Cross4Security
Cross4Security is a pioneering service designed to transform cloud security through Cloud Security Posture Management (CSPM). It aims to streamline security operations by offering unified security recommendations, detailed security analyses, and comprehensive reports to address configuration vulnerabilities.
Security Score
The Security Score page displays the results of running specific benchmark rules across your provider accounts. Here, you can view your security score and details based on these benchmarks for each provider. You can also view remediations on how to address and fix identified errors and review actionable steps to improve your security posture.
Provider View / Benchmark View
In both view, you can see a list of benchmarks along with the counts of issues categorized by severity for each provider. This allows you to quickly identify and assess the security posture of your accounts based on the severity of detected issues. Also this page, offers the ability to examine benchmarks in greater detail and view remediations for any identified issues. This helps you understand the specific problems and provides guidance on how to address and fix them.
Benchmark Details
For the providers you've configured, we run benchmarks automatically every day to scan your assets based on these benchmark rules. To view the specific issues identified by each benchmark rule or to examine the benchmark rules in more detail:
- Go to the Security Score page from the navigation menu.
Show the instruction with images
- From the benchmark list on the Provider View page, click the View button next to the respective benchmark to see detailed information and identified issues.
Show the instruction with images
- On the newly opened page, you can see which rules apply to which assets and their respective statuses (Fail, Error, Info, Pass, Skip).
Getting Remediation
In our Security service, we provide remediation steps for the benchmark rules we run on your accounts. By following these remediation steps, you can enhance the security of your accounts. These steps are designed to help you address any identified vulnerabilities and ensure your accounts are secure. To see remediation:
- Go to the Security Score page form navigation menu.
Show the instruction with images
- From the benchmark list on the Provider View/ Benchmark View page, click the View button next to the respective benchmark to see detailed information and identified issues.
Show the instruction with images
- On the newly opened page, you will see the breakdown of the rules. To view the remediation steps, click on the Remediation button next to each rule.
Show the instruction with images
- After clicking the Remediation button, a pop-up window will appear with detailed steps. Follow these steps to secure your accounts effectively.
Show the instruction with images
Running Benchmarks
We run benchmarks automatically every day to scan your assets based on these benchmark rules. However, if you make adjustments based on our remediations or for your own purposes, you might want to check the new benchmark rule status. To do this, you can manually run the benchmarks. You can follow the instructions below to perform this action.
- Go to the Security Score page from the navigation menu.
Show the instruction with images
- From the benchmark list on the Provider View page, locate the benchmark you wish to run and click the Run button in the Action column next to it.
Show the instruction with images
- It will automatically start the process and you can view it from the Action column.
Benchmark and Rule Exclusion
Our system provides users with the flexibility to tailor their security or compliance assessments by allowing them to exclude specific rules or benchmarks from the evaluation process. This feature is particularly useful for users that need to customize their configurations based on unique requirements or environments. Users can select and exclude individual rules or entire benchmark sets, ensuring that only the relevant and applicable policies are applied to their cloud resources. By offering this level of control, we help streamline the compliance process, reduce unnecessary alerts, and enable more focused assessments while maintaining overall security posture.
- Go to the Benchmark Settings page from the navigation menu.
Show the instruction with images
Change Benchmark Status
On this page, you are able to set Benchmarks to three different status, which are Default, Modified and Deactive respectively and also exclude and include rules and set a specific time to run benchmarks in the day. All Benchmarks come as in the status of Default
- If you leave it as DEFAULT, it will perform with its default settings.
- If you choose DEACTIVE, it will be excluded by running, which means your security score won't be affected by this benchmarks result.
- If you choose MODIFIED, which is available only when you exclude rule/s, it will be running with respect to rules you have enabled or disabled.
By clicking the Status button, you can easily change the relative benchmark's status to the desired value.
Show the instruction with images
Set a Specific Time to Run Benchmarks
- To set a specific time to run benchmarks, click Run Timer on the right top of the screen.
Show the instruction with images
- On the page that shows up, Benchmarks will run at the time you specified daily. Set the desired time and Click OK button.
Show the instruction with images
Rule Exclusion
You can exclude a rule with a reason why you intend to do so or include it. Set toggle the desired status and Click Save button.
Show the instruction with images
Inventory
On the Inventory page, we have created a list view that shows the number of assets based on each service type in your account. With the filtering feature, you can easily access detailed information about specific assets and counts.
Configuration
On this page, you can configure the provider to be used under the related service by using the credentials obtained from providers. Alternatively, you can edit previously used credentials from this page.