Secure Your Cloud with Holm Security

Secure Your Cloud with Holm Security

03.02.2023
00:13
Holm Security

Saku Tuominen

Author works as information security and privacy specialist at Mint Security. He brings two decades of professional experience to the table.

Cloud Scanning is a feature of Holm Security’s vulnerability management platform that automates the identification of risks in cloud infrastructures. The feature covers Infrastructure as a Service (IaaS), Software as a Service (SaaS) and Platform as a Service (PaaS) service models. Cloud Scanning combines Cloud Security Posture Management (CSPM) and next-generation vulnerability management into one and helps to reduce public cloud and compliance risks.

Integrated and ready to use

Cloud Scanning has been released as an integrated feature of the VMP (Vulnerability Management Platform) and is available to all customers. Cloud Scanning works directly through the cloud service providers’ API interfaces, which enables complete coverage of cloud services — both cloud-based (such as AWS DynamoDB) and infrastructure-based services (such as AWS EC2).

There is already extensive coverage on AWS’s most used services, and the coverage will be extended to Microsoft Azure in the near future.

Cloud Scanning is not a separate product that would need to be purchased, but rather a new feature available to all Holm Security VMP customers.

Broad coverage & authentication

Broad coverage is achieved by scanning resources in the cloud in all available regions, making it easy to get an overview of exposure to security threats between various regions. Using simple management settings, you can define what needs to be covered and create your own IAM compatible account, where Cloud Scanning uses API keys for authentication (which are stored encrypted on Holm Security side). The tenant holder always gets full rights to control the identification data and other similar information entitled to review the cloud accounts.

Policies and supported platform services

Holm Security’s research team have developed a set of quality-assured policies built right into Cloud Scanning. These policies are maintained and continuously developed to provide more coverage for more cloud services and service providers.

The first published version of Cloud Scanning supports 10 most used cloud services of AWS (Amazon Web Services) — which means more than 200 different policies related to identifying information security risks are being used.

Getting started with Cloud Scanning couldn't be any easier

To start using Cloud Scanning, go to the Scan Cloud menu in the Security Center. From there you will be able to set the profile, authentication, schedule and continuous check settings — all in a few minutes time. We recommend scheduling Cloud Scanning checks so that scans are performed somewhere between one day and one-week intervals.

Cloud Scanning will later be gradually integrated into unified views. The scan results can then be viewed in asset and vulnerability manager views, as Holm Security publishes new unified views and risk scores.