Traditional assessment solutions and vulnerability solutions cannot track the elastic and ephemeral nature of cloud workloads. Because these traditional tools are both scanner-based and time-based, cloud workloads can be launched and shut down before security solutions can detect them.
Traditional assessment solutions and vulnerability solutions can also overlook new cloud instances, because cloud resources lend themselves to sprawl and to shadow IT.
Many traditional assessment solutions and vulnerability solutions are IP-based. And in some cases, the IP ranges are entered manually. Because cloud resources can use elastic IPs, these traditional tools can leave gaps when scanning cloud resources.
Lucidum ingests data from all the solutions in your environment. Lucidum’s Machine Learning algorithms then enrich the ingested data through deduplication, triangulation, and aggregation.
Lucidum can find all traces of ephemeral workloads and elastic IPs, so you can manage cloud resources.
Overview of Cloud Assets #
This dashboard provides an overview of all the cloud assets in your environment.
This dashboard includes charts for:
-
Cloud Assets – All Types. Displays the total number of cloud assets.
-
Instance Type Breakdown. Displays the number of cloud instances of each type (specifically for AWS, Azure, and Google).
-
Cloud Assets – By Type. Displays the cloud asset types that exist in your environment.
-
Cloud Compute Assets. Displays a list of cloud compute assets and the number of users who access those compute assets.
-
Tags in Use. Tags for cloud asssets and the number of cloud assets for each tag.
-
Top-n Cloud Asset Count by OS. Most common operating system running on cloud instances.
-
S3 Buckets by Encryption Status. Number of AWS S3 buckets that are encrypted and not encrypted.
Tagging Audit #
Tagging is the process of using a consistent, descriptive secondary naming strategy for cloud instances. Some organizations prefer to terminate cloud instances with no tags or at the very least remediate cloud instances with no tags.
This dashboard allows you to audit tagging for your cloud assets.
In this example, each cloud instance requires the following tags:
-
Name
-
Owner
-
Status
-
Cost Center
This dashboard includes charts for:
-
Total AWS EC2 Instances. Displays the total number of EC2 instances in the environment.
-
Top-n Tags in Use. Displays the top 15 tags in use for cloud instances.
-
Top-n Instance Owners. Displays the top five owners for cloud instances.
-
Completely Untagged Instances. Displays cloud assets with no tags.
-
Instances Missing Name Tags. Displays the name of cloud instances missing the “name” tag and number of total tags for each instance.
-
Instances Missing Owner Tags. Displays the name of cloud instances missing the “owner” tag and number of total tags for each instance.
-
Instances Missing Status Tags. Displays the name of cloud instances missing the “status” tag and number of total tags for each instance.
-
Instances Missing Cost Center Tags. Displays the name of cloud instances missing the “cost center” tag and number of total tags for each instance.
Cost of Idle Cloud Instances #
An “idle” cloud instance is one with consistently very low CPU usage. In some situations, this can be intentional. For example, the cloud instance can be a backup instance.
Both Amazon and Google provide information about the monthly cost of their cloud instances. So we can easily calculate the monthly cost of these idle instances.
-
Cloud Compute Instances. Displays a count of all compute instances in your environment.
-
Idle Instances Total. Displays a count of all idle compute instances across in your environment.
-
Idle Instance %. Displays the number of idle cloud compute instances and active cloud compute instances in your environment.
-
Tags on Idle Instances. Tagging is the process of using a consistent, descriptive secondary naming strategy for cloud instances. This chart displays all the tags used to tag idle instances.
-
Cloud Compute Estimated Monthly Cost. Lucidum can calculate the monthly cost of cloud instances. This chart displays the total monthly cost of all cloud instances.
-
Idle Instances Estimated Monthly Cost. Lucidum can calculate the monthly cost of cloud instances. This chart displays the total monthly cost of idle cloud instances.
-
Idle Instances by Department. Displays the departments that have idle instances.
-
Idle Instances by Region. Displays the regions that have idle instances.
