Panther's Cloud Security works by scanning AWS accounts, modeling the Resources within them, using Policies to detect misconfigurations, and optionally remediating vulnerable resources. This feature can be used to power your compliance and improve your cloud security posture.
Common security misconfigurations include:
S3 Buckets without encryption
Security Groups allowing inbound SSH traffic from
Access Keys being older than 90 days
IAM policies that are too permissive
When adding a new AWS account, Panther first conducts a baseline scan and models resources in your account. Account scans are performed daily to ensure the most consistent state possible. This works by using an assumable IAM Role with ReadOnly permissions.
Resources can also be tracked in real-time using either CloudTrail or CloudWatch Events.