Hyperglance Launches Cloud Automation, Remediation & Actions
Hyperglance’s automation/action feature set builds on top of our inventory and rules engine to give you the ability to manage and automate your AWS environment directly from Hyperglance.
Using our built-in rule set (which includes CIS, NIST, PCI-DSS and AWS Well-Architected) or by creating your own rules, you can automatically save money and ensure the security of your entire AWS deployment.
How It Works
Hyperglance connects to a large range of AWS APIs to collect an extensive inventory.
Using that inventory, Hyperglance then creates a dependency model. A rules engine sits on top of this inventory and dependency model.
The rules engine runs on a periodic basis of your choice and can create a set of results when run. This set of results is stored in an S3 bucket which a lambda (which we provide) uses to run functions that act on the resources in the result set.
We ship a Lambda with a set of animations/actions that you can adjust, add to, or create your own.
The Lambda code is open source to ensure auditability. We include terraform code for deployment of the lambda and cross-account role creation.
- A pre-built or custom rule triggers in Hyperglance
- Hyperglance sends the search (rule) result to S3
- A Lambda function reads the data from S3
- A Lambda function executes, issuing commands to your AWS resources, resolving your problem
NOTE: You only need to deploy one lambda, using cross-account roles you can act on all of your accounts.
All of this functionality runs inside your AWS account with complete isolation from outside your organisation. None of your data is exposed to any other organisation, including Hyperglance.
This functionality works with both Commercial and GovCloud.
You can schedule the automation or run actions on demand. Notifications can be set up to send slack messages, emails, SNS notifications or any combination of the three.
An easy to read logging system is included so you can always see what was actioned and when. SAML support is built-in so you can also see who did what. All logs are stored in the S3 bucket so auditing is accounted for.
Even if you are not ready for full automation, Hyperglance provides the mechanism to be alerted to issues, then allows you to investigate and manually kick off the remediation action directly in Hyperglance.
Automation Use Cases
Use Case 1: Reduce Cost
The cloud was once touted as a low-cost way to run your applications. No more. While the agility use case can’t be disputed, it’s very easy for your costs to run away from you in the cloud.
Hyperglance provides an intuitive way to explore your billing data, track down extraneous costs and automate the saving of costs.
Hyperglance's cost explorer allows you to easily see high-cost items
Hyperglance includes built-in rules to highlight orphaned and underutilized resources
Configure Hyperglance rules to automatically stop, terminate or delete resources on a set schedule/period
Here are a few examples of rules you can use to save costs in your AWS accounts:
- Terminate EC2 instances running over 12 hours in your development environment
- Delete orphaned snapshots over 30 days old
- Schedule times for workspaces and instances to be stopped overnight and on weekends
Use Case 2: Secure Your Environment
Hyperglance ships with hundreds of rules covering many different frameworks. (PCI-DSS, NIST, CIS and AWS Well-Architected, to name a few).
Any of these rules can utilize our remediation actions to enforce your security policy.
Hyperglance includes hundreds of rules that will help you secure your environment
Use the Security & Compliance dashboard to give you an overview of your security posture
Use Hyperglance to provide automated incident response and enforce security compliance across multiple AWS accounts, 24/7
Here are a few examples of rules you can use to secure your AWS accounts:
- Delete Internet Gateways in accounts where resources must go through a NAT Gateway or Load Balancer
- Quarantine instances that have been exposed to the internet
- Strip out insecure rules in Security Groups
Use Case 3: Enforce Compliance
Audits are not fun.
Keeping on top of compliance is a constant battle.
Hyperglance comes with hundreds of rules that will allow you to enforce compliance with standards such as NIST (800-53, 800-171), PCI-DSS, HIPAA, CIS and FedRAMP. It also comes with rules that keep you compliant with AWS Well-Architected.
Hyperglance includes many rules to ensure you stay compliant
Use the Hyperglance Security & Compliance Dashboard to review and improve your compliance
Use Case 4: Consolidate Your Scripts
Use ours and add your own.
Keeping a grip on all the various scripts that are used in your company is difficult.
Using git and terraform, you can consolidate all your scripts into one place.
Our code is open source and lives in your account so you can adjust as you see fit.
Use Case 5: Belt & Braces on top of your Infrastructure as Code environments
Keeping your Infrastructure as Code is best practice in our industry.
If you’ve managed to get that far down the road I applaud you.
The trouble is, sometimes things slip through and you need something to keep an eye out for rogue operators and to be able to highlight shadow IT.
Hyperglance can both highlight and automatically shut down shadow IT contributors and resources that have been provisioned incorrectly.
Hyperglance & Cloud Automation
The Hyperglance automation feature gives you an easy way to automate and act on the data Hyperglance provides.
Hyperglance’s automation allows you to quickly and easily reduce costs, identify and remediate security issues, enforce and maintain strict compliance with organisation and industry standards.
Solve problems one time with easy-to-build automations that can remediate any future misconfiguration.
As with all Hyperglance updates, there is no extra cost for this feature and you can run them as many times as you like, as often as you like. You won’t have any billing surprises like with other systems.