Detection

What do we detect?

Configurations

• Misconfigurations – Configurations due to human error, e.g., you intended to set X but instead set Y.
• Dangerous Defaults – Default configurations created by the Cloud Service
• Risky and Weak Configurations - Configurations that do not follow best practices for an asset or entity that can be hardened (for example, using tls 1.1 instead of tls 1.3).
• Unprotected Secrets – Any exposed secret such as an unencrypted password.

Identity

• Risky Permissions – Any over-permissive permission which imposes risk
• Shadow Admins – Detecting all users who were given admin permissions by mistake

Assets

• Vulnerabilities – Scanning all EC2 hosts for CVEs
• Neglected assets – Any asset which is not in use
• Public Assets at Risk – Leveraging top 3rd party threat intelligence for scanning publicly exposed assets

Credentials Detection