- CLOUD SOLUTIONS
- Cloud Security
- FAQ
FAQ
Scan groups allow you to group cloud accounts into single entities. This provides the following benefits:
Easier maintenance and configuration of reoccurring scans.
Targeted reports and findings overview, based on the way you organize your cloud accounts.
Highly customizable scanning schedules, easily applicable to multiple accounts.
Custom tailored notifications for each scan group.
There is no limit to the number of scan groups you can have, or to the number of scans you can schedule for a group, or overall.
We recommend reviewing your current inventory, and organizing your cloud accounts into separate groups based on business and security risks, the required scan frequency, who manages security, or any other criteria you deem relevant.
You can always go back and reorganize your inventory and restructure your scan groups.
You can customize the frequency of automated scans for each of your scan groups, selecting between weekly or daily scans.
You can base your scan frequency on multiple factors:
The security risk associated to the accounts. Accounts with high security risks should be scanned more often.
The level of detail and fragmentation desired in dashboards and reports. Frequent scans will result in more data points and more information presented in reports.
The need for receiving notifications. Based on the settings of the groups, highlighted users will receive notifications after each scan for findings that have a specific severity.
A finding is a failed check. Each time a scan is ran on one of your cloud accounts, they checked against existing compliance rules. When a rule check is failed, an open finding is created, revealing details regarding the security vulnerability, it's severity, and what account it belongs to.
An open finding can have one of the following statuses:
Open - The finding has not yet been addressed.
False Positive - The finding has been detected as an issue, but you don’t consider it as one.
Risk Accepted - The finding is known to be an issue, but you decided to not patch it and accept the risk.
An open finding can have one of the following severity levels:
Critical. Critical severity findings indicate that the discovered weakness requires immediate remediation and/or mitigation. Critical findings typically represent weaknesses that were leveraged to gain access to systems or data that commonly have financial or reputation loss factors attributed.
High. High severity findings indicate that the discovered weakness is publicly disclosed and trivial to abuse. High findings typically represent weaknesses that were leveraged to gain privileged access to networks, systems, or applications.
Medium. Medium severity findings indicate weaknesses are likely to lead to compromise but either requires other attacks to be significantly impactful, resulting in limited access, or require advanced knowledge and techniques to execute the attacks.
Low. Low severity findings indicate weaknesses that are not directly exploitable. Low findings typically require a chain of weaknesses to exploit fully, disclose non-sensitive technical information, or do not lead to any additional compromise within an environment.
Information. Informational severity findings are reserved for weaknesses that represent a deviation from best practice or a weakness that should be reviewed because it may expose other weaknesses or lead to future vulnerability. While these weaknesses don’t directly lead to compromise, they still represent potential risk and should be addressed.
A rule checks a specific configuration on a particular resource or a group of resources. Rules are built on best practices or derived from compliance standards. Rules are constantly added and updated to keep up with both our own, and international compliance standards standards.
One or more rules may exist for every existing compliance standard.
A resource is entity where data can be gathered from by GravityZone Cloud Security when performing scans on cloud environments, such as a virtual machine, or a load balancer.
Examples of resources include:
CloudFront Distribution
EC2 Instance for AWS
Cloud SQL Instance
Compute Instance for GCP
You need to remove the account from the current scan group and repeat the onboarding process for the group you want to move it to.