How Ermetic Takes Care of the Basics of Cloud Security

Exploring the basics of the Ermetic security platform, which protects against permissions-related risks in the cloud and ensures compliance

Ermetic Team By Ermetic Team
How Ermetic Takes Care of the Basics of Cloud Security

The transition to the cloud has brought many benefits to companies -- but also introduced new security challenges. One such challenge is monitoring the permissions that people and services have for accessing the company’s data. Another key challenge is compliance. In this blog post we introduce Ermetic, a security platform for the cloud that protects against permissions-related risks and helps ensure compliance -- enabling companies to avoid cybersecurity attacks and data leaks.

What is Ermetic?

Ermetic is a security platform that reduces security risks in cloud infrastructure. It presents DevOps, DevSecOps, CISOs and other relevant stakeholders in the company with a visual picture of who or what has access to which resources in the cloud. Ermetic also helps them understand any access related risks, and fix dangerous privileges and configurations. With Ermetic, companies can identify and prevent attacks, and comply with security standards.
Ermetic works across all public clouds, namely AWS, Microsoft and GCP, and does not require installation.

How Does Ermetic Work?

Ermetic applies analytics to the full stack of identities, network and data to help companies detect risky exposure of resources such as S3 buckets, EC2 instances and AWS CloudFormation stacks. Detecting risk is only half the battle. Teams also need to know which risks are urgent and which can be tolerated. Ermetic prioritizes these risks by how dangerous they are and suggests how to fix them.

Ermetic covers the basics of cloud security in many ways:

  1. Ermetic Provides Visibility into the Cloud

    Ermetic shows security and developer teams all permissions, resources and configurations in their organization’s cloud(s). It does so from a single place, across the company, spanning all regions, accounts, divisions and clouds. Security benchmarks often require this kind of panoramic and telescopic inventory view. Teams can drill down on any user or resource to explore its relationships and activities.
    Role Permissions Graph

  2. Ermetic Analyzes Cloud Identity Risks

    Ermetic looks at the permissions of all the company’s users and services, including those granted to the company’s external vendors. It detects risk to sensitive data and vulnerable workloads, and network exposure. It also offers granular detail about the different (and concurrent) types of risk found, such as lack of multi-factor authentication, inactivity or a key policy that is publicly accessible.

  3. Ermetic Helps Fix the Risks It Finds

    The Ermetic system recommends fixes via specific improvements to permissions policies. It offers step by step suggestions, and helps teams share the suggested policy changes with others in the company through work tools like Jira. Teams choose how much they want to automate implementation of the Ermetic generated changes.
    Policy Remediation Steps

  4. Ermetic Helps Engineering Orgs Work and Avoid Security Risks

    Ermetic helps companies make sure their developers have just the right permissions and access they need for their work - no more, no less. It is designed to keep development teams unimpacted by security needs and without the need to request access. Ermetic also lightens their load by serving as a security policy advisor.

  5. Ermetic Identifies Suspicious Behavior

    Ermetic detects risks by constantly monitoring for and analyzing strange behavior. Specifically, the platform looks at unusual changes in permissions, audit settings and network configurations. In addition, it identifies unusual actions taken to access information and unauthorized use of access capabilities (keys).
    Anomaly Detection

  6. Ermetic Ensures Compliance

    Companies can use Ermetic’s actions and reports to show they comply with international standards. In addition, Ermetic runs audits to check compliance with industry standards like CIS, GDPR, HIPAA, ISO, NIST, PCI and SOC2.

Benefits of Using Ermetic

Ermetic provides security and DevOps teams with many benefits:

  1. Visibility

    Ermetic shows security and IT stakeholders all their cloud assets and what access to their cloud looks like, so they can manage and control it. This visual overview provides valuable insights shared readily across the company. It makes the information easy to access, and saves hours and days of work, freeing teams to focus and take action on what’s important.

  2. Security

    Ermetic makes sure the right permissions are given to the right people and services, such as AWS EC2, Lambda instances and S3 buckets, and Azure Virtual Machines and Active Directory (AAD). It adds the important dimension of identities to the configuration risk analysis. At-risk identities and permissions could lead to massive business damage upon a data breach.

  3. Automation

    Ermetic doesn’t require hands-on work that could take time and resources while the environment stays at risk. Instead, it identifies levels of risk and helps instantly resolve the most crucial and unnecessary risks. It frees up teams to focus their efforts on sensitive access issues.

  4. Standardization

    Ermetic helps companies comply with global security standards. This provides their customers with confidence and helps maintain a competitive advantage.
    Compliance

  5. Ease of Use

    Ermetic’s platform lets teams manage security of their cloud infrastructure from a simple system that is easy to use. This saves them considerable time and frustration -- and promotes collaboration across security, IT and DevOps.

Where Does Ermetic Fit in the Cloud Ecosystem?

Gartner, one of the world’s leading analyst firms, has identified several cloud risk reduction groups. Of these, Ermetic belongs to:

  • CNAPP: Cloud-Native Application Protection Platform - Solutions that address workload and configuration security by starting in development and extending to runtime. (CNAPP comprises CSPM and CIEM, described below.)
  • CSPM: Cloud Security Posture Management - Solutions used to track risks in cloud settings and see how they affect compliance.
  • CIEM: Cloud Infrastructure Entitlements Management - Solutions used to manage cloud permissions. “Entitlements” are the privileges that grant human and service identities access to resources.

Companies can use Ermetic to take an integrated, lifecycle approach to workload and configuration security (CNAPP), show how they comply with industry standards (CSPM) and gain from deep risk analysis of identities, permissions and entitlements (CIEM). Ermetic also automatically fixes any issues to reduce access risks and vulnerabilities, also known as the “attack surface.”

Conclusion

Ermetic’s platform was created to let companies enjoy the benefits of the cloud while reducing security risk with minimal effort. By giving DevOps and security the visual and management capabilities to monitor and control permissions, companies can prevent breaches and attacks.