Hey folks - sharing something we're in the early innings of developing. Hoping to get some feedback from the community!
ZeusCloud is an open-source cloud security platform that thinks like an attacker! We’re hoping to give teams the one stop shop for their core preventative cloud security needs (cloud misconfigurations, identity, workload vulnerability scanning, etc.).
ZeusCloud works by:
- Identifying risks across your cloud environments (e.g. misconfigurations, identity weakness, vulnerabilities, etc.)
- Prioritizing those risks based on toxic risk combinations an attacker may exploit.
- Remediating by giving step by step instructions on how to fix the risk findings.
We know there are many cloud security tools out there, but in our experience they are limited in scope (focused on just misconfiguration or identity or vulnerability), provide limited context about risks, or are hard to access.
The project is still early, so we’d love your feedback! So far, we’ve added misconfiguration checks and common identity-based attack paths for AWS. Up next on our roadmap are network/access graph visualizations, vulnerability scanning, and secret scanning!
It's not a good look to have the first line in the "alerts" be that the OrganizationAccountAccessRole exists in a member account, and twice as bad that there are 2 _different_ alerts, one Critical and one High for the exact same OAAR situation
Maybe there's some nuance that the role just happens to be named that and there's in fact no AWS Organizations relationship, but for demo purposes, best to either include some disambiguation that would show a user that such introspection exists or pick a less wtf scenario for "3rd party access"
Thanks for the feedback! You're right that this is a bit of a false positive. For the sandbox, since we've hooked up 1 account, it flags such org trust relationships. I'd figured that it'd be good to showcase a 3rd party account access even as a false positive.
I'll update this rule to deal with org relationships correctly for 1-account setup, and will set up a separate account to have 3rd party access.
On our roadmap to add an integration with SecurityHub (e.g. piping ZeusCloud findings to it, if that's the workflow you prefer)
More broadly though, we've found SecurityHub to be too disorganized - findings from Config, Guardduty, etc. are piped into it without much contextual information to really prioritize and remediate. The result is just a laundry list of items.
That's a big part of the problem we're looking to solve with ZeusCloud - unified dashboards for these different types of risks, along with context about surrounding risks and context about the cloud environment.
10 comments
[ 3.5 ms ] story [ 16.1 ms ] threadZeusCloud is an open-source cloud security platform that thinks like an attacker! We’re hoping to give teams the one stop shop for their core preventative cloud security needs (cloud misconfigurations, identity, workload vulnerability scanning, etc.).
ZeusCloud works by:
- Identifying risks across your cloud environments (e.g. misconfigurations, identity weakness, vulnerabilities, etc.)
- Prioritizing those risks based on toxic risk combinations an attacker may exploit.
- Remediating by giving step by step instructions on how to fix the risk findings.
- Monitoring compliance - track your PCI DSS, SOC 2, GDPR, CIS goals.
We know there are many cloud security tools out there, but in our experience they are limited in scope (focused on just misconfiguration or identity or vulnerability), provide limited context about risks, or are hard to access.
The project is still early, so we’d love your feedback! So far, we’ve added misconfiguration checks and common identity-based attack paths for AWS. Up next on our roadmap are network/access graph visualizations, vulnerability scanning, and secret scanning!
Check out our GitHub (Licensed Apache 2.0): https://github.com/Zeus-Labs/ZeusCloud
Play around with our Sandbox environment: https://demo.zeuscloud.io
Get Started (free/self-hosted): https://docs.zeuscloud.io/introduction/get-started
Happy to answer any questions and would love any constructive feedback!
Maybe there's some nuance that the role just happens to be named that and there's in fact no AWS Organizations relationship, but for demo purposes, best to either include some disambiguation that would show a user that such introspection exists or pick a less wtf scenario for "3rd party access"
I'll update this rule to deal with org relationships correctly for 1-account setup, and will set up a separate account to have 3rd party access.
And as open source, we hope it can be more transparent, easier to try out, more configurable, and offer better shift left functionality!
More broadly though, we've found SecurityHub to be too disorganized - findings from Config, Guardduty, etc. are piped into it without much contextual information to really prioritize and remediate. The result is just a laundry list of items.
That's a big part of the problem we're looking to solve with ZeusCloud - unified dashboards for these different types of risks, along with context about surrounding risks and context about the cloud environment.
We're launching in a week more identity-based features (i.e. an IAM evaluation / simulation engine that tells you who has access to what)
Workload protection (e.g. vuln scanning and secret scanning) are in progress next!