Akeero is a cyber security design platform that assists users with identification of potential security weaknesses in their cloud-native products and services and identifies controls to mitigate these weaknesses. The user begins by first mapping out their current or proposed cloud architecture on the Akeero canvas, using either a manual drag and drop approach from a library of predefined components, or by integrating with the user’s AWS account.
As the user is mapping out their architecture, the Akeero product will automatically begin analysing the user’s architecture for threats, using a proprietary algorithm. Threats identified by the algorithm will then begin to be populated on the product interface. Threat identification happens in near real-time.
The user can, at any point, review the list of threats identified and which relate to the mapped out architecture. A control is provided for each identified threat which can be implemented to mitigate the threat. It is up to the user which controls are implemented.
A dashboard is available to give the user an overview of all projects. Please see the ‘Dashboard’ section below to see what information is displayed.
The library of components currently consists of all services provided by Amazon Web Services (“AWS”), along with a number of Akeero defined components. In the future the library of available components will expand to include other cloud service providers services, along with other Akeero defined components and user defined components.
Each identified threat will contain a unique ID, the ID of the component that it relates to, threat name, description of threat, and severity of threat. In some cases, a threat will have associated controls and in these cases the threat window will also show the name and description of control(s) to mitigate the threat and threat status. The threats identified are not exhaustive and should not replace a general understanding of application architecture.
As mentioned above, each threat provided by the Akeero algorithm has at least one control associated with it. Each control will mitigate the associated threat to some extent but due to the nature and complexity of the problem any single control will not completely mitigate all of the associated threats and risks. Any controls provided by Akeero are intended as a guide to best practices and are not exhaustive. These controls should not replace a general understanding of application architecture.
Akeero allows users to connect other third party services to their Akeero account and vice versa to provide better functionality. These integrations are optional and are not required for the basic functionality of the Akeero product.
A user can choose to connect their Amazon Web Services (“AWS”) account to Akeero to enable Akeero to read and monitor what AWS resources are deployed in the user’s AWS accounts. This allows the user to easily import their AWS services and map out their architecture on the Akeero canvas. Only certain roles in Akeero have the permissions to connect their AWS account to Akeero.
The dashboard is the first screen a user sees when they log into Akeero. Among the items displayed on the dashboard are:
The user can navigate back to the dashboard at any point.
The Canvas screen is used to map out the user’s architecture. As mentioned above, this can be performed manually or by integrating with the user’s AWS account. The canvas screen contains five main sections:
The Threats Overview screen displays all of the threats within a project and contains three panels:
The user can use the Threat screen to get detailed information about each threat, any associated risks, any associated controls and status.
The Settings screen allows the user to view and make changes to the settings of both the Akeero account and projects contained within.