What is CryptoAuditor?
Modern IT systems are run by third parties – contractors, SaaS and IaaS providers, external administrator companies – to enable businesses to focus on creating value and getting new business, not having to worry about their infrastructure. Today, over 60% of enterprises have third parties accessing their networks remotely. This trust is sometimes exploited, in fact 95% of data breaches involve privileged credential misuse. Most of the time, CIOs have no idea what is going on in their network since trusted accounts can operate freely, under encrypted cover, like Tommi Lampila's recent post outlined.
CryptoAuditor is a robust, proven security infrastructure product that has traditionally been implemented as a virtual appliance running on premise. In July 2015, SSH Communications Security announced that CryptoAuditor is also available through the AWS Marketplace - as the only product of its kind in the world. Now you can deploy CryptoAuditor on premise into any VMWare or Hyper-V virtualized environment from a .iso image, as well as a readymade AMI right from the AWS Marketplace!
- Accountability and review: Full session recording, search and playback features enforce accountability for privileged user operations within the network, satisfying compliance audit requirements. Powerful visual playback of administrator sessions provides fast and powerful review for troubleshooting and incident response, beyond simple log entries.
- Real time defense: SIEM, DLP and IDS gain real time visibility into encrypted sessions.
- Fast, easier access: Transparent bastion host and user mapping capabilities enable fast access to system and application accounts in the cloud for administration and management purposes, without additional authentication steps – while enforcing full session recording and accountability for privileged users. No changes are required to the end-user tools, workflow or the target host instances, enabling cost-effective access to enhanced security.
- User remapping: CryptoAuditor is a powerful access manager that integrates with corporate accounts, supports the 4-eye principle for authorization and user remapping to capability-based roles without losing accountability.
- A scalable solution: Distributed architecture designed for virtual and cloud environments enables flexible deployment and adaptability to changes in cloud and network environments. No additional software needs to be installed on the user workstations or server instances.
Available on AWS Marketplace
CryptoAuditor is a robust, proven security infrastructure product that has traditionally been implemented as a virtual appliance running on premise. But in July, SSH Communications Security announced that CryptoAuditor is now available through the AWS Marketplace - as the only product of its kind in the world. You can still install and run CryptoAuditor on premise or install it into any virtualized environment from a .iso image as well, but the process with AWS Marketplace is the quickest way of setting one up.
It is now possible to evaluate CryptoAuditor in less than 15 minutes thanks to the 1-click deployment available through the AWS Marketplace, and the free evaluation license available on ssh.com. The license arrives in email - along with further documentation - immediately after filling out the license request form. Just make sure you use the correct email for your organization.
We assume that you are already familiar with the Amazon Web Services (AWS), Elastic Compute Cloud (EC2), and Virtual Private Cloud (VPC) basic concepts.
Before launching the CryptoAuditor instance, you should have the following:
- VPC: A VPC in which you will deploy the CryptoAuditor instance. VPC needs to have the applicable internet gateway set up and routes configured to allow access from the Internet
- License: Remember to request that evaluation license before going too deep in your setup. You can launch and configure CryptoAuditor without a license, but you cannot audit any connections.
- For SSH auditing: An instance (for example a free-tier eligible Linux host from the AWS Marketplace) that runs an SSH server in the same VPC with CryptoAuditor. We will call this host as SSH server host. The server instance's security group should allow connections to port 22 from instances within the same VPC, or at least from CryptoAuditor. In the examples, we assume that you have an account called testuser on the SSH server host, and the user account has password authentication enabled for SSH access.
- For RDP auditing: A Windows host instance (that has Remote Desktop enabled) in the same VPC with CryptoAuditor. The instance's security group should allow connections to port 3389 from instances within the same VPC, or at least from CryptoAuditor's private IP address (assigned by VPC), and the instance should have the testuser user account.
Launching Your First CryptoAuditor Instance
You can launch CryptoAuditor from an AWS Marketplace AMI in the following ways:
- AWS Marketplace: 1-Click Launch (you will be able to customize the predefined default options).
- AWS Management Console: Manual launch with more configuration options for the instance. You can start the manual launch also from the AWS Marketplace.
1-Click Launch on AWS Marketplace
1-Click Launch is an easy way to launch CryptoAuditor with the default configuration for evaluation use. All you need is an existing VPC. After the launch you will have to import the evaluation license in CryptoAuditor, and configure the connection policy to audit connections through the CryptoAuditor instance. Before you start, note that for completing 1-Click Launch, you need an existing key pair in the region that you launch CryptoAuditor. If you do not have a key pair yet in the intented region, create a key pair in the AWS Management console.
Steps for 1-Click Launch:
1 In the AWS Marketplace, find the CryptoAuditor product page, and click Continue.
2 In the 1-Click Launch tab, review the instance configuration.
- Region: Make sure that you launch CryptoAuditor in the same region as the audited instances.
- EC2 Instance Type: Minimum supported type is m3.large. Note that this instance type is not eligible for the AWS Free Tier.
- VPC Settings: Make sure that the VPC and Subnet are the same as for the audited instances.
- Security Group: 1-Click setup creates a new security group with all the required ports open for basic evaluation use.
3 Key Pair: You need to select a keypair that is built into the instance.
Use an existing keypair if you have it, or create one before proceeding.
4 Click Launch with 1-Click.
After a few minutes of AWS ramping up the instance, you can continue to accessing the CryptoAuditor web-based admin UI, and importing the evaluation license!
Now try it yourself!
That’s all there's to it for basic instance setup – could not be much easier nor faster to deploy a cloud auditing solution! Obviously the instance is now waiting to get configured with the organization’s policy, users, etc. And there are tons of options, integrations, routing scenarios and other use cases CryptoAuditor could be used for. There is a friendly web interface for configuring rules as well as auditing connections that we’re going to walk through in future posts.
To get started with your own trial following these steps, click the button below to request the free evaluation license right away!