (all) is a complete list of the findings identified by VMware Secure State. This is a flat list of findings where you can easily sort, filter, and search. If you know a specific attribute of the finding, this is the fastest way to search.
Violation by Rule, groups findings by rule. If you are looking to review or address a specific type of finding throughout your environment, this is likely the approach you want to take. Reviewing, for example, this high severity rule “EC2 instance is publicly accessible and has elevated privileges for S3” and all of the unique instances of this violation. From here you can drill down to learn more about specific finding and then decide to remediate or suppress the finding.
Findings by Object, groups all of the findings for a specific cloud resource. Here you can identify the resources with the highest risk scores and work on addressing resources first.
In the dashboard, we’ve done some reorganization. We’ve split the dashboard into the Overview and Trends dashboard (more on Trends later). In the Overview dashboard, we now have views that surface the rules with the greatest number of findings and the cloud resources with the highest risk score.
In the Top 5 violating rules view, you can find the rules that are the most commonly violated in your account. You can click into the rule and see the specific findings. In the Top 5 violating objects, we’ve ranked the cloud resources with the highest risk scores. Click into the object and you’ll see the associated findings. These are meant to be shortcuts to help with your planning.
Cloud Account status view
Additionally, on the Overview dashboard, we added a Cloud Account status view. VMware Secure State Admins can now, at a glance, see how many accounts are configured and whether there are issues with the accounts. Clicking into one of the statuses, you get a filtered view of the cloud account page. If you have accounts in the red error state, that means there is likely an issue with the permissions granted to VMware Secure State, and the account is in need of immediate attention.
Trends Dashboard – tacking your organization’s progress
Understanding how your organization is progressing with your cloud security findings is almost as important as fixing the actual problems. For this purpose, we’ve introduced an entirely new dashboard that shows the trending of your findings. Are you making progress or losing ground on a day over day, week over week, or month over month basis? The trends dashboard tracks total finding count, new and resolved findings counts, and total findings count by service types and by cloud accounts over different time periods. These views provide a sense of how your organization is addressing cloud security.
Along with these new dashboard views, we have also expanded our Findings APIs. The Findings Trends APIs allow you to replicate the same views that are visible in the Trends dashboard in your external monitoring tools as well.
To see these new features in action, go to the following links within your VMware Service console:
Overview Dashboard: https://www.securestate.vmware.com/dashboard/overview
Trends Dashboard: https://www.securestate.vmware.com/dashboard/trends
APIs: https://api.securestate.vmware.com/findings
Learn more about how VMware Secure State can help your public cloud teams mitigate risk through intelligent, real-time security insights.
