| Info |
|---|
This article explains security controls that Cloudaware designed and implemented into Wazuh for IDS module. |
| Table of Contents |
|---|
Introduction
Cloudaware offers Intrusion Detection functionality as part of its Threat Center bundle. Our platform customizes out-of-the-box Wazuh event collection flow and registration process. Cloudaware customizations are designed to make Wazuh suitable for cloud-based environments with high inventory turnover. In addition, Cloudaware Wazuh is designed to support Docker and Kubernetes environments.
...
Registration Process Using PKI
Breeze agent orchestrates registration of Wazuh agents to Wazuh server using appropriate cloud specific agent identifiers. During the registration process, Breeze server provides a Wazuh signed certificate for future use of the Wazuh agent. Breeze agent then registers the Wazuh agent into the server using a newly provisioned certificate.
During this registration process, a bi-directional trust is established. Wazuh server will reject the connections from agents that do not present valid certificates and Wazuh agents will reject servers that do not match the domain name of the certificate signer.
Data Protection
Out-of-the-box Wazuh agents and Servers use HTTPS for all communications, thus providing encryption in transit. Cloudaware deploys additional security controls to encrypt data at rest using LUKS disk volume encryption, thus providing data encryption at rest.
...
Cloudaware employs segregation of responsibilities and least privilege access principles to manage access to Wazuh servers. Our Wazuh management team is split into two categories: product engineering and customer support. Our product team maintains Wazuh non-customer specific configuration and deployment images. The engineering team does not have access to any customer environments. Customer specific team can troubleshoot customer specific issues and does have access to customer specific Wazuh instances, however, is not able to make any image modifications. Security is integrated into Wazuh SDLC security. Every new release of Wazuh goes through an internal security review process.
Intrusion Detection and Audit Logging
All Wazuh servers run the Wazuh agent by default. The data from Wazuh agents is collected on an internal log collection server that is isolated on its own highly restricted network segment. Our SOC team monitors and audits security events emanating from customer serving Wazuh servers.
...