VMware Secure State has introduced a major infrastructure enhancement to the platform to improve visibility into cloud resources for different security teams and accelerate support for additional cloud services. The Entity Data Service is a new base component of the platform that builds upon our Interconnected Cloud Security Model, exposing advanced query capabilities and optimizing how the service stores cloud configuration data in VMware Secure State.
VMware Secure State’s API first approach
With the release of the new Entity Data Service, we continue to drive our API first approach. VMware Secure State users can now directly query the Entity Data Service to gain insights they never had before. With the API, users can:
- Search and filter cloud resources
- Get configuration details on a specific cloud resource
- Discover other connected resources
- Retrieve complete historic configuration changes
- Create aggregations queries to understand distributions of resources
Easy API access to resource entities is driving new use cases and examples of how customers are deriving value from VMware Secure State platform. Some common use cases include vulnerability management teams searching for resources that could be potentially exposed or incident response teams using Entity Data Service APIs to understand the blast radius of security incidents. We talk about one such real use case in this blog on how you can diagnose Salt Master RCE vulnerabilities with VMware Secure State. Customers are also using these to find and discover cloud resources of interest across regions, accounts, and providers quickly. Let’s look at some more examples in detail.
Example #1 – Port 22 Open To The World Report
Users can write a simple query using the Graph Query API built on the Gremlin language to find all security groups and their relationships with instances that have a Port 22 open to the internet. They can further apply filters on cloud account and port range properties. Notice how the tree property with nodes and entities that display the full connected relationships among the resources can be retrieved. This provides users the full context of resources matching the query in a JSON format.
Request:
Response:
Example #2 – Finding Recent Configuration Changes To Inform Investigations
Users can retrieve a complete snapshot history that highlights all the configuration changes marked with a timestamp for incident forensics. Specifically, security teams can inspect any changes including tag values, configuration values, whether added or removed, to retrace the steps that created a security vulnerability. These configuration changes combined with activity logs available in the platform paint the complete picture about who changed what and when.
Request:
Response:
Introducing support for Amazon EKS and DynamoDB
Examples above illustrate how easy VMware Secure State improves visibility for SecOps teams by enabling them to look for resources that match a certain configuration pattern, study the history of configuration changes, and find what’s connected to those resources to understand the impact on overall security posture. Besides the insight into configuration risks and object context, the introduction of Entity Data Service has also accelerated VMware Secure State’s ability to model new public cloud services.
We are pleased to announce support for Amazon EKS and DynamoDB, giving AWS cloud users the broad visibility they need into their complex cloud deployments. VMware Secure State users can now easily find risks such as publicly accessible EKS clusters, clusters using a deprecated Kubernetes version, unencrypted DynamoDB tables, and more. To learn about VMware Secure State’s real-time security approach or speak to an expert on public cloud security and compliance best practices, visit: https://cloudhealth.vmware.com/products/cloudhealth-secure-state.html