Networking risks

This topic explains how networking risks data is handled in Prevasio, allowing you to delve deeply into identifying, analyzing, and fixing networking misconfiguration, a critical aspect that sets Prevasio apart from our competitors.

Introduction

Prevasio offers robust capabilities in analyzing firewall policies across AWS, Azure, and Google Cloud. It specializes in identifying and addressing top-tier security issues, focusing on critical aspects of cloud security. Prevasio's approach includes scrutinizing firewall policies for misconfiguration, emphasizing both private and public APIs, and analyzing inbound and outbound rules. This method allows for a comprehensive evaluation of policy misconfiguration. Additionally, Prevasio enhances user experience by enabling direct access and modification of policies linked to identified risks, streamlining the process of risk management and resolution in cloud environments.

AlgoSec Best Practices compliance standard

Networking risks data is introduced in Prevasio as a fourth compliance standard. This standard is called “AlgoSec Best Practices,” and is prioritized as the most crucial one.

AlgoSec Best Practices represents an internally established compliance standard tailored for violations, particularly focusing on networking risks. This standard enhances overall risk analysis and compliance adherence and significantly broadens the scope and depth of Prevasio compliance and risk assessment capabilities.

Working with AlgoSec Best Practices detected risks

Compliance risks, being a key aspect of Prevasio, are prominently integrated throughout the application.

To view AlgoSec Best Practices detected risks

1. In multi-account view, in the left menu in Prevasio, select Compliance > Detected Risks. Compliance issues for AWS, Azure, and GCP are shown in their respective tabs. For example, for Azure:

   

   The AlgoSec Best Practices column shows compliance risks detected in Azure subscriptions.

2. Click a Tenant ID / (Subscription or Account or Project) ID to open the AlgoSec Best Practice non-compliance risks for the selected cloud account. Notice that Prevasio is now in Single-account mode.

   

Let's looks at a non-compliance networking risk to understand the information:

Column	Description
Severity	Indicates the level of risk associated with the non-compliant issue.
Non-Compliance	References the specific security standards or regulations that are not being met. Items beginning in AlgoSec represent AlgoSec Best Practices compliance issues. Click the requirement to see the specific standard description and remediation steps.
Region	Specifies the cloud geographic region where the non-compliance issue is located.
Resource	Identifies the specific resource that is non-compliant. Click the resource to open its page in the Assets & Security Issues section.
Issue	Describes the security issue or misconfiguration.
Remediation	Suggests actions to be taken to address the issue.
Read more	A link that provides additional information about the non-compliance issue. See View Risk details. See View Risk Triggers. See View More info.
Action	Contains actionable buttons or links: Suppress (mute) the alert. See Suppressing and unsuppressing alerts. Export the issue as a Jira ticket. See Export an alert to Jira	.

 

View Risk details

For networking risks

Prevasio's network risk analysis stands out for its global view, which captures the full scope of each risk, including related policies and affected assets, rather than focusing on a singular resource. This global perspective ensures a complete understanding and facilitates detailed investigation for robust risk management and remediation.

Do the following:

1. Identify the networking risk that you want to investigate further. (Look for risks that have a Risk Details button.)

2. Click the Risk Details button.

3. You may be redirected to login again. If so, log in.

   Use the same login credentials that you use for Prevasio. After successfully logging in, the detailed information about the specific risk you selected is displayed. This includes data about the nature of the risk, its potential impact, and other relevant details.

4. Review Affected Assets. Within the risk details, pay special attention to the information about affected assets. This could include specific applications, virtual machines, or other critical components within your infrastructure.

5. Take Necessary Action. Based on the detailed information provided, determine the necessary actions or remediation steps to address the identified risk.

View Risk Triggers

To identify which specific policy rule is causing an issue, click on the 'Risk Trigger' button. This will open a page that lists the offending policy rules linked to the risk for the affected asset, be it a virtual machine, firewall, subnet, or network. From there you can edit rules directly to mitigate them.

Do the following:

1. Identify the networking risk that you want to investigate further. (Look for risks that have a Risk Triggers button.)

2. Click the Risk Triggers button. The Risk triggers page for the risk opens.

   

3. Click Rule details from this page to navigate directly to the policy set where the specific rule causing the risk is highlighted.

4. To mitigate the risk, you can click Edit button to enter edit mode to modify and adjust the rule, thereby immediately addressing and eliminating the risk.

View More info

Clicking the More Info button will take you to cloud provider website that provides more information about the risk and how to mitigate it.