Release # 20 – June 28, 2022 (version 2.7.5) #
Description: This release was focused completely on performance optimization and minor improvements.
Affected Components: Security Dashboard Widgets, Suppression, Risk Drawer, Resource Drawer, Chatbot, Access Control, Organization Search Bar
⚡ Performance Optimization #
In our continued effort to make Cloudnosys a fast platform, we have optimized its performance in the past few weeks!
Here’s a quick rundown on some of the top optimizations:
Optimized: For some organizations with a high number of resources, the risk drawer was lagging when getting opened.
Optimized: For organizations with a high number of cloud accounts, some combination of cloud accounts was taking an unusually long time to load the widgets.
Optimized: The creation of suppression rules was not optimized causing other features to take time.
Optimized: Instead of waiting for all the widgets to load at once, the dashboard will begin displaying widgets as they are generated right after a scan.
And many more elements were optimized!
🚀 Minor Improvements #
- The chatbot icon will now be behind the Drawer whenever it gets opened, enabling you to use all the Drawer’s features without any hindrance.
- In the Risk Profile Drawer, the toggle switch of Suppressed Risks toggle has been moved a bit above its last position, giving you more screen space to view the resources below it.
- If you unknowingly try to invite someone who’s already a part of your organization, Cloudnosys will now let you know of it clearly so that you’re not confused when nothing changes.
- Searching from the organization search bar and then switching to another organization will NOT reset the search results anymore. This way, you can switch to another organization again from the same search results without having to search again.
Release # 19 – June 22, 2022 (version 2.7.2) #
Description: This release was a minor one and was focused on performance improvements.
Affected Components: Security Dashboard widgets, Suppression Rules, Signature
🐛 BUG FIXES #
In our continued effort to make Cloudnosys the most reliable security platform, we eliminated a few bugs in the platform in the past few months!
Here’s a quick rundown on some of the top fixes:
Fixed: A signature related to KMS Keys was incorrectly highlighting a risk when it did not exist.
Fixed: A signature related to the IAM password policy was incorrectly highlighting a risk when it did not exist.
Fixed: Status Message was not being displayed for Custom Signatures even after Status Message was provided from the Custom Code.
Fixed: In an extremely rare case, the Security Dashboard widgets showed the widget skeleton only when the widget’s History filter was changed from Current to anything else.
Fixed: Signatures of AMI were showing EC2 instances in the Signature drawer instead of AMI resources
Fixed: The Email Address Verification email had a few typos.
And many more bugs were fixed!
Release # 18 – March 10, 2022 (version 2.7.0) #
Description: This release was focused more on improving your general experience of using the platform along with a few new updates requested by some of our valuable clients.
Affected Components: Scan Engine, Compliance Regulation, Access Module, Alerts, Organization Menu, Cloud Accounts, Account Settings
🚀 NEW FEATURES & IMPROVEMENTS #
FedRAMP Compliance #
We’re delighted to announce that now you can check how compliant your cloud accounts are for FedRAMP (Federal Risk and Authorization Management Program).
FedRAMP is a US government-wide program that enhances a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. This is a key regulation for all North American organizations as well those organizations that work with North American clients.
Just like all other compliance reports, you can easily find the FedRAMP report on the Compliance page.
Integration of more Azure Services #
To provide you with complete visibility of your Azure infrastructure, we have enhanced our footprint by several key services such as
- Azure Databricks
- Azure Disk
- Azure Kubernetes
- Azure Load Balancer
- Azure Service Bus
- Azure Cosmos DB
Cloud Account Permissions for Users #
You no longer need to worry that all the users have access to all the cloud accounts in your organization; because now you can assign permission of specific cloud accounts to users.
Where: Sidebar Menu -> Settings -> Access Control
How: On the Access Control page, under the newly created Cloud Account column, now you’ll be able to assign or unassign one or more cloud accounts to any member of your organization.
Improved Experience of Grouped Alerts #
We have added extra functionality in our recently released Grouped Alerts feature to make it more convenient for you:
- The Failed Resources popup of each alert no longer displays the Signature ID for each failed resource. Instead, the Failed Resources popup now displays the name of the service for each failed resource. This means that now you can know the name of the service for every failed resource – right from the alerts.
Previously:
Now: - Clicking on the alert of risk will open the Resource Drawer for you – with details of all the resources failing for that risk.
- The resources will be sorted by Last Seen by default so that you get details of the latest updates on the top.
- The resources identified by the risk alert will be preselected when the Resource Drawer gets opened – making it easier for you to know which resources were part of the alert. This also helps save a considerable amount of time if you want to suppress them altogether instantly.
- If at least one of the resources from the risk alert does not exist anymore in your cloud account, then a fleeting popup will tell you so.
Search Bar for Organizations #
You can now search for organizations just by typing in the Organization Search Bar instead of scrolling through the whole list!
Integration of GCP Datastore #
We here at Cloudnosys are all about feedback – especially from YOU! Even though Cloudnosys has the latest GCP Firestore service already integrated, you felt the need for Datastore’s integration and we listened.
Datastore Signatures #
What good is a new service integration on our platform without any signature? Nothing.
Surprisingly, Datastore signatures are actually quite unique – you will not find them with ANY of our competitors! Nonetheless, you can now scan your Datastore for 2 risks through Cloudnosys:
- GCP: DS-001 Ensure that Datastore backup is enabled
- GCP: DS-002 Ensure that GCP Datastore backup is newer than 7 days
New Azure Signatures #
Our never-ending quest to make your cloud accounts more secure continues!
- AZU: NSG-005 Ensure that Network Security Group Flow Log retention period is ‘greater than 90 day
- AZU: NSG-006 Ensure that Network Watcher service is enabled within your Azure account subscriptions
- AZU: NSG-007 Ensure that “UDP” Services are restricted from the Internet
- AZU: SA-007 Ensure soft delete is enabled for Azure Storage
- AZU: VM-007 Azure Backup should be enabled for Virtual Machines
- AZU: VM-008 Internet-facing virtual machines should be protected with network security groups
Detection of Network Unavailability #
While using Cloudnosys, have you ever wondered whether your network connection is slow? Or just not working the way you expect it to? Well, you don’t need to go out of your way to verify this anymore!
Now you will get a small pop-up on the bottom right corner of your screen stating whether the platform is facing trouble connecting to the Internet.
Graceful Error Handling of Adding a New Cloud Account #
You will now get to know exactly why your Cloud Account was not able to be added into Cloudnosys when the error is from the Cloud Provider’s end. Previously, it was difficult to identify the issue.
But now, with the help of the error details, it will take you much less time to debug and resolve the issue from your end.
And upon successfully adding the Cloud Account, Cloudnosys will now give you a clearer indication as shown below.
As always, Cloudnosys will instantly scan your cloud account for risks as soon as it’s added.
Compliance Health Trend Chart in PDFs #
Previously Cloudnosys did not display any visual in the PDF report from the Health Dashboard. But now you will get to see a 2-week summary of the Health of your Cloud Accounts, categorized by Severity.
Minor Improvements #
- Life’s good when it’s easier to differentiate between Cloud Accounts. Previously, we had allowed giving 2 different cloud accounts the same name on the platform. Now you will be alerted when you try to use a name that’s already taken by another cloud account in the same organization.
- The Country/Region field on the Basic Settings (of Account Settings) page is now a dropdown full of names of countries making it easier for you to choose your country instead of typing it.
BUG FIXES #
In our continued effort to make Cloudnosys the most reliable security platform, we eliminated a number of key bugs in the platform in the past few months!
Here’s a quick rundown on some of the top fixes:
Fixed: When the user imports any policy in Custom Policies, rules of only the CCPA policy are imported.
Fixed: Category drop-down menu on Custom Policies page shows duplicates of category names.
Fixed: Outdated Help Center link in Verification Email.
Fixed: GCP Cloud Account service does not appear in Inventory Widgets.
Fixed: The Resources search bar of Playbook Trigger Input settings is showing No Data.
Fixed: Resource Finder stays in the loading state for a bit even after the data is loaded and displayed.
Fixed: Manual Remediation and its Chevron icon are not aligned
Fixed: Incorrect instructions of Step 4 of the modal named “Add a GCP Account to Cloudnosys”.
Fixed: No Data on the Billing screen if no cloud account is selected.
Fixed: Rule Expand Icon & Rule Title on the Compliance screen are not aligned on the same line.
Fixed: Role ARN Help modal points are numbered incorrectly.
Fixed: Misspelling of GuardDuty in the tooltip of the Tags field of the Trigger Input section.
Fixed: Double organizations are shown in the Organization drop-down menu when a new one is created.
Fixed: Scan completed popup appears when the user switches to another organization.
Fixed: White space below the horizontal scroll bar in the Playbook Editor.
Fixed: Differences in the Save Risk node’s Input & Output field names.
Fixed: Multiple issues related to the names of organizations in the organization drop-down menu
And many more bugs especially performance improvements as well as scan engine optimization!
Release # 17 – Oct 20, 2021 (version 2.6.2) #
Type: New feature, Feature improvements, and Bug Fixes.
Description: This release was focused on platform stability, Cloudnosys’ API coverage, and a few feature improvements.
Affected Components: Database, UI, Signatures, Reports, Playbooks & Services.
🚀 Feature Improvements #
- API Endpoint to get Widget Reports
Pull dashboard widget reports in JSON format from Cloudnosys via a protected API endpoint, allowing third-party apps to display and utilize Cloudnosys stats. For more details, click here. - Organization Drop-down Menu sorted Alphabetically from A-to-Z
To make it easier & quicker to find an Organization from the Organization Drop-down menu, the list of organization names will appear to be sorted alphabetically from A-to-Z. - Grouped Alerts now display failed resources in Tooltip
The tooltip also contains relevant data about the failed resources such as which cloud account they are associated with. - Unlimited Organizations for Enterprises
If the package is Trial or Paid then the user can add only one organization and if the package is enterprise then the user can add unlimited organizations.🐛 Bug Fixes #
The following minor bugs have been addressed:
- The Billing screen was not showing any data
- Upon clicking “Test connection” another cloud account was being added in some cases
- Access Invite email was not being received for some users
- AWS EagleEye template was not getting downloaded
- The alert for ‘Organization Trial Expired’ had a label of “Invitation” instead of “Trial Expired”
- Full Compliance Report PDF was not getting downloaded when all cloud accounts were selected due to PDF size
- The button “Run till” was running all playbook actions if it was running inside the loop
- A lengthy playbook name was disturbing the User Interface as well as the placement of the buttons
- An auditor had incorrect permissions which allowed them to run a scan, perform a suppression, and run playbooks
- The Organization’s Owner’s Account was not being displayed on the Access Control page
- Playbook Configurable Fields in Settings were not being deleted in some cases
- When Cloudnosys was opened through the Okta app via SSO setup, it was leading the user to the sign-in page instead of the Dashboard
- The “Run Playbook” button was not working in some cases
- Access Control screen was showing an error when sending an invite
- The text of the Past Executions column on the Playbooks screen was not aligned horizontally with the text/icons of the other columns
- After enabling AWS EagleEye, its status looked like it was getting stuck on “Verifying”
- Cloud Account Selector Menu was showing that 1 cloud account was selected even when no cloud account was added to the organization
Release # 16 – Aug 31, 2021 (version 2.6.0) #
Type: Feature & Performance improvements, New Signatures & Playbook Templates, plus Bug Fixes.
Description: This release was focused on implementing numerous Signatures, fixing multiple bugs, and a few minor feature improvements that make Cloudnosys easier to use.
Affected Components: Database, UI, Signatures, Reports, Playbooks & Services.
🚀 Feature Improvements #
- Ticket creation for critical events with details in JIRA Playbook
JIRA Ticket creation of critical events with complete resource details such resource id, cloud account name, region, availability zone along with other important metadata. - User Restrictions on Cloud Account visibility under Organization
User access restrictions on a cloud account level have been introduced in our role-based ARN. This will give organizations the ability to restrict users as per their requirements. So now you can give access to the user(s) to any specific cloud account(s). - Grouped Alerts will also identify resources
The grouped alerts will give users an extended view of all the failed resources detected as a result of the latest scan. - Clickable URLs in System Notifications
All URLs in System Notifications are clickable now – making it quicker and more convenient to go to the relevant URL.
Signatures #
New Signatures are released continuously and are independent of release dates. Here’s a list of signatures already integrated into the platform since the last release:
Amazon Web Services (AWS) #
- AWS: IAM-023 List of IAM users with Admin access
- AWS: NSG-007 List of Security groups with All TCP/UDP traffic open
- AWS: CW-003 CloudWatch alarms are set up to monitor VPC Internet gateway configuration changes within your AWS account
- AWS: CW-004 CloudWatch alarm must be triggered every time AWS Root Account is used
Google Cloud Platform (GCP) #
- GCP: VM-006 Ensure OS login is enabled for a Project
- GCP-IAM-008 Ensure that Service Account has no Admin privileges.
- GCP-IAM-006 Ensure that IAM users are not assigned the Service Account User or Service Account Token Creator roles at the project level
- GCP: NET-004 Ensure that RDP access is restricted from the Internet
- GCP: NET-003 Ensure that SSH access is restricted from the internet
- GCP: VM-007 Ensure VM disks for critical VMs are encrypted with Customer Supplied Encryption Keys (CSEK)
- GCP: VM-008 Ensure that Compute instances do not have public IP addresses
- GCP: LM-002 Ensure that Cloud Audit Logging is configured properly across all services and all users from a project
- GCP: LM-003 Ensure that sinks are configured for all log entries
- GCP: LM-004 Ensure that retention policies on log buckets are configured using Bucket Lock
- GCP: LM-005 Ensure log metric filter and alerts exist for project ownership assignments/changes
- GCP: LM-006 Ensure that the log metric filter and alerts exist for Audit Configuration changes
- GCP: LM-007 Ensure that the log metric filter and alerts exist for Custom Role changes
Azure #
- AZU: SQLDB-006 Public network access on Azure SQL Database should be disabled
- AZU: SA-004 Ensure that ‘Secure transfer required’ is set to ‘Enabled’
- AZU: SA-005 Ensure that ‘Public access level’ is set to Private for Blob
- AZU: SA-006 Ensure default network access rule for Storage Accounts is set to ‘deny’
- AZU: AD-003 Azure External accounts with owner permissions should be removed from your subscription
- AZU: AD-004 Azure External accounts with read permissions should be removed from your subscription
- AZU: AD-005 Maximum of 3 owners should be designated for your Azure subscription
- AZU: AD-006 More than one owner should be assigned to your Azure subscription
- AZU: KV-004 Diagnostic logs in Key Vault should be enabled
- AZU: VM-006 Insert missing Security & Compliance tags for Azure VMs
Playbook Templates #
Playbook Templates are actually released continuously and are independent of release dates.
- Remediation: Insert missing Security & compliance Tags for Azure VM Disks
2. Integration: High Priority Alerts of EC2 Alerts to create tickets on JIRA
Bug Fixes #
The following bugs have been fixed completely:
- For EC2 resources there was an issue with automatic discovery when new resources were created which was identified and fixed.
- Risks notification menu was showing Duplicate Risk Alerts
- Search Filter Bug: In case if the name tag filter of a resource is missing, Cloudnosys will automatically insert the resource ID as the name tag instead of any other tag. This way those resources can be searched and filtered using the resource ID.
- System notification was being shown of another organization.
- The First Seen tooltip of critical resource was showing “N/A”.
- EagleEye template was not being downloaded
- When Suppression Risk was edited from the resource profile, it was creating another Suppression Rule instead of updating it.
- When a playbook was created through remediation, the previous playbook workflow was shown.
- “Create Playbook” was not disabled for users with only view rights.
- Fixed Billing count issue.
Release # 15 – July 15, 2021 (version 2.5.0) #
Type: Feature release, performance improvements, and bug fixes.
Description: Cloudnosys has introduced a new widget for publicly accessible resources and added GCP playbook action along with some important improvements in Playbooks. You can also create automated remediation from the resource profile and signature view. Moreover, new CIS signatures for IAM, Security, Logging, Monitoring & Networking are introduced for recommended security checks.
Affected components: Database, UI, Signatures, Scan, Reports, Filters, Playbooks & Services.
New Features #
1. A new widget added for better visibility of publicly accessible resources
2. Resource Properties are added in the resource profile where you can see some of the metadata associated with a resource.
3. Automated Remediation Now you can create automated workflows to remediate risks as well as resources using Cloudnosys Playbooks feature with just one click!
When you click on “Create Playbook” it’ll directly take you to the Playbooks editor screen with the Cloud Account & Signature details already added by default in the Playbook trigger. This way you don’t have to go to the Playbook separately and type all the relevant details manually in the trigger.
4. GCP Action in Playbooks
This action will share GCP API call capability with the user. Through this node, users can make calls to their GCP infrastructure to fetch resources or make changes on their end (write access required).
5. New Remediation Playbooks added for Azure & GCP
Azure:
- Restrict SSH access on Publicly exposed networks
- Restrict RDP access on Publicly exposed Network
GCP:
- Enable OS login for a VM
- Remove Public IP addresses from Virtual Machine
- Enable Block Project-wide SSH keys for VM
🚀 Improvements #
- Optimized scanning functionality: Now many resources can be scanned within few minutes.
- Added more services in inventory for AWS & Azure:
- AWS Elasticsearch
- AWS Redshift
- AWS Audit – Log
- Azure Log profiles
- New Signatures added for AWS & GCP:
- AWS: IAM-023 List of IAM users with Admin access
- AWS: NSG-007 List of Security groups with All TCP/UDP traffic open
- GCP: VM-006 Ensure OS login is enabled for a Project
- GCP-IAM-008 Ensure that Service Account has no Admin privileges.
- GCP-IAM-006 Ensure that IAM users are not assigned the Service Account User or Service Account Token Creator roles at the project level
- GCP: NET-004 Ensure that RDP access is restricted from the Internet
- GCP: NET-003 Ensure that SSH access is restricted from the internet
- GCP: VM-007 Ensure VM disks for critical VMs are encrypted with Customer Supplied Encryption Keys (CSEK)
- GCP: VM-008 Ensure that Compute instances do not have public IP addresses
- GCP: LM-002 Ensure that Cloud Audit Logging is configured properly across all services and all users from a project
- GCP: LM-003 Ensure that sinks are configured for all log entries
- GCP: LM-004 Ensure that retention policies on log buckets are configured using Bucket Lock
- GCP: LM-005 Ensure log metric filter and alerts exist for project ownership assignments/changes
- GCP: LM-006 Ensure that the log metric filter and alerts exist for Audit Configuration changes
- GCP: LM-007 Ensure that the log metric filter and alerts exist for Custom Role changes
4. GCP Cloud account improvements:
- Users will be notified via email & system notification if there are any errors in connection.
- While adding a cloud account if a user skips any mandatory permissions, or if they forget to enable any relevant APIs, the user will be notified via system notifications.
5. Alerts Optimization
- Risks alert group by signatures in the notification
- Email alerts will be sent for every Cloud Account now instead of Organizations
- Notification Alerts will now be shown with respect to the organization
Minor Improvements
- Scan progress bar changes.
- Improved “Scan failed” error messages.
- Improvements in Playbooks action “Custom code”.
- Improved service filters for EC2.
- The playbook execution history is now real-time. It will be updated automatically.
Bug Fixes #
- Fixed history issue in Playbooks.
- Fixed time format issue in health trends.
- Fixed suppression menu issue.
- Fixed scan monitoring issue.
- Fixed total resource count at billing screen.
- Fixed error messages for cloud accounts.
- Compatibility issues with AWS findings were resolved.
Release # 14 – February 19, 2021 (version 2.1.0) #
Type: Feature release, performance improvements, and bug fixes
Description: Cloudnosys introduces new actions for Playbooks with better UI, signatures for AWS EKS, AWS Config, AWS API Gateway & AWS ECR. This release introduces pre-made Playbook templates for integrations and remediations. This release also includes bug fixes and improved performance.
Affected components: Database, UI, Signatures, Scan, Reports, Filters, Playbooks, Services
New features added as follows: #
1. New Triggers for Playbook #
- Schedule Trigger:
In scheduled trigger, you need to set time interval (hourly/weekly/monthly) and the playbook is triggered according to it
- Manual Trigger:
In manual trigger, the playbook is run when you click on the “Run Playbook” button.
2. New Actions for Playbook #
- Custom Code:
Through this action, you can write custom logic & use JavaScript functions
- HTTP:
HTTP action can fetch data from third-party endpoints and make API requests through URL
- Loop:
In the loop, you can add multiple actions & they will iterate based on the conditions defined
- Get Resources:
This action can get resources that are already scanned in the Cloudnosys platform.
- Save Risk:
Save risk action can save risks from any data source in the Cloudnosys platform.
3. Playbooks Template feature #
You can create a Playbook by using a list of templates, you just need to click on “Add playbook” and then click on “Browse templates” and then you’ll see a list of available templates.
By clicking on “Use Template” you can use that template and modify it according to your preference. There are some global values that you need to add, so when you pick a template you’ll see a modal for global referencing:
By adding them, you don’t need to add input values instead you can reference input fields (e.g Cloud Account, Service) in your playbook actions for instance you want to reference cloud account then write “${global.cloudAccount}” in cloud account input field
4. New templates for integration and remediation #
Now you can create a playbook by using templates. Templates added for:
Remediation:
i) S3 Bucket Remediation
ii) AWS Security group Remediation
Third-party risk integration:
iii) AWS Inspector and Kube-bench findings
iv) AWS container security
5. New Signatures added #
Following new signatures added for AWS Glue, AWS API Gateway, AWS EKS, and AWS ECR
- AWS:GLUE-001: This signature prevents unauthorized users from getting access to the logging data in AWS CloudWatch if encryption at rest is enabled for your Amazon Glue security configurations.
- AWS:GLUE-002: This signature ensures that at-rest encryption is enabled when writing AWS Glue data to Amazon S3.
- AWS:API-001: This signature checks if active tracing is enabled for your Amazon API Gateway API stages to sample incoming requests and send traces to AWS X-Ray.
- AWS:API-002: This signature ensures if AWS Web Application Firewall (WAF) is integrated with Amazon API Gateway.
- AWS:API-003: This signature ensures that AWS CloudWatch logs are enabled for all your APIs created with Amazon API Gateway
- AWS:ECR-002: This signature checks that if your AWS Elastic Container Registry (ECR) repositories are configured to allow access only to trusted AWS accounts.
- AWS: EKS-002 This signature checks if your Amazon Elastic Kubernetes Service (EKS) clusters have control plane logs enabled.
- AWS: EKS-003 This signature ensures if your Amazon Elastic Kubernetes Service (EKS) clusters are using the latest stable version of the Kubernetes container orchestration system.
- AWS:EKS-004: This signature checks that if your Amazon EKS cluster’s Kubernetes API server endpoint is not publicly accessible from the Internet.
- AWS: CONFIG-001 This signature verifies if AWS Config is enabled in all regions.
- AWS: CONFIG-002 This signature checks if the Amazon Config service is referencing an active S3 bucket.
6. UI Changes #
The Time interval for Eagle eye alerts
- Time Interval for generating Eagle eye risks. So now you can set time intervals for alerts & then you’ll receive eagle eye alerts accordingly
Ability to deactivate Eagle-Eye (Real-time monitoring)
- Permanently/Temporarily disable eagle eye:
When you click on disable Eagle eye you’ll get a message “Do you want to disable Eagle eye” with two options “Temporarily disable” and “Permanently disable” If you select “Temporarily disable” you’ll not receive Eagle eye alerts and Eagle eye will be disabled temporarily.
You can simply enable it by turning the switch button ON.
And if you select “Permanently disable” then Eagle eye will be disabled permanently but you have to delete the stack set from your AWS account. Note: If you want to enable Eagle eye then you need to perform all steps for the Eagle eye setup.
7. Eagle-Eye Improvements #
Now Eagle can provide real-time alerts for AWS S3 and AWS EC2 in addition to previous services. So whenever any change in the console is made for instance S3 bucket versioning is disabled then you’ll receive an alert for that.
Other Improvements: #
- Added new services in inventory for AWS, Azure, and GCP
- Updated descriptions for some playbook actions
Bug Fixes #
- Some service names were inconsistent
- The suppression menu was overlapping vertical scroll
- Description for some signatures was outdated
- The loader was shown behind the execution modal of the playbook
- Fixed trial message line break issue at Billing screen
- Corrected some spelling issues in the signature description
- Playbook update time was syncing with execution time
- Fixed permission issues regarding some user roles
- Playbook history issue fixed
- Service name consistency for AWS, Azure & GCP
Release # 13 – November 27, 2020 #
Type: This release improves performance & fixes bugs
Affected components: Database, UI, Signatures, Scan, Reports, Filters
Improvements:
- Risks Scan Performance improved by 2x
- New Cloud Services added: Amazon Elastic Container Service (Amazon ECS), Amazon Elastic Kubernetes Service(Amazon EKS), and Amazon Elastic Container Registry (Amazon ECR)
- Following New, Signatures added for AWS ECS, AWS ECR, and AWS EKS
— AWS: ECS-001: This signature checks if your Amazon Elastic Container Service (ECS) clusters have the CloudWatch Container Insights feature enabled.
— AWS: ECR-001:This signature identifies if there are any exposed Amazon ECR image repositories available within your AWS account.
— AWS: EKS-001: This signature checks if the security groups associated with your Amazon Elastic Kubernetes Service (EKS) clusters are configured to allow inbound traffic only on TCP port 443 - Custom signatures add to Custom Regulations
- Updated GDPR regulation
- Improvements to the user onboarding experience
- Improvements in Alerts suppression to accept more complex suppression rules
Bug Fixes
- Services filters didn’t display correctly
- Report PDF couldn’t be downloaded for some customers
- Multi-Organization/Tenant did not auto-create with correct users
- Cloud Accounts were not being added in some regions
- Signature descriptions/labels were outdated
Release # 12 – October 27, 2020 #
Type: This release adds new features, fixes bugs & improves performance
Description:
Cloudnosys introduces new screens for regulations & cloud accounts with better UI & performance. Also, new user roles were added to manage access control.
Affected components: Database, UI, Signatures, Scan, Reports, Filters
Improvements:
Features updated as follows:
i) New screen for Cloud account
- The onboarding process improved by adding new policies and step by step guide for adding IAM role
ii) Added more roles in access control such as Administrator & DevSecOps for better management of role-based access
iii) New screen for regulations
- Added rules, which makes it easier to keep a track of risks that are available in each rule
- Risks tab added, which allows users to check how many risks are present in a particular regulation
iv) Others:
- Changes in API Engine for AWS
- Scan progress bar UI updated
Bug Fixes
- Scan fixes
- Fixed alignment issues at regulation screen
Release # 11 – September 08, 2020 #
Type: This release adds better performance & fixes bugs.
Affected components: Database, UI, Scan, Reports.
Improvements:
1. Improvements in scan performance
2. Added Detailed Execution history for Playbooks
3. Improved UI for change password screens
4. More types of notifications added on Access Control2. Bug Fixes
5. Fixed a UI glitch with filters on Signature Views
6. Fixed display of historical data on trends widgets
7. Fixed minor issues on Custom regulation reports
Release # 10 – August 10, 2020 #
Type: This release adds better performance & fixes bugs.
Improvements:
1. Reports & Widgets now load faster. Reports and Widgets now load 5x faster when the scan is completed.
2. New security checks by the Cloudnosys team can now be added faster. We’ve added a new module that helps our development team in adding new Security postures quickly, so they can be available for our customers at the earliest.
3. New Security checks for Azure.
Private Links
4. Moved email address settings into Account Settings > Security Settings
Now emails can only be updated based on inputting your current password for better security reach.
UI/UX improvements
5. Fixed text dropping issues on the signature status tooltip.
6. Updated labels for the suppression settings screen.
7. Table cut issues for some specific screen resolutions.
Release # 09 – July 23, 2020: #
Type: This release adds new features, fixes bugs & improves performance
Features
1. Google Cloud Platform Cloud Account
Cloudnosys has now the capability to scan GCP resources on its platform. Users can now check their inventory, security postures, compliances, and add governance to their GCP infrastructure via Cloudnosys.
2. GCP added in Custom Signatures
Users can now create their custom signatures via our code editor using a wide variety of resource types already included in our system.
3. GCP added in our Custom Regulation
Users can now create custom policies using our custom regulation tools for their GCP infrastructure. It supports all our pre-built signatures and also custom signatures if a user has created any.
4. Better inventory collection for GCP
Cloudnosys use GCPs Asset API to scan resources from a user’s infrastructure and also cover their Firebase assets. This helps us cover a great scope of resources for the user so we could provide better inventory coverage.
5. Added CCPA Regulation
Improvements
1. Most critical resources are now shown on a single page instead of paginated.
2. Icons changed for inventory widgets.
3. Better shades for priority notifications of high, medium & low.
4. Adjusted spacing for better readable content.
Bugs
1. Fixed UI and spacing issues for widgets.
2. Fixed explorer spacing issues to adjust content.
Release # 08 – July 03, 2020: #
Type: This release adds new features, fixes bugs & improves performance
Features
1. Playbooks
Playbooks give the user the ability to automatically remediate and orchestrate an immediate response on specific actions. Playbooks can also help achieve automatic remediation on Risks that Cloudnosys detects and generate emails to inform the concerned person/department.
2. More Resource coverage in services
We’ve broken our EC2 service into Instances, Volumes, Security groups, and Elastic IPs. So users can now deep dive into their EC2 inventory and have more coverage of their resource health.
3. Billing Dashboard
Users can now view their billable resource counts and get a sense of an idea on how much they’re being billed by Cloudnosys. The billing dashboard only counts resources that are currently active on your cloud infrastructure.
Improvements
1. Improved Scan Engine performance.
2. Improved dashboard widget performance.
3. Added filters for new resources that come under specific service umbrellas such as EC2.
4. Added more services & security checks for AWS & Azure
For AWS:
— Key Management Services
— Dynamo Database
— Elastic Load Balancers
— Cloud Watch Alarms
— Cloud Watch Events
For Azure:
— Added security checks for Web Apps
Bugs
1. Fixed count issues between Widgets and Explorer.
2. Fixed resource status issues when viewed from the Signature drawer.
3. Fixed UI issues.
Release # 07 – June 11, 2020: #
Type: This release adds new features, fixes bugs & improves performance
Features
1. View Historical data on Widgets
Now Users can view historical data on their widgets on Security & Compliance dashboards, giving them more power and analytics to compare their data with previous dates.
2. View historical data on Explorer
Now users can also track back their data on the Explorer (Sidebar) which can be popped by clicking on widgets from the Compliance and Security dashboard. Users can select previous data from the latest previous date.
3. View 7 & 30 days trends
We’ve improved our trends data to now include 7 & 30 days older data. Users can have a more analytical approach to how their risks are changing with time.
4. Added NYCRR Regulation
Improvements
1. Most critical risks now show counts of only failed signatures in a resource on the widget.
Bugs
1. Fixed map locations on Risks by Region widget.
2. Fixed VPC collection methodology to include better network-related resources.
Release # 06 – May 13, 2020: #
Type: Feature release and performance improvements
Description: Cloudnosys introduces new widgets for security posture with better UI & performance, resource enhancements, and the introduction of a new dashboard called “Health dashboard”. New signatures for Lambda, IAM, VM & some others are added.
Affected components: Database, UI, Signatures, Scan, Reports, Filters
Features updated as follows:
1. New Widgets for Security Dashboard
- Security Posture
- Inventory
- Critical Risks
- Most critical Resources
2. New Widgets for Compliance Dashboard
- Compliance Overview
- Security Groups
- Regulations
- Compliance Standards
3. Health Dashboards
- Risks by Severity
- Risks by Cloud Account
- Risks by Category
4. New Signatures added for Lambda
5. UI Changes
- Added time icon in widgets
- Risks by Region stats shown with a bar chart
- In compliance dashboard, compliant bar added in Compliance Standards which will show users how much the resource is compliant
New items added:
- Risks by Region widget now show heat maps on regions that have risks categorized in severity circles (red-high,yellow-medium,blue-low). Upon hovering, users can see their total risks & region
- Added 3 new lambda signatures.
- Improved explorer performance
- Widgets count will show only unsuppressed resources
- Resources Explorer now loads instantly.
- PDF reports are now cached for faster display and generation. This helps users instantly download copies of them without any processing or wait time.
Release # 05 – March 11, 2020: #
Features
- Custom Signature
Create your own Custom signatures through our premium feature of Custom Signatures that comes along with a code editor with complete code IntelliSense. - Explorer
A dynamic sidebar that displays all your resources and their statuses. You can drill down using different filters like region, categories, or even which of them are compliant or not. - Playbooks
Playbooks are our automatic security orchestration tool. That helps you take immediate actions based on any event occurring on your infrastructure through our platform. - Suppression
Users can suppress alerts/notifications that are not relevant to their scope, by doing so, its absence does not affect the normal presence of the resources. The suppression option occurs on the Resources tab or on any specific risk that a user wants to hide. - Access Control
AC (Access Control) provides users to create their separate organizations, add users to their organizations and create new users that only reflect on their organization.
Features Updated
- Cloudnosys has updated the Scanning mechanism. Now Scanning for resources takes 30 to 40 seconds to complete.
- Cloudnosys has improved the PDF download and it can be downloaded into two formats now. (e.g. Executive Summary & Full Report)
- Cloudnosys added more app integrations (SAML, Okta, OneLogin, ServiceNow).
- Cloudnosys has updated additional signatures of AWS and Azure.
- Cloudnosys now provides a MultiAccount Selector, that can be used to run scans on multiple accounts at the same time.
Bug Fixes
- This release resolves the Signature layout issue on Edge and Firefox.
- This release resolves the issue of multiple ‘Scan already in progress’ pop-ups. Now a single pop-up displays multiple cloud accounts’ scan progress.
- This release updates email settings that are now replaced from basic to security settings.
- This release resolves the issue of delay in the ‘Create User’ email, which is now sent instantly to the user.
Release # 04 – August 2, 2019: #
Features
- App Integration
Cloudnosys provides the facility to get delivery of alerts on your custom apps (Slack, Webhook) in a matter of minutes and without a single line of code. Now, you can Integrate your custom apps to Cloudnosys and get notified of the security risks and alerts in your cloud infrastructure so your team is always up to date with security and compliance posture. - Custom Regulation
Cloudnosys allows users to create new policies or customize provided regulations for your infrastructure with distinguished custom rule sets that can generate reports on specific resources. - Azure Signatures
Cloudnosys has added around 10 new control sets for Azure.
Features Updated
- Cloudnosys has updated the signature catalog filter with Azure Categories. You’re now able to view the filtered view of Azure control sets.
- Cloudnosys has updated the User facing documentation with details of the new feature, Integration.
Bug Fixes
- This release resolves an issue with the Alerts UI.
- This release resolves issues with Forget Password Link.
- This release resolves the compliance report bugs.
- This release resolves the issue with CloudEye Alerts.
Release # 03 – June 20, 2019: #
Features
- SOC-2 Services Organization Control
Cloudnosys has added a new report that is built using the American Institute of CPA (AICPA.org) SOC 2 Controls (2017). AICPA guide on Reporting on Controls as noted as Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy specifies the components of a SOC 2. - GDPR (EU) 2016/679
Cloudnosys has added The General Data Protection Regulation (EU) 2016/679. It
is a legal framework that sets guidelines for the data protection, collection, and processing of personal information of individuals within the European Union (EU). Superseding the Data Protection Directive 95/46/EC, the regulation contains provisions and requirements pertaining to the processing of personal data of individuals (formally called data subjects in the GDPR) —regardless of its location and the data subjects’ citizenship—that is processing the personal information of data subjects inside the EEA. - Cloudnosys Custom Compliance Report
Added Cloudnosys Custom Compliance Report developed by our experts to evaluate different security parameters such as Audit Log, cryptography, Access Logging, Data Protection, etc. - Account Center
Added billing section in the Cloudnosys environment having details about the licensable resources in the user’s account and their instances. - Admin Panel
Users with Administrator access to manage and control cloud accounts. An admin view screen containing a list of all accounts and allowing Admins to edit or update a user profile, user package, and expiry date from the panel. - Region Selector
Added a region selection step to the Add Account process. Now you must choose a region to create a cloud account. - Full-Protection Policy
Added AWS Full-Protection Policy that vigorously governs the security aspects and imposes best practices. This policy quickly mitigates cloud vulnerabilities and misconfiguration and allows one-click remediation. - Azure Signatures
Added 15 new control sets for Azure.
Features Updated
- Cloudnosys has Improved the dashboard usability by adding a scan date selector. You’re now able to view compliance reports of a particular scan date selected from the selector.
- Cloudnosys has improved the Edit cloud account option by allowing users to change their selected policy.
- Cloudnosys now includes compliance reports after scan completion in email notifications. The compliance report now consists of Risks (failed signatures), Passed signatures, and Compliance status.
Bug Fixes
- This release resolves an issue with the Remediation button on the correlation policy. The Remediation button now displays and works as expected.
- This release resolves an issue with downloading PDF reports in the Cloudnosys dashboard.
- This release updates an error message that appears when a read-only user tries to access remediation.
- This release resolves an issue related to the Risk Alerts emerging after enabling EagleEye.
Release # 02 – December 2, 2018: #
Features
- CIS AWS Benchmark Version 1.0
Cloudnosys updated the CIS AWS Foundations Benchmark report in the Cloudnosys console of version (1.0) of the CIS AWS Foundations Benchmark. Users can now assess their AWS accounts against the latest CIS AWS Foundations Benchmark guidelines, including multi-factor authentications, AWS Config auditing, review of VPC peering network rules, review of IAM policies, access key rotation, and other improvements. For more information about the CIS AWS Foundations Benchmark report, see CIS Benchmarks. - PCI Data Security Standard (PCI DSS 3.2)
Cloudnosys added a new report, the PCI DSS report that covers technical and operational practices for system components included in or connected to environments with cardholder data. - NIST 800-53 Rev 4 – FedRAMP / High
Cloudnosys has added a new report, NIST 800-53 Rev4 that is a publication that recommends security controls for federal information systems and organizations and documents security controls for all federal information systems, except those designed for national security. - Alerts UI
Cloudnosys introduces an Alerts section that pushes notifications of risks and threats in the user’s Dashboard. - Health Dashboard
Cloudnosys added the Health dashboard which consists of graphs on the summary of your cloud environment with detailed health statistics about Risks with respect to Groups and Scans. - PDF Report
Added ‘Export PDF’ button that facilitates users to download their complete compliance report with all Risk summaries and Signature level details in PDF format for record-keeping. - Monitoring/Scheduling
Cloudnosys provide more control to your scan schedules by automating the span of vulnerability scanning. It allows scheduled scanning with daily, weekly, and monthly intervals. - EagleEye
Cloudnosys provides Real-Time Threat Detection System that monitors your Cloud infrastructure and detects risks with continuous alert notification to the User’s Cloudnosys Dashboard. - User Account Verification
Instant email notification on user-specified email to verify the new registration on Cloudnosys. - Scan Progress Bar
Cloudnosys has added a progress bar showing the progress of cloud account scanning with scan percentage and time of completion.
Features Updated
- Cloudnosys has Improved the AWS Audit policy that now actively manages the security groups and grants users to audit and monitor security trails.
- Cloudnosys has upgraded its usability with the addition of an Edit profile facility allowing users to edit their account info and reset passwords.
- Cloudnosys has now expedited the Scan Capability which now completes the scan and updates the whole dashboard within a min.
Bug Fixes
- This release resolves an issue with the Total Risk Count on the Compliance dashboard. All counts are now accurate.
- This release resolves an issue with filters on the signature catalog page. All filters appear as intended now.
- This release resolves a cosmetic issue with the layout of the View Resource drawer.
- This release resolves an issue related to the no. of resources and status of signature IAM-007.
- This release resolves an issue related to the scan duration of cloud accounts.
Release # 01 – July 16, 2018: #
Features
- ISO/IEC 27001
Cloudnosys has added ISO 27001/27002 report which is a widely-adopted global security standard that sets requirements and best practices for a systematic approach to managing company and customer information that is based on periodic risk assessments appropriate to ever-changing threat scenarios. - HIPAA Regulatory Citation
Cloudnosys has added The Health Insurance Portability and Accountability Act of 1996 (HIPAA), sets the standard for sensitive patient data protection. Companies that deal with Protected Health Information (PHI) must have physical, network, and process security measures in place and follow them to ensure HIPAA Compliance - Signature Catalogue
A comprehensive list of signatures is used across the dashboard with easily operated filters. - AWS Signatures
Added 25 new signatures for AWS across multiple compliances. - Compliance Dashboard
A comprehensive view of risks in the dashboard with respect to functions along with Total Risks all over the dashboard. An additional field that allows users to select the cloud account they want to see the statistics of.
Bug Fixes
- This release resolves an issue where metadata was missing on some log sources.