Native tools for auditing Microsoft’s Azure portal
The following are some available tools within Azure for auditing assessment information:
- Microsoft Defender for Cloud/Azure Security Center: Microsoft Defender forCloud (formerly known as Azure Security Center) is Azure’s native solution. The service helps measure, maintain, and improve the level of security by continuously assessing resources and providing recommendations. The Microsoft Defender for Cloud documentation can be found at https://docs.microsoft.com/en-us/azure/defender-for-cloud/.
The following is a screenshot of the interface for Microsoft Defender for Cloud:
Figure 2.5 – Microsoft Defender for Cloud
- Microsoft Purview/Azure Purview: Microsoft Purview (formerlyAzure Purview) is a centralized data governance and risk management service that helps manage data. The following is a screenshot of the interface of Microsoft Purview:
Figure 2.6 – Microsoft Purview
Native tools for auditing Google Cloud Platform
The following are some available tools to use when auditing Google Cloud Platform (GCP):
- Google Security Command Center: Google Security Command Center provides a centralized view of the overall security status of the workloads hosted in GCP. Google Security Command
Center identifies misconfigurations and common application vulnerabilities to ensure cyber hygiene. The Google Security Command Center documentation can be found at https:// cloud.google.com/security-command-center/.
The following is a screenshot of the interface of Google Security Command Center:
Figure 2.7 – Google Security Command Center
- Google Cloud’s Operations Suite/Stackdriver: Google Cloud’s Operations Suite (formerly Stackdriver) is a collection of services for monitoring workload performance in Google Cloud workloads. Google Cloud’s Operations Suite documentation can be found at https:// cloud.google.com/products/operations.
The following is a screenshot of Cloud Monitoring, which is a key feature of Google Cloud’s Operation Suite:
Figure 2.8 – Cloud Monitoring
Open-source tools
In addition to the native tools offered by cloud providers, there are several open-source tools available for auditing and assessing your cloud environment. Some common open-source auditing tools are listed as follows:
- CIS Web Services Benchmarks: The Center for Internet Security (CIS) offers security and compliance assessment benchmarks for Amazon, AWS, and Google. The CIS AWS Security Benchmarks documentation can be found at https://www.cisecurity.org/ benchmark/amazon_web_services/.
• The CIS Microsoft Azure Benchmarks documentation can be found athttps://www.
cisecurity.org/benchmark/azure/.
- The CIS GCP Benchmarks documentation can be found at https://www.cisecurity. org/benchmark/google_cloud_computing_platform.
- Scout Suite: Scout Suite is an open-source multi-cloud security audit tool that enables security posture assessment of cloud environments. By using Application Programming Interfaces (APIs) exposed by cloud service providers, Scout Suite can be configured to collect data from risk areas for manual inspection.
- CloudMapper: CloudMapper is an open-source tool developed by Duo Security for visualizing AWS cloud environments.
- Cloud Custodian: Cloud Custodian is an open-source tool developed by Capital One for implementing automated security, compliance, and governance.
- DevOps Audit Defense Toolkit: The DevOps Audit Defense Toolkit provides prescriptive guidance on how auditors should conduct audits in organizations where DevOps practices are in use.
- Prowler: Prowler is an open-source security tool for performing AWS security best practices assessments, audits, incident response, continuous monitoring, hardening, and forensics readiness. It contains controls covering security frameworks including ISO27001, PCI-DSS, HIPAA, GDPR, and the CIS Critical Security controls.
