Full disclousure, cloudneeti has not paid for this blog post, and this is also not a recommendation. I simply want to highlight the options available in the marketplace and how they differ from the built-in tooling. Big thanks to cloudneeti for putting up with my tardiness and provisioning me an instance that I could fool around with.
Connecting up cloudneeti is actually quite easy. Log in to a provisioned instance with appropriate credentials and connect it up to your subscription. It essentially creates an application inside your AAD that has appropriate level of access.
Signing in, you get a pre-created dashboard that gives you some interesting facts about your subscription.
It seems like we are
using resources in over 6 different Azure datacenters. I have no idea
why, time to book a meeting with the team!
One of the core
features of products such as Cloudneeti is the mapping to your Azure posture to
various frameworks. This also happens to be one of the main reason why
you would pick this type of tool over ASC. Effectively think about it
this way. ASC gives you a list of recommendations, but doesn't tell you
where any of those recommendations came from. As far as you know,
somebody in the basement at Microsoft threw darts at the wall and selected a
set of controls to run on your environment. With a product such as
cloudneeti, you can draw a clear line with recommended controls against desired
frameworks.
GDPR is all the rage
these days, and luckily cloudneeti has a GDPR benchmark already coded.
Lets see how my subscription meets those requirements.
Woah,
looks like I have quite a bit of work to do. Cloudneeti provides detailed
information for each of the controls. Here is what one of them looks
like.
Like ASC, the
cloudneeti product provides detailed information on the control, how to audit,
how to remediate, and what resources are affected/identified by the
control. Cloudneeti also allows you to download reports. You also
get super annoying (read: helpful) emails about the status of your
subscription.
At time of writing,
here were the following benchmarks that I could use against my Azure
environment.
- CIS Benchmark
- NIST CSF
- CSA CCM V3.0.1
- GDPR
- HIPAA
- PCI DSS 3.2
- FFIEC CAT
- NIST 800-53Rev 4
- ISO 27001
- UK NCSC
If you are looking
for a more compliance focused monitoring approach, tools such as cloudneeti may
fit the bill perfectly. There are likely a ton of more features to the
product that I have not had a chance to discuss here.