Interviews with security engineers and CISOs about challenges in securing their cloud infrastructure. They share their stories and strategies used to drive resu...
The role of data normalization in cloud security - Kabir Mathur, CEO at Leen
Lars and Kabir Mathur, CEO of Leen, discuss the concept of unified APIs for security data, emphasizing the need for normalization and integration of various security tools. Kabir explains how Leen differentiates itself by not only providing data connectors but also delivering data over an API, making it accessible for developers. They explore the challenges of maintaining integrations in a rapidly changing security landscape, the importance of a security data fabric, and the evolving skill sets of security engineers. Also touches on practical use cases for unified APIs and the technical stack behind Leen solutions.TakeawaysUnified APIs simplify the integration of multiple security tools.Normalization of data is crucial for effective security management.Leen focuses on delivering data over APIs for accessibility.The security landscape is fragmented with thousands of vendors.Collaboration with customers is key to determining tool integrations.The OCSF standard is becoming a norm for data normalization.Security teams are increasingly requiring engineering skills.Unified APIs can help bridge the gap between security and engineering teams.Real-time data is not always necessary for security applications.Use cases for unified APIs are emerging in GRC and cyber insurance.
In this conversation, Rotem Levi, a Cloud Security Architect, discusses the importance of proactive cloud security. He emphasizes the need for a balance between cost optimization and security, as well as the significance of good security practices in reducing cloud spend. Rotem also highlights the importance of having order in infrastructure and the role of tagging in achieving this. He recommends three key actions for improving cloud security: setting up budget alerts, implementing governance measures, and actively analyzing and responding to logs.
--------
31:32
Building ElectricEye, an open-source CSPM tool - Jonathan Rau, VP / Distinguished Engineer at Query
In this episode, Lars Kamp interviews Jonathan Rau, a distinguished engineer at Query, about Electric Eye, an open-source CSPM (cloud security posture management) tool.
--------
52:48
Normalizing security data, federated search, and OCSF - Jonathan Rau, VP / Distinguished Engineer at Query
Jonathan Rau, VP/Distinguished Engineer at Query, explains the process of normalizing security data and the challenges of working with different security tools and APIs. He also simplifies the concept of security data into three categories: structured, semi-structured, and unstructured.Finally, he discusses benefits of unifying security data, and the Open Cyber Security Schema Framework (OCSF) which Query uses as their data model. OCSF provides a standardized data model for cybersecurity events and objects, allowing for easier integration and interoperability between different security tools. The conversation also touches on the use of graphs in security data analysis, based on Jonathan's previous experience at Lightspin. TakeawaysFederated search allows users to search their security data wherever it is without ingestion.Normalizing security data involves mapping fields and setting constant states to handle different data formats and schemas.Security data can be categorized into structured, semi-structured, and unstructured data.Query simplifies the complexity of security data and provides a unified view of all security data sources. The Open Cybersecurity Schema Framework (OCSF) provides a standardized data model for cybersecurity events and objects, enabling easier integration and interoperability between security tools.Graph databases are useful for maintaining relationships and analyzing complex security data, but loading and querying graph data can be challenging.The key benefit of unifying security data is decision support, enabling security teams to make informed decisions based on a comprehensive view of the data.When building a data fabric or unifying security data, it's important to work backwards from the job to be done and focus on supporting specific use cases and decision-making needs.Staying informed about data technologies and approaches is crucial for security engineers and CISOs to make informed decisions about building a data fabric.
--------
1:04:28
Building an open-source CSPM service - Daniel Spangenberg, Staff Cloud Security Engineer at Lyft
Daniel Spangenberg, Staff Cloud Security Engineer at Lyft, is building an internal cloud security posture management (CSPM) service.Daniel has developed a mental model that looks at cloud security in three components: The past. Data about your current cloud inventory, e.g. your EC2 instances and S3 buckets, to idenfity and remediate misconfigurations.The present. Event logs, access logs and CloudTrail data, with real-time processing and alerting.The future. Preventative measures to guardrail your deployments, e.g. in Terraform or with policy-based controls.Daniel explains how he uses tools like Cloudquery and AWS Trusted Advisor to gather data and identify security issues. He also discusses the importance of resource coverage and how he leverages existing tools to extract data into a centralized view.Daniel prioritizes issues based on their severity and assigns them to the respective service teams for resolution. Daniel highlights the importance of having a comprehensive asset inventory and using tools like Lyft's Cartography for graph traversal.Daniel shares insights on tracking success, visualizing data, and the shortcomings of existing CSPM solutions. He advises approaching cloud security thinking like a developer, and fostering collaboration between security and engineering teams.TakeawaysLyft's cloud security team focuses on securing the infrastructure by addressing the past, present, and future components of cloud security.Coverage is important to ensure that all resources are accounted for, even if they are not actively used.Data is extracted from existing tools and centralized into a single source of truth for better visibility and analysis.Prioritization of security issues is based on severity, and tickets are assigned to the respective service teams for resolution. Having a comprehensive asset inventory is crucial for effective cloud security.Custom queries and automation are essential for handling a large volume of findings and creating tickets for remediation.Auto-remediation is a complex topic that requires careful consideration and can potentially cause more harm than benefit if not implemented correctly.A labeling system, such as using tags, can help identify resource ownership and assign tickets to the appropriate teams.Tracking success in cloud security can be done through risk assessment, ticket counts, and data normalization.Building an in-house CSPM solution allows for customization and integration into existing workflows, avoiding the limitations of commercial solutions.Thinking like a developer and understanding the motivations behind certain configurations can help bridge the gap between security and engineering teams.Collaboration and communication between security and engineering teams are essential for successful cloud security.
Interviews with security engineers and CISOs about challenges in securing their cloud infrastructure. They share their stories and strategies used to drive results.
Colombia