Serverless functions


Cisco Panoptica can protect serverless functions in AWS and Azure accounts, by evaluating them for security threats and vulnerabilities. These are shown as findings, and receive a risk score (based on an internal scoring mechanism) which serves to rank the functions based on their level of risk.

Panoptica can reveal the following about your cloud accounts and serverless functions:

  • the presence of secrets such as keys and passwords in the functions
  • inappropriate or excessive permissions granted to functions, beyond what they actually need and use (and suggestions to remediate, based on the least-privilege model)
  • functions with public access exposure and access to data sources (which may be an exfiltration target)
  • "Dead" functions which are inactive for a long time
  • Authentication and Authorization of functions - verifying identified and authorized triggers to the functions
  • code vulnerabilities in open source packages or dependencies used by functions

In order to protect your serverless functions, you simply configure Panoptica in your cloud account -- whether AWS or Azure.