Discover and Classify Data

Navigate Leaky S3 Buckets with Maps

Chief Corvus Officer
May 6, 2021

Let’s face it - visualizing and understanding your AWS estate without the right tools is tedious. However, rather than just being an operational annoyance, this tedium is also dangerous. Difficulty comprehending the true state of AWS security frequently leads teams to inadvertently exposing sensitive data. Take, for example, a recent leak of over 50,000 medical records, which were stored on two publicly accessible AWS S3 buckets without password protection or authentication. Unfortunately, instances like these, where seemingly obvious security mistakes cause massive data breaches, are all too common.

As the growth rate for corporate data breaches continues to trend upward, a recent Plaintalk episode (~10 minutes), with Open Raven’s co-founders Dave and Mark, explains why it’s more critical than ever to secure your AWS assets. As Dave and Mark explain, the key message is that sensitive data can no longer rest in obscurity. That’s why we’ve designed Open Raven’s Maps — to give you the ability to visualize and protect even the largest cloud environments, so leaks are plugged for good.

Google Maps, for your data

Open Raven’s Maps feature has one purpose: to quickly and easily find answers to common but historically tough questions. Our intuitive and interactive 3D map lets you immediately focus on what matters and prevent issues before they become problems. In a few clicks, you can find misconfigured assets across your entire cloud infrastructure.

Interactive 3D map showing S3, EC2, VPC Peering, Security Groups, and more within a region
Use over 100 combinations of asset and configuration filters to see what you want and need to see.

You can discover traffic flow as defined by security group rules and even identify VPC peering connections that shouldn't exist.

Left: showing external connection into a security group. Right: VPC peering between two security groups and regions shown.
Easily view relevant security groups (left) or VPC connections (right).

Although AWS automatically blocks public access to buckets by default, it’s the complexity in configuring the sharing of those buckets that creates room for accidental exposure. As shown in the screenshot below, buckets are designed to have fine sharing capabilities. However, it is precisely these options that can lead to security threats.

AWS modal to block public access for a specific bucket

Fortunately, it is this understanding that led to Open Raven designing a map allowing admins to visualize open S3 buckets with a single click. 

Filter panel allows users to select the Security Configuration of All, Open to the Internet, or Closed to the Internet

The “Security Configurations” filters highlight those buckets which are publicly accessible (as demonstrated in the top left side of the screenshot). Clicking on individual buckets in the map will also show additional helpful information like the bucket’s name, account ID, whether or not it is encrypted, backed up and more. 

Automate Business Rules for S3 Buckets

After identifying and resolving your misconfigured S3 buckets, an important question remains: how do you ensure that such misconfigurations never happen again?

Open Raven helps answer that question by giving you an easy way to configure policies on specific assets.

For example, in the screenshot below, you'll find that we have created an asset group for sensitive S3 buckets in the us-east-1 region. The asset group is simply a way for you to organize groups with specific criteria.

User has drilled down to a live group titled 'Sensitive S3 Buckets (us-east-1)' from the Asset List. Can see the 11 resources and their details.

Next, you can create rules defining the asset configuration you want to enforce. Rules are written using SQL, for easy modification and creation. Below you will see that Open Raven provides over one hundred rules out of the box to get you started.

Rules table that show the rule name and description of what the user has created. Option to create a new rule also.

A set of these rules are then used to create policies that are applied to asset groups. Just like rules, Open Raven also provides several pre-configured policies to get you up and running quickly. In the screenshot below, you will find an AWS Security Configuration policy that’s applied to the asset group we created earlier.

Edit a Policy panel where the user can input details and select available rules to apply.

The rules, which you can see selected on the right side of the screenshot above, enforce a specific configuration for security groups, multi-factor authentication, and public access.

Alert from Open Raven that shows 2 new policy violations and 4 outstanding violations – including their severity, status, config errors, and data categories found.

Lastly, you define how to monitor and receive alerts for violations on the policies you create. Open Raven provides several integrations that automatically route violations as they occur. Violations can be routed to your email or sent to a Slack channel, your favorite Webhook, or the AWS Eventbridge event bus. Below you'll find a screenshot of Open Raven’s sample violations daily digest email.

We’ve only scratched the surface with what’s possible in Open Raven. For more details, or even a demo that suits your needs, drop us a line at our contact page.

Don't miss a post

Get stories about data and cloud security, straight to your inbox.