Skip to content

´╗┐Releases in 2020

January 2020 - v2.24.1

  1. User Experience Improvements

    • Added email notifications to collaborators of private benchmark
  2. Platform & Stability Improvements

    • Fixed following bugs
      • Private benchmark: Associated/Dissociated benchmarks are not visible under Private Benchmark tab unless user refreshes the UI
      • Private benchmark: Private benchmark details are not opening in single click on navigating to the benchmark list page
      • Private benchmark: Incorrect total count of policies in a category on Configure Benchmark
      • Private benchmark: Arrow button is inconsistent for Private Benchmark 'configurations'
      • Manage Users: Email notification not received on adding Account user
      • Duplicate policies found for SQL Server for NIST-CSF benchmark
  3. Policies & Benchmarks Additions/Updates

    • Added the following 20 new security policies for Azure cloud account

      Category Policy Title
      Azure - Logging and Auditing Ensure that 'Send scan reports to' is set for SQL Server
      Azure - Logging and Auditing Ensure that 'Send scan reports to' is set for SQL database
      Identity & Access Management Ensure that 'Number of methods required to reset' is set to '2'
      Identity & Access Management Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to '0'
      Identity & Access Management Ensure that 'Notify users on password resets?' is set to 'Yes
      Identity & Access Management Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes'
      Identity & Access Management Ensure that 'Users can consent to apps accessing company data on their behalf' is set to 'No'
      Identity & Access Management Ensure that 'Users can add gallery apps to their Access Panel' is set to 'No'
      Identity & Access Management Ensure that 'Users can register applications' is set to 'No'
      Identity & Access Management Ensure that 'Guest user permissions are limited' is set to 'Yes'
      Identity & Access Management Ensure that 'Members can invite' is set to 'No'
      Identity & Access Management Ensure that 'Guests can invite' is set to 'No'
      Identity & Access Management Ensure that 'Restrict access to Azure AD administration portal' is set to 'Yes'
      Identity & Access Management Ensure that 'Self-service group management enabled' is set to 'No'
      Identity & Access Management Ensure that 'Users can create security groups' is set to 'No'
      Identity & Access Management Ensure that 'Users who can manage security groups' is set to 'None'
      Identity & Access Management Ensure that 'Users can create Office 365 groups' is set to 'No'
      Identity & Access Management Ensure that 'Users who can manage Office 365 groups' is set to 'None'
      Identity & Access Management Ensure that 'Enable "All Users" group' is set to 'Yes'
      Identity & Access Management Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes'
    • Added the following 28 new security policies for AWS cloud account

      Category Policy Title
      AWS - Audit and Logging Ensure to enable unsafe statement transaction logging for RDS MySQL Instance
      AWS - Data Protection Ensure that latest block encryption algorithms is used for RDS MySQL Instance
      AWS - Data Protection Ensure that server loads the validate password plugin at startup for RDS MySQL Instance
      AWS - Data Protection Ensure to enable FIPS standards on the server side for RDS MySQL Instance
      AWS - Audit and Logging Ensure Log Exports feature is enabled for RDS MySQL Instance
      AWS - Audit and Logging Ensure Log Exports feature is enabled for RDS Mariadb Instance
      AWS - Audit and Logging Ensure Log Exports feature is enabled for Aurora cluster
      AWS - Audit and Logging Ensure Log Exports feature is enabled for Oracle instances
      AWS - Business Continuity Ensure Auto Minor Version Upgrade feature is Enabled for RDS MySQL Instances
      AWS - Business Continuity Ensure backup retention policy is set for RDS MySQL Instances
      AWS - Governance Ensure that Copy Tags to Snapshots feature is enabled for RDS MySQL Instances
      AWS - Data Protection Ensure Deletion Protection feature is enabled for RDS MySQL Instances
      AWS - Identity and Access Management Ensure IAM Database Authentication feature is enabled for RDS MySQL Instances
      AWS - Audit and Logging Ensure that Event Subscription is enabled for RDS MySQL Instance
      AWS - Data Protection Ensure Performance Insights feature is enabled for RDS MySQL Instances
      AWS - Networking Ensure that public access is not given to RDS MySQL Instance
      AWS - Storage and Databases Ensure that port number should not be set as default port number for RDS MySQL Instances
      AWS - Networking Ensure that public subnets are not assigned to RDS MySQL Instances
      AWS - Governance Ensure that unique master user name is used for each RDS MySQL Instance
      AWS - Identity and Access Management Ensure data-tier security group are configured for RDS MySQL Instances
      AWS - Business Continuity Ensure that sufficient backup retention period is applied to RDS MySQL Instances
      AWS - Data Protection Ensure that encryption is enabled for RDS MySQL Instances
      AWS - Business Continuity Ensure Multi-AZ feature is Enabled for RDS MySQL Instance
      AWS - Data Protection Ensure that encryption for storage done with KMS CMKs for each RDS MySQL Instance
      AWS - Audit and Logging Ensure that CloudTrail trail have logging enabled
      AWS - Monitoring Ensure a log metric filter and alarm exist for S3 bucket object read operations
      AWS - Monitoring Ensure a log metric filter and alarm exist for S3 bucket object write operations
      AWS - Monitoring Ensure that S3 buckets are not publicly accessible

January 2020 - v2.23.1

  1. Features & User Experience Improvements

    • Private Benchmark : Cloudneeti offers an ability for Organizations to create their own Information Security benchmark by either deriving from an existing baseline of Cloudneeti supported benchmarks or by creating completely on your own. Refer documentation for more details here.
    • Audit Report API: Cloudneeti offers an Audit report API to get automated access of security and compliance posture. This API is part of a larger set of features for a deeper integration with DevOps and Risk Auditors tooling. Refer details here.
    • Added consistent tooltip across Compliance, Security, Risk, Asset dashboards, and benchmark summary pages.
  2. Platform & Stability Improvements

    • Fixed following bugs
      • Delete Account User email notification missing
      • Fixed the implementation of Application Gateway policies for TLS version 1.0,1.1 and 1.2
  3. Policies & Benchmarks Additions/Updates

    • Added the following 23 Azure security policies for Auto remediation.

      Policy Title
      Ensure that 'Secure transfer required' is 'Enabled' for Storage Account
      Ensure that 'Geo-redundant' is enabled for Azure Storage
      Ensure that remote debugging is turned off for App Service
      Ensure that remote debugging is turned off for Function App
      Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service
      Ensure that Auditing and Monitoring is enabled for App Service
      Ensure HTTP/2 is enabled for an App Service Function Apps
      Ensure HTTP/2 is enabled for an App Service API Apps
      Ensure HTTP/2 is enabled for an App Service Mobile Apps
      Ensure Web Sockets are disabled for App Services
      Ensure Web Sockets are disabled for Mobile Apps
      Ensure Web Sockets are disabled for API Apps
      Ensure Web Sockets are disabled for Function Apps
      Ensure web app is using the latest version of TLS encryption
      Ensure that TLS is configured for Function Apps
      Ensure that TLS is configured for Mobile Apps
      Ensure that TLS is configured for API Apps
      Ensure that Auditing and Monitoring is enabled for Mobile App
      Ensure that Auditing and Monitoring is enabled for API App
      Ensure that Mobile App is only accessible over HTTPS
      Ensure that remote debugging is turned off for Mobile App
      Ensure that remote debugging is turned off for API App
      Ensure that Auditing and Monitoring is enabled for Function App
    • Removed the following Azure security policy for Auto remediation due to change in Microsoft Azure

      Policy Title
      Ensure that Network Watcher is 'Enabled
    • Added the following 4 new security policies for Azure cloud account

      Category Policy Title
      Azure - Logging and Auditing Ensure that periodic recurring scans is enabled for SQL server
      Azure - Logging and Auditing Ensure that 'Also send email notification to admin and subscription owners' in Periodic recurring scan is enabled for SQL Server
      Azure - Logging and Auditing Ensure that periodic recurring scans is enabled for SQL database
      Azure - Logging and Auditing Ensure that 'Also send email notification to admin and subscription owners' in Periodic recurring scan is enabled for SQL database
    • Updated Policy titles and implementation for following 5 policies as per recent updates in Microsoft Azure.

      Old policy title Updated policy title
      Ensure that 'Send alerts to' is set for SQL Server Ensure that 'Send alerts to' in Advanced Threat Protection Settings is set for SQL Server
      Ensure that 'Email service and co-administrators' is 'Enabled' for SQL Server Ensure that 'Also send email notification to admin and subscription owners' in Advanced Threat Protection Settings is enabled for SQL Server
      Ensure that 'Threat Detection' is set to 'On' for SQL Databases Ensure that 'Advanced Data Security' on a SQL database is set to 'On'
      Ensure that 'Send alerts to' is set for SQL Databases Ensure that 'Send alerts to' in Advanced Threat Protection Settings is set for SQL database
      Ensure that 'Email service and co-administrators' is 'Enabled' for SQL Server Ensure that 'Also send email notification to admin and subscription owners' in Advanced Threat Protection Settings is enabled for SQL database