Cloud Security

Lucidum can help you accurately inventory and identify cloud assets and ensure cloud instances are secure and follow industry best practices

After Lucidum ingests data from your security solutions, Lucidum uses graph data, machine learning, and predictive analytics to detect and classify all assets and users, even those not detected by the solutions in your environment.

You can then create queries to find a list of all cloud assets in your environment, export the list, or create dashboards.

You can also view pre-built dashboards, called Value-Oriented Dashboards or VODs. You can easily edit these dashboards to suit your needs or easily create your own custom dashboards that show the status of the security controls on cloud assets.

Multi-Cloud Consolidated Compute #

The Multi-Cloud Consolidated Compute dashboard is included with Lucidum and displays information about the compute resources in all the clouds in your environment. Compute resources are those resources that include CPU and memory and usually run software.

The Multi-Cloud Consolidated Compute dashboard looks like this:

The Multi-Cloud Consolidated Compute dashboard includes:

• Cloud Compute – All Sources. Displays a count of all compute instances across all clouds in your environment.

• Instance Type Breakdown. This chart displays the size type of each cloud compute instance.

• All Cloud Assets – By Type. This chart displays all the types of cloud instances in your environment.

• Cloud Compute Assets. This chart lists the name of the cloud compute instances.

• Compute Tags in Use. Tagging is the process of using a consistent, descriptive naming strategy for cloud instances. This chart displays all the tags used to tag compute instances.

• Top-n Cloud Compute Assets by OS. This chart displays the operating systems running on your compute instances.

• Cloud Object Storage by Encryption Status. This chart displays the number of encrypted and unencrypted storage instances.

Multi-Cloud Individual Compute #

Another example, the Multi-Cloud Individual Compute dashboard, displays information about the compute resources in each cloud in your environment. Compute resources are those resources that include CPU and memory and usually run software.

The Multi-Cloud Individual Compute dashboard looks like this:

The Multi-Cloud Individual Compute dashboard includes:

• Azure VMs. This chart displays a count of all Azure VMs in your environment.

• Azure VM Tags. This chart displays the tag values used for Azure VMs.

• Azure VMs by Location. This chart displays the locations with Azure VMs.

• Azure VMs by Instance Type. This chart displays Azure VMs by size type.

• AWS VMs. This chart displays a count of all AWS VMs in your environment.

• AWS VM Tags. This chart displays the tag values used for AWS VMs.

• AWS VMs by Location. This chart displays locations with AWS VMs.

• AWS VMs by Instance Type. This chart displays AWS VMs by size type.

• GCP VMs. This chart displays a count of all GCP VMs in your environment.

• GCP VM Tags. This chart displays the tag values used for GCP VMs.

• GCP VMs by Location. This chart displays locations that have GCP VMs.

• GCP VMs by Instance Type. This chart displays GCP VMs by size type.

Multi-Cloud Public Cloud Object Stores #

Another prebuilt dashboard, the Multi-Cloud Public Cloud Object Stores dashboard displays information about all cloud storage resources, both public and private, in your environment.

The Multi-Cloud Public Cloud Object Stores dashboard looks like this:

The Multi-Cloud Public Cloud Object Stores dashboard includes:

• Cloud Storage Total. This chart displays a count of all cloud storage instances in your environment.

• Cloud Storage Assets. This chart displays the name of each storage asset (the Cloud Bucket) and its associated risk ranking.

• Encrypted, Public-Facing Cloud Storage. This chart displays a count of all encrypted, public-facing cloud storage.

• Encrypted, Public-Facing Cloud Storage Assets. This chart displays the name of each encrypted, public-facing storage asset (the Cloud Bucket) and its associated risk ranking.

• Unencrypted, Public-Facing Cloud Storage. This chart displays a count of all unencrypted, public-facing cloud storage.

• Unencrypted, Public-Facing Cloud Storage Assets. This chart displays the name of each unencrypted, public-facing storage asset (the Cloud Bucket) and its associated risk ranking.

• Total Cloud Storage by Vendor. This chart displays the vendors for cloud storage.

• Total Cloud Storage by Public-Facing. This chart displays the number of public cloud storage instances and the number of private cloud storage instances.

• Total Cloud Storage by Region. This chart displays the regions where cloud storage resides.

Cloud Tagging Enforcement #

Another prebuild dashboard, the Cloud Tagging Enforcement dashboard, displays instances that are not properly tagged and provides statistics about the tags in use.

The Cloud Tagging Enforcement dashboard looks like this:

The Cloud Tagging Enforcement dashboard includes:

• Total Compute Instances. Displays a count of all compute instances across all clouds in your environment.

• Top-n Tags in Use for EC2 Instances. This chart displays the top nine types of tags in use for EC2 instances.

• Top-n Instance Owners for EC2 Instances. This chart displays the top five owners for EC2 instances.

• Completely Untagged Instance. This chart displays cloud assets with no tags.

• EC2 Instances Missing Name Tags. This chart displays cloud assets without name tags.

• EC2 Instances Missing Owner Tags. This chart displays cloud assets without owner tags.

• EC2 Instances Missing Status Tags. This chart displays cloud assets without status tags.

• EC2 Instances Missing Cost Center Tags. This chart displays cloud assets without cost center tags.

Security Group Overview (Inbound) #

A custom dashboard, the Security Group Overview (Inbound) dashboard, displays information about the security policies for inbound traffic to AWS instances. Security groups specify the allowed protocol, port range, and source IP for inbound traffic.

The Security Group Overview (Inbound) dashboard looks like this:

The Security Groups Overview (Inbound) includes:

• Security Groups Total. Total number of AWS security groups.

• Inbound with Port Restrictions. Number of security groups that allow all IP addresses but restrict inbound traffic by port.

• Inbound No Port Restrictions. Number of security groups that allow all IP addresses and do not restrict inbound traffic by port.

• Inbound Listing. All security groups for inbound traffic, including the associated cloud account, the security group name, the IP range allowed, the allowed ports, and the VPC ID.

• Security Groups Total by Cloud Account. Number of security groups for each cloud account.

• Inbound with Port Restrictions by Cloud Account. Number of security groups that allow all IP addresses but restrict inbound traffic by port, by cloud account.

• Inbound No Port Restrictions by Cloud Account. Number of security groups that allow all IP addresses and do not restrict inbound traffic by port, by cloud account.

• Security Group Ports & Port Ranges. Number of security group by allowed ports.

• SG Tag Coverage. Security groups that are tagged and untagged.

• SG Tag Coverage Keys. For each tagged security group, its associated cloud account and tag/key pair.