Cloud Security Module

This page describes the overview of the Cloud Security module. This module helps you to secure cloud-native applications based on real-time vulnerability analytics, and business risk observability. This is done by showing you potential business risk insights to better prioritize issues, respond to real-time security risks, and reduce organizational risk profiles. 

Prerequisites 

You must have the following:

• Cloud Security can be deployed in any cloud environment that supports Kubernetes version >= 1.23.

• Minimum Helm version 3.8.0, with OCI registry support. 

• Cluster must have at least three nodes. 

• K8s CLI (kubectl) installed on the machine or VM from which the deployment is run, with Admin permissions to the cluster. 

• DNS resolution and external access to these domains on port 443: 5 GB memory, 1.2 vCPU cores (total, for all nodes). 

• Kubernetes^® cluster
• At least one service is running on the Kubernetes cluster. 

• You have assigned the Security Configuration Manager role. This enables Kubernetes security monitoring.

Cloud Security Overview 

When you click Cisco Secure Application, the Overview page displays these Cloud Security insights:

• Business transaction overview:
  • Monitored business transactions: The total number of monitored business transactions. 
  • Business transactions by business risk score: A chart that displays the total number of business risks with Normal, Warning, and Critical levels. 
  • Business risk score histogram: A chart that displays the severity risk score, and the date and time of those scores. 
• Vulnerability overview:
  • Total vulnerabilities: The total number of scanned vulnerabilities. 
  • Vulnerabilities by CVSS score: A chart the visualizes the vulnerabilities found and their CVSS score. This score is based on the Common Vulnerability Scoring System (CVSS) with five severities: None 0-0, Low 0.1-3.9, Medium4.0-6.9, High 7.0-8.9, Critical 9.0-10.0. 
  • Vulnerability trend: A chart the visualizes the vulnerabilities found over a specific time range. 
  • Top 5 vulnerabilities by Cisco Security Risk Score: The top vulnerabilities with the highest Cisco Security Risk Score. This score provides an estimate of exploitation based on real-time events. The three statuses include: Green 0-33, Amber 34-66, Red 67-100. pro estimate of exploitation based on real-time events. These are the three statuses: Green 0-33, Amber 34-66, Red 67-100. 
  • Top 5 vulnerabilities by impacted container images: The top impacted container images. 

• Container security:

  • Pod distribution by misconfiguration: The total number of misconfigurations found for pods. You can also view if the misconfigurations are in a Normal state or Misconfigurations found state. 

  • Workload distribution by misconfiguration: The total number of misconfigurations found for workloads. You can also view if the misconfigurations are in a Normal state or Misconfigurations found state. 

Navigate Cloud Security

These pages show you where to view further Cloud Security metrics and information on Cisco Secure Application. 

• Monitor Business Transactions

• Monitor Deployments

• Monitor Container Images

• Monitor Vulnerabilities

• Secure Logs
• Configure Cloud Security
• Troubleshoot Cloud Security