Aembit now provides ‘authorization events,’ enhancing visibility alongside our established identity-based access logging for workloads. This feature is accessible across all product levels, with the duration of data retention varying according to tier.
From the start, we knew that visibility into workload-to-workload access was a key missing component of many enterprises’ security operations stack. Our product has always included identity-based logging so that you could easily assess which workload was accessing other workloads, services, or sensitive infrastructure. But as we have grown our footprint within enterprises, SecOps and DevOps professionals consistently asked for a simpler way to visualize each decision step in a policy to understand exactly why workload access was granted or denied.
Let’s take a deeper dive into authorization events and how they can help you.
What is an Authorization Event?
An authorization event is a form of log that provides a specific, structured record of each step in Aembit’s policy evaluation against any given access request.
Access authorization events provide a verdict – success or failure – and details for each completed processing step, including:
- Client Workload Identification
- Server Workload Identification
- Access Policy Identification
- Trust Providers Attestation
- Access Conditions Verification
- Credential Provider Retrieval
Below is an example of a workload running in Kubernetes requesting access to Azure via Microsoft Graph. Based on the policy the workload is required to be actively managed by Wiz in order to grant access.
This structured data can then be viewed within the Aembit Workload IAM Platform console, or exported to other systems, including SIEMs or data lakes, for further analysis.
Use Cases of Authorization Events
There are three major use cases of authorization events:
1) Troubleshooting
Why is a workload access policy not producing the desired result? A breakdown of each step within a policy eliminates guesswork and highlights the problem. For problems due to dynamic conditions, our platform’s ability to filter event types based on the client or severity level allows for quick comparison of relevant events.
2) Auditing
Your internal or external audits may require you to prove workload-to-workload access – or lack thereof. Authorization events provide the details needed to show not only if access was granted, but under what conditions.
3) Threat Detection and Response
In the event of an incident, you have an easy-to-access, easy-to-interpret resource that shows which workloads are requesting access to sensitive information and resources, as well as detailed knowledge of which resources are being granted access.
Availability
This capability is available now in all tiers of our product, including our free tier, with retention timelines varying per level.
We hope you find them useful! Please provide us feedback after you start using them.
The Workload IAM Company
Manage Access, Not Secrets
Boost Productivity, Slash DevSecOps Time
No-Code, Centralized Access Management