Cloud Conformity Real-Time Threat Monitoring and Analysis (RTMA) engine detected a user authentication session initiated without using MFA.
This rule can help you with the following compliance standards:
Multi-Factor Authentication (MFA) is a simple yet efficient method of verifying your Cloud Conformity user identity by requiring an authentication code generated by a MFA device. MFA adds an extra layer of protection on top of your existing credentials (email address and password) in order to ensure stronger authentication.
We highly recommend that you use Multi-Factor Authentication every time you sign in to your Cloud Conformity account in order to secure the access to your resources and adhere to security best practices.
Monitoring the access to your Cloud Conformity account for intrusion detection in real-time is essential for keeping your account safe.
If the email account used to register with Cloud Conformity gets compromised, the malicious user can gain access to the information (metadata) associated with your Amazon Web Services infrastructure. The attacker cannot obtain direct access to your AWS resources but he/she can gather useful information about your AWS environment and use it to plan elaborate attacks such as phishing attacks, scamming or social engineering attacks on any of the AWS account(s) linked to your Cloud Conformity identity.
Having an MFA-protected Cloud Conformity account represents the best way to safeguard your AWS resources and services metadata against malicious users, as Multi-Factor Authentication adds extra security to the authentication process by forcing you to enter a unique passcode generated by an approved MFA authentication device every time you sign in to your Cloud Conformity account.
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
Get started for FREE
You are auditing:
Conformity user has signed in without MFA
Risk level: Medium