We are proud to announce our newest version of the Evident Security Platform, V2. This new improvement to the platform represents a generational leap in our capabilities by moving the core engine to a distributed, real-time system.
We’ve worked with leading cloud adopters in the US for many years, we listened to our customers and built a next generation solution that meets their needs today and in the future. We are leveraging our experience in the industry to offer a functionally rich solution backed by decades of cloud and security expertise.
Thank you for being a loyal customer, the Evident.io Team
V2 introduces a more frequent interval for running and evaluating signatures. Previously, signatures were part of report jobs that were run once an hour. Signatures are now run at a 15 minute interval (see Scan Intervals below), in a repeating schedule with reports assembled once an hour.
Info Alert Status
A new INFO alert status has been added to the list of potential statuses from signatures. This type of alert is better suited for displaying general information about your AWS infrastructure or when there are insufficient permissions to make an API call. More alerts will be generated per account and now be visible in the Report Summary page.
There are new signatures to be released as part of this release:
- AWS:CF-002 Unencrypted CloudFront to Origin Server Connection
- AWS:CF-003 Insecure Ciphers from Viewer to CloudFront Distribution Connection Customer Use Case
- AWS:EC2-035 Unencrypted AMI
- AWS:EC2-036 Public AMI Detected
- AWS:VPC-016 VPC Security Group Limit
- AWS:VPC-017 NAT Gateway Not Used
Scan Intervals and Alert Caching
To avoid AWS API request rate throttling at the account level, two new features have been introduced in V2.
- API responses are being cached at every scan interval by ESP across all signatures in an AWS account. This reduces the amount API calls needed to be made by individual signatures, and instead caches those responses for the use of all signatures needing the same data.
- Evident now runs signatures at scheduled Scan Intervals (15 minutes by default for all signatures). Instead of a global interval for all services, we have made the interval available by AWS service. Since API call rates are set by AWS on each service individually, this allows you to set the call rate individually by service.
For more information, see Scan Internals and Throttling.
Reminder: API V1 Deprecated
On March 11, 2016, the API V1 endpoint will be deprecated and no longer be available for use. Customers with existing V1 code will need to convert it to V2 before that date. If you have any questions or need our assistance, please contact us at firstname.lastname@example.org. You can find the new API V2 documentation at http://api-docs.evident.io