HIPAA AWS Solutions | Cloudticity | Oxygen™ Release Notes

New Features

Dashboards are now organized into folders, instead of having everything in a single folder called “general.” The folders are more specific and include:

The HIPAA Assessment dashboard has been revised to include a separate metric for unauthorized access attempts. We have also increased the assessment cycle to every 12 hours versus every 24 hours.
We have added a System Compliance dashboard to display results from our real-time HIPAA compliance checks. These metrics are based on the AWS config rules created in your account. We have a small set of real-time checks deployed and will be expanding these in the coming months.
The server metrics dashboards have been revised to use CloudWatch metric data. Server metrics are now displayed in two dashboards; Windows and Linux

We have deprecated Metricbeats as our server monitoring platform and now use the AWS-Native SSM Cloudwatch agent. The Cloudwatch agent is a more robust solution providing direct integration with Cloudwatch custom metrics and alarms. Our metrics alarms have also been revised to give the customer much more control on what instances are included in alarms and what thresholds should trigger a response. For more information on configuring alarms you can view the article in our knowledge base.

We can now provide hardened images for CentOS, Amazon Linux, Ubuntu, and RHEL. The images are hardened using the DevSec Hardening Framework Linux Baseline and are verified using CIS base profiles. We will continue to update our images as new versions become available in the AWS marketplace. If you are interested in using the hardened images please contact Cloudticity Support.

On occasion, AWS will detect an issue with underlying EC2 instance hardware and will send a notification to the technical account contact informing them of an upcoming maintenance event to start and stop the instance. We have traditionally handled these communications manually, but moving forward we will be polling the AWS Personal Health dashboard and proactively creating a support ticket to notify you of upcoming maintenance events.

The release of AWS GuardDuty has provided an opportunity for us to move from our custom flowlog anomaly detection product to an AWS-native service. GuardDuty not only will reduce the cost of providing anomaly detection, but will also add features such as Cloudtrail and DNS anomaly detection.

During our development for providing hardened images, we developed an automated process for running server-level compliance checks using Chef Inspec. We will be releasing this feature to all of our customers in the coming weeks. The compliance checks can be configured to run on a subset of servers using tagging. The results of the compliance check will be made available in the Oxygen dashboards.

We are improving our AWS limit detection service to include direct customer feedback for increasing service limits. In addition to the current process of approving Cloudticity support to increase limits on your behalf, you will now be able to increase limits with a click of your mouse.