The 4.2.0 release brings loads of new functionalities, features, and policies including the much-awaited C3M Risk Score which is an Industry-First.
All customers are encouraged to go through the new changes and take this upgrade.
For more information, please reach out to us at .
Features
Risk Score for Alerts
C3M’s risk scoring framework helps security teams identify high-risk, high-impact resources and provides deep insights and context into all the related entities that may contribute to the risk of a resource. Based on the vendor-neutral and industry-accepted CVSS framework from FIRST.org and Risk Impact based on C3M Intelligence, you get a 0-10 risk score with full context for all your cloud assets based on factors like exploitability, exposure, and impact. The risk score value can fall between 0 – 10, the higher values indicating greater security risk. NOTE : This release supports AWS resources ONLY and subsequent releases will see support for Azure and GCP resources.
How can Risk Scoring help?
- Reducing false positives by risk scoring high-risk and high-impact alerts.
- Helping prioritize alerts by providing a 0-10 Risk Score based on the CVSS Framework from NIST
- Helping gain context for all alerts by showing factors contributing to the risk score like "Exploitability," "Exposure," "Blast Radius," and "Impact."
- Providing a customizable risk model - Enterprises can define the weightage for the components contributing to the Risk Score Framework.
Alert Findings Screen
Completely re-designed Alert Findings screen which can help administrators with the below
- Filter Alerts by Risk Score
- Bulk resolve Alerts
- View all contributing risk factors for a cloud asset
- View Compliance labels associated to each alert
Alert Overview Dashboard
CP playbooks support to extend our SOAR offering. You can leverage our predefined actions and configure auto-remediations for GCP policy violations. Playbooks are based on a serverless framework, and you need to deploy the remediation module in a designated GCP project.
The dashboard also comes with the following enhancements
- Ability to filter alerts by Alert Source. Use this filter to view an overview of alerts by the selected Package. You can select multiple packages.
- Ability to view alerts by Impact Category
- Risk Score added for TOP Alerts by Age widget.
- Ability to see the risk score for recently created alerts
- Ability to see TOP Accounts with OPEN Alerts
Inventory Dashboard
The existing Explore -> Inventory -> Resource Center has been moved to Explore -> Inventory
Inventory dashboard also comes with the following NEW features
- Ability to view HIGH Risk resources using the Risk Score filter
- Advanced TAG FILTER
- Ability to filter resources based on different tag criterias
- This can quickly help identity untagged assets, assets meeting a certain compliance standard(example PCI, PII etc)
- Ability to filter resources that violate policies in a selected package. Use the “Alert Source” filter to filter by a selected package.
Event-Based Alerts
Create Rule
- Administrators can configure event-based alerts based on IAM Activities that happen in their cloud accounts.
- Event-based alerts help organizations detect and alert on changes to their cloud portfolio as they happen.
- For example - administrators can write a rule to alert on EC2 created outside of a certain region.
Pre-defined rules
- C3M now ships with pre-defined alert rules to help customers detect and mitigate threats to their cloud environment in real-time. These are mapped against different identified threat vectors in the cloud, and you can see MITRE labels associated with each of the pre-defined rules.
- Customers can choose to modify them or disable them based on their enterprise requirements.
Just-in-Time Provisioning phase 2
C3M now supports Just-In-Time(JIT) provisioning with SAML 2.0.
With JIT 2.0, enterprises can automate the user login process, enabling new users to register with C3M(post successful SSO authentication) and access cloud accounts provisioned for them in their Identity Provider.
Cross - Account Access
Support for AWS Cloud.
Cross-Account access is a recommended best practice by AWS to grant third parties access to your organization’s AWS Cloud Accounts. It eliminates the need to create IAM Users in each account.
Quick Guide:
Create an IAM Role in your AWS Account and grant access to an AWS account hosting C3M Cloud Control. For SaaS customers, the access should be granted to the AWS accountID shared by the C3M team.
Ability to re-generate scheduled reports
Users can now regenerate a cloud account report on-demand rather than waiting for the scheduled time to get the report.
Stream GCP IAM Logs using DataFlow
Streaming GCP IAM Logs to the C3M platform will be supported via Data Flow templates to provide better access control features. This will replace the current approach of creating push subscriptions via a GCP pub/sub topic.
Support for custom roles while onboarding GCP Projects
The standard GCP roles (project viewer, organization viewer, and folder viewer) which were mandatory for onboarding GCP projects and organizational accounts can now be substituted with the custom roles. This helps in enforcing the principle-of-least-privilege while onboarding accounts.
Account Deletion Support
C3M now supports the deletion of cloud accounts from the UI. Administrators have permission to delete cloud accounts from the C3M Platform.
Note : The deleted account count would be added to your cloud license. However, you cannot re-onboard the same account again in C3M. If such a need arises, contact C3M Support.
New Compliance Support
NESA IAS V1.1
NESA is the UAE federal authority responsible for drafting the UAE Information Assurance Standards, a set of standards and guidelines for all entities in critical sectors. They are mandatory for all government, semi-government, and business organizations referred to as critical infrastructure to the UAE.
GCP CIS Benchmark 1.1.0
Support for GCP CIS Benchmark 1.1.0 is added.
New Policies
Ensure CloudWatch metrics is enabled for Web ACL rules
Ensure Sampled Requests is enabled for Web ACL rules
Ensure Web ACL default action is set to ‘Block’ for allow conditions
Web ACL should have tags
Ensure ElastiCache clusters have tags
Ensure ElastiCache Redis clusters have in-transit encryption enabled
Ensure ElastiCache Redis clusters have at-rest encryption enabled
Ensure Multi-AZ feature is enabled for ElastiCache Redis clusters
Ensure DynamoDB tables are encrypted with customer-managed CMK
Ensure DynamoDB have tags
Ensure DynamoDB tables have Point in Time recovery enabled
Ensure unused DynamoDB tables are removed
Ensure Binary Authorization is enabled on Kubernetes Clusters
Ensure DNSSEC is enabled for Cloud DNS
Ensure Cloud DNS DNSSEC key-signing key is not created using RSASHA1
Ensure Cloud DNS DNSSEC zone-signing key is not created using RSASHA1
Ensure Cloud DNS zones have labels
