Rule configuration just received a major upgrade in Warden CSPM. On top of enabling or disabling Warden rules, you can now tailor-fit existing rules to your organization-specific security needs. This allows Warden to reflect a security risk profile that reflects your organization’s policies.
With enhanced rule configuration, you can now:
- Change any rule’s default severity to reflect your organization’s real security posture, based on your needs.
- Customize certain parameters for specific rules. For example, you can now configure rules to ensure users are only accessing from a certain location or from specific IP address ranges your organization uses.
Default Severity
Users can change the default severity of the rule Configure Geolocation Access Control (Blacklist) for WAF` from Low to Critical and better reflect your organization's security policy, like in the image below:
As an example, an organization might decide to have several Lambda Functions of the same service, they might share the same IAM Role as part of its Engineering Policy for ease and speed of development. If so, you can now change the severity of the related rule under IAM Role Attached to Multiple Lambda Functions from the default value from High to Low and better reflect your organization's security concerns.
Conversely, if IAM SSL/TLS Certificates are heavily used by engineers for accessing critical resources, then you can change the severity of the related rule like ‘IAM Expired SSL/TLS Certificate Found’ from the default value of Low to High, so that you get a prioritized alert when the IAM SSL/TLS Certificate has expired.
Customizable Rule Parameters
Enhanced Rule Configuration in Warden now allows you to add the following parameters to rules:
— Specific Geographical Locations
— IP range
Users can define specific geographical locations that should be included to be whitelisted for Huawei Web Application Firewalls, as shown in the image below:
P.S. Currently, custom rule parameters are only available for the following Huawei Cloud rules:
- Configure Geolocation Access Control (Blacklist) for WAF
- Configure Geolocation Access Control (Whitelist) for WAF
- Enabling Access Control for an ELB Instance
Our team is working diligently and users can expect rule configurations to be expanded to more rules in the coming months.
Conclusion
As organizations adopt a multi-cloud strategy, there is a greater need to look beyond native cloud security tools that provide holistic coverage across clouds. With these new rule enhancements added to Warden’s growing stack of resources, Warden is better equipped to provide excellent coverage for the big 5 cloud providers, with greater visibility and monitoring than ever before. To stay updated with the latest additions to Warden’s features, you can visit our blog. You can also fill up this form to schedule a customized 15-min demo to see how Warden can help with all your cloud security needs.