January 20, 2022

Why We Don’t Do Auto-Remediation… And Why You Don’t Want Us To

A look at the often untold dangers that come with giving tools auto-remediation privileges in your cloud environment.

At any point during the day in the cloud security world, there is an IT professional out there that is drowning in security recommendations and hundreds of alerts for suggested fixes — all of which are at the same hyper-urgent, burning red priority level.

It’s overwhelming, to say the least. And it’s the number one cause of apathy and reduced impact over actual exploited environments.

So, when alert fatigue becomes a weekly (or daily) occurrence, it’s tempting to employ auto-remediation tools that can help find the problems and policy violations for you and automatically deploy solutions. 

However, what many people don’t realize about auto-remediation (and what many companies who offer these automated fixes don’t tell you) is that the concept of auto-remediation goes against one of the industries biggest best practices — one that was specifically created to protect organizations from huge security breaches and creating dangerous open backdoors into your environment.

What is Cloud Auto-Remediation?

Before we get too far, let’s first chat about what auto-remediation is in the first place. This concept offered by many cloud security tools aims to detect the problems or violations in your cloud infrastructure and automatically deploy a fix. There’s different levels of auto-remediation, from defined rules that trigger a corrected response, to reversion and restoration back to your last known-good state.

Like with many issues in cloud security, designing and implementing an auto-remediation plan is only as good (and current) and the rulesets that your team puts in place — leaving room for misconfigurations caused by simple human error.

However, the true danger in auto-remediation of your cloud environment is that it often requires granting a third-party tool ownership access to your cloud, creating huge risk and potentially opening a backdoor for bad actors to get in. The process also directly violates the best practice recommendation of “least privilege,” which warns against granting full admin access to those who don’t need it.

By granting excessive privilege to third-party auto-remediation vendors, not only are you creating another admin role that can make changes in your environment without your control, but you are also creating another path for hackers to access high levels of your sensitive data if that user’s credentials or IAM role is breached. If they are compromised, now you are compromised.

Our Guided Remediation Solution

So, how do you go about remediating your environment while also ensuring the highest security of the process? Here at Tenacity, we use a process called “Guided Remediation” to address the root cause of your security, governance and compliance issues without ever going past the metadata.

Our “read only” access allows us to look at your configuration data (without ever diving into data at the account or app level) in order to create a prioritized list of problems that should be addressed by your team. Rather than “automating” the fix, without knowledge of your governance policies and procedures, our team of experts offers background information and remediation suggestions that will help your team quickly resolve critical issues and misconfigurations. 

The true benefit here is that with “read only” access into your infrastructure, we can offer up specific recommendations and point to the critical vs. low priority items you should tackle, but we cannot inflict change on your environment. Therefore, we are one less attack vector. 

Investing in this kind of continuous posture management tool also ensures that your resources stay compliant throughout their lifecycle — rather than investing in a tool that opens up your environment to the kind of vulnerabilities you are trying to mitigate in the first place. After all, if misconfigurations can be avoided during development, that will result in fewer alerts, violations, and auto-remediation needs in the long run.

Want to learn more about how Tenacity can help with mitigating misconfigurations and maintaining security and compliance policies? Contact us today.

Latest articles

Browse all