Why Enterprises Need YouAttest for AWS
for Identity Security and Compliance

Date

25.07.23

Garret Grajek
AWS, AWS Compliance, AWS IAM, AWS IAM Audit, AWS Identity Governance, AWS IGA, AWS User Access Reviews, cloud identity, cloud identity security, IGA

YouAttest automates the process of access discovery and access review for AWS IAM – all the roles and privileges of your AWS resources. As stated – one of the biggest problems in the cloud and cloud controls – is the LACK of automation – and the reliance on manual process.

Automated Access Reviews is Needed for AWS Entitlements

A study found that:

45% of AWS accounts had 3rd party identities w/ the ability to perform ransomware
70% of AWS accounts had had machines w/ publicly exposed identities
80% had AWS accounts had inactive user accounts over 180 days of latency
60% had AWS accounts w/o 2FA enabled

All of these are “identity fouls” – and each is an enabling attribute for and attacker to take malicious action on an AWS account. And each of the items is addressed by YouAttest integration to AWS for auditing AWS access control.

YouAttest SSO Integration Simplifies Access Reviews

YouAttest has a simplified AWS SSO integration that integrates in minutes, via SAML into the AWS tenant. In this manner YouAttest is able to provide a full access review of all entitlements in the AWS IAM system.

And addresses all of the above identity control issues:

3rd party identities

YouAttest is able to ingest all AWS data on user privileges – include policy/permission and security groups audit information. This means the auditor can see all fine-grained access information including 3rd party IDs. YouAttest couples this ability w/ auto-scheduled access reviews to ensure these privileges are kept in check with enterprise security policies.

Publicly Exposed Identities

YouAttest automates the access review. AWS environments. By conducting YouAttest regular access reviews of the AWS IAM system, organizations can identify and address potential vulnerabilities coming from excessive permissions, over-privileged accounts, or policy violations within their AWS environment.

Inactive User Accounts and MFA

YouAttest AWS reviews automate the discovery of key AWS IAM identity info including:

Multi-Factor Authentication (MFA) status,
password age exceeding 90 days,
and last activity beyond 45 days.

By incorporating YouAttest’s user access review capabilities, organizations can proactively identify IAM users with their password age, inadequate MFA settings, or ghost accounts. This empowers administrators to take the necessary actions, enabling MFA, or deactivating dormant accounts, to bolster security and reduce the risk of ransomware attacks.

Image #1: YouAttest for AWS flags key security aspects of a user account – including lack of MFA, password age and last logon.

Audit/Security Advantages of YouAttest Over Native AWS Capabilities

YouAttest is a purpose-built tool for identity governance and user access reviews. YouAttest brings it’s customer proven know how of the necessary security and compliance needs to the AWS IAM environment.

By surveying customers, prospects, GRC specialists, Amazon themselves and the channel – we were able to bring to AWS features not native in an AWS-alone environment.

These features includes:

User/Group Entitlements

YouAttest automatically extracts all user, root, group entitlements to it’s audit platform in a single, comprehensive view.

AWS: The native AWS audit process is 100% manual. There is one export for the users and then another export for the groups.

AWS Policies

YouAttest extracts both POLICIES and User/Group/Root entitlements in a single screen.

AWS: AWS requires a separate export to export the policies and audit these policies.

Image #2: YouAttest allows the security/risk manager audit user, groups and policies in their AWS environment.

Managers of AWS admins identified by IAM System

YouAttest is integrated into the company’s IAM system, for e-mailing/messaging the review request to the managers. The YouAttest access review process is 100% automated: Managers are automatically selected, messages generated and the, time configured for first and subsequent messages. Finally the collation of the audits automated and packaged.

AWS: Does NOT have a similar integrated review process – this is entirely left to the audit/SOC team.

Auto-Scheduling

YouAttest has auto-scheduling for these reviews built into the GUI interface for the risk manager.

AWS: Does not have any auto-scheduling capability for an access review of users and policies.

Pre-Built Message Templates

YouAttest has automated templates for the risk/security manager and automatically sends a review request to reviews via e-mail or slack

AWS: Does not have pre-created templates to message the reviewers and to “remind/nag” the reviewers.

Part of a greater enterprise identity audit

YouAttest is able to couple the AWS IAM identity audit with and identity audit that encompasses all other identities in the enterprise, including Azure AD, AD, Okta, JumpCloud, Salesforce, HR Systems and other siloed systems via APIs and CSVs.

AWS: Only exports AWS data. The other audits are not tied to the AWS identity audit.

Summary:

YouAttest for AWS is an essential add-on to the enterprise identity security and compliance tools – and crucial in keeping the privileges of the AWS admins and users i check.

—

YouAttest is the only cloud-based IGA platform that deploys in minutes via application SSO into your existing IAM and allows you to review all your identity resources including AWS. Contact us for a discussion and free trial!

jrtf stopransomware guide

The JRTF #StopRansomware Guide and
The Principle of Least Privilege

Ransomware attacks have risen by 13% in the last five years, with an average cost of $1.85 million per incident. There are 1.7 million ransomware

August 20, 2023 No Comments

AWS