The Center for Internet Security (CIS) now offers two CIS Hardened Images on AWS Graviton2 processors: Ubuntu Linux 20.04 and Amazon Linux 2. Amazon Web Services (AWS) custom builds these processors using 64-bit Arm Neoverse cores. AWS Graviton2 processors deliver 40% better price performance compared to current generation x86-based instances, according to AWS. These hardened VMs are two of more than 35 CIS Hardened Images in the AWS Marketplace.AWS Graviton2 + CIS Hardened VMs = Quick, Secure DevelopmentDevelopers building applications for the cloud rely on cloud infrastructure for security, speed, and optimal resource footprint. That’s why CIS builds hardened VMs – CIS Hardened Images – to provide enhanced security on Amazon Elastic Compute Cloud (Amazon EC2) instances. CIS configures the Amazon Machine Image (AMI) to CIS Benchmark standards. A community of cybersecurity experts develops these internationally-recognized secure configuration guidelines.In addition to the hardening from CIS, AWS Graviton2 processors feature key capabilities that enable developers to run cloud native applications securely. For example, the processors include always-on 256-bit DRAM encryption and 50% faster per core encryption performance as compared to first-generation AWS Graviton.VMs Hardened to CIS BenchmarksCIS Hardened Images are built to the consensus-based secure configuration guidelines of the CIS Benchmarks. The CIS Benchmarks include more than 100 configuration guidelines across 25+ vendor product families. They’re designed to safeguard endpoint devices and systems against today’s evolving cyber threats. In addition to global recognition, CIS Benchmarks are the only configuration guidelines both developed and accepted by government, business, industry, and academia.Many compliance frameworks recognize CIS Benchmarks as an acceptable standard to provide evidence of compliance. These include NIST, HIPAA, PCI DSS, FedRAMP, DoD Cloud Computing SRG, and STIGs. Because CIS builds these hardened VMs to CIS Benchmark standards, these recognitions also apply to CIS Hardened Images.CIS Benchmarks are available as free PDF downloads for manual self-configuration of systems and applications.Help Fulfill the Shared Security Responsibility with Hardened VMsIt’s crucial to use third-party security tools to keep your cloud infrastructure secure. This is because you, the cloud consumer, are solely responsible for securing a portion of your cloud environment. Depending on what services your organization uses, your responsibilities change. That’s when it’s important to understand the AWS Shared Security Responsibility Model. In short, the consumer is responsible for security “in” the cloud; AWS is responsible for security “of” the cloud. For example, Amazon EC2 instances are an Infrastructure as a Service (IaaS) environment. As such, they require the customer to perform all of the necessary security configuration and management tasks. Customers manage the guest OS (including updates and security patches) on their Amazon EC2 instances.At $0.02 per compute hour, CIS Hardened Images make that management easier, more scalable, and quicker. Not only do these hardened VMs include the latest configurations from the CIS Benchmarks, but CIS also patches the Images regularly for vulnerabilities and OS updates. Within each hardened VM, CIS includes a CIS Benchmarks configuration assessment report from our assessment tool, CIS-CAT Pro. This provides the customer with an easily accessible and auditable report of every configuration in place on the CIS Hardened Image.CIS Hardened Images for Ubuntu Linux 20.04 and Amazon Linux 2 built on AWS Graviton2 processors provide Amazon EC2 users with enhanced security and performance.Access CIS Hardened Images in AWS Marketplace
Copyright © 2021 IDG Communications, Inc.
Source link