Last updated at Mon, 02 Dec 2024 16:14:47 GMT
In today’s cloud-first world, security and innovation go hand-in-hand. Rapid7 is excited to announce our support for Amazon Web Services’ (AWS) new Resource Control Policies (RCPs), a powerful tool designed to bolster security controls for organizations using AWS infrastructure. As a launch partner for this feature, Rapid7’s Exposure Command now extends its capabilities even further, helping organizations set precise, scalable guardrails within their AWS environments.
The need for strong guardrails in the Cloud
Cloud platforms like AWS have transformed business agility by enabling rapid development, fast deployments, and real-time scalability. Yet, as organizations increase their reliance on cloud infrastructure, they face a heightened risk landscape. Rapid development cycles and AI-driven cloud services often result in more identities, permissions, and resources—all of which can lead to excessive access and increased risk.
The need for stringent guardrails has never been more urgent. Without them, organizations risk unintentionally exposing data or resources as they rapidly scale operations.
AWS addresses this challenge with two main types of policies:
- Service Control Policies (SCPs): Manage access at the principal level (such as IAM users and roles), setting maximum permissions across the organization.
- Resource Control Policies (RCPs): Limit access directly at the resource level, with special utility for restricting external access across the AWS environment.
Building on broad and deep AWS coverage with support for RCPs
Exposure Command supports AWS RCPs through features that enhance security posture and operational insight by providing a centralized view of RCP use within the organization, enabling teams to monitor usage and governance of these policies. Cloud and Security teams can easily search, inspect, and understand RCP impacts on cloud resources, allowing for proactive adjustments with best practice recommendations that guide users through best practices in adopting RCPs.
This RCP support further extends the robust identity analysis capabilities offered by Exposure Command and InsightCloudSec, enabling organizations to automatically refine permissions organization-wide, uncovering and addressing overly permissive roles or unused access. By doing so, security teams are able to implement and effectively scale LPA adherence across AWS resources, enhancing security without compromising agility.
Exposure Command and InsightCloudSec support broad AWS coverage that extends well beyond RCPs and SCPs, encompassing a suite of tools to secure AWS cloud resources:
- Real-Time Visibility into AWS accounts, services, and resources.
- Vulnerability Management for proactive scanning, identification, and remediation across cloud assets.
- Context-Driven Risk Prioritization to address the highest-impact vulnerabilities based on risk, exploitability, and blast radius.
- Automated Remediation for rapid policy updates and resource configurations.
- Extensive and rapidly-expanding support for foundational AI/ML services from AWS to securely configure and track AI services usage with support for services including AWS Bedrock, SageMaker, Kendra, Comprehend, Polly and more.
Ready to Take Command of your AWS security?
As organizations embrace the cloud’s full potential, maintaining robust security while supporting rapid growth is critical. Rapid7’s Exposure Command, now with AWS RCP support, empowers security teams to adopt a zero-trust approach while maintaining the agility and flexibility that cloud environments demand. Together with AWS, we’re committed to helping organizations reduce risk, ensure compliance, and innovate confidently in the cloud.
Interested in learning more about RCPs and our expanded AWS support? Be sure to swing by booth #697 at AWS Re:Invent to chat and see the Command Platform in action!