Building your Custom LLMs + Threat Modeling in Cloud

Greetings from Cloud Security Podcast!

Is 2024 going fast for anyone else? We are already in March and soon it will be conference season where we hope to see you all!

Before we get into everything we learnt from our guests this month and trust me, there was a lot of great discussion, a nod to our sister podcast AI Cybersecurity Podcast (Website coming soon !) and 2 Part episodes we had with Hosts Caleb Sima and Ashish Rajan and Special Guest Daniel Miessler.

There may have been some AI used in the recording of these episodes 🤣

Check out Part 1 and Part 2 here !

Whats ahead in this newsletter…

• Cloud Security Meets AI

  • Insights from Matt McKeever on the benefits and security considerations of using GenAI and Custom LLM models.

• Application Security in the Age of Cloud

  • Discussion with Idan Plotnik on the emergence of ASPM: Is it changing Application Security?

    • Cloud Security vs. Application Security: Understanding the Distinction

    • The Rising Demand for Application Security Tools

    • Do SMBs Need Application Security Tools?

• Kubernetes in Focus

  • A prelude to Kubecon EU 2024 and insights into Kubernetes with Magno Logan

    • What are Sidecars?

    • Why Container Escape is Bad?

    • Kubernetes Cluster Attack Entry Points

• Threat Modeling in Cloud Environments

  • Tyson Garett shares his experience and the importance of threat modeling in the cloud.

    • Understanding Threat Modeling in Cloud

    • Cloud vs. On-Prem: A Security Paradigm Shift

Cloud Security Podcast Feb 24 Wrap Up

2024 is shaping to be quite an exciting year for both Cloud Security and AI Security, speaking of which, if you haven’t already subscribed to our 2nd Podcast AI Cybersecurity Podcast, make sure you do! We are having some great conversations there too!

But before we dabble too much onto the AI side of things, whats happening in Cloud Security? Or should we say where Cloud Security meets AI

🌪 The Threat Landscape with Own GenAI Models

We spoke to Matt McKeever, CISO and Head of Cloud Engineering at LexisNexis, a company that uses GenAI and Custom LLM models to help its customers with legal research, guidance and drafting. And he had some great insights for us!

What are the benefits of having your own custom LLMs?

• Closed System Confidence: Utilizing AI in a sealed environment means robust security for custom models. Your data remains untouched by external influences.

• Looped Security: From input to output, everything stays within the confines of our controlled ecosystem. Prompt engineering ensures only clean queries make their way to the models..

🛡 Kickstarting Security in GenAI

• Confidentiality is Key: Customer queries are treated with the utmost secrecy. Segmented, closed-loop system ensures data never leaks.

• Back to Basics: The fundamentals of security – authentication, encryption, and architecture – are the pillars. Knowing who accesses what and how data moves is critical.

📚 Lessons from Custom LLM Models

• Capacity and Cost Insights: Planning and modeling are paramount. Unexpected spikes? Extra capacity is a must to ensure uninterrupted service.

• Financial Finesse: Engage with finance experts early. Balancing token-based pricing with usage growth requires a keen financial strategy.

🚀 Embarking on Custom LLMs

• Define Your Domain: Tailor your approach based on specific needs. Not all problems require the same solution.

• Flexibility First: The GenAI landscape is dynamic. Be prepared to pivot and adapt as new developments arise.

These are some of Matt’s Actionable Takeaways if you are considering using your own custom LLMs

• 🎯 Assess your use case carefully before choosing a model. Consider both technical and financial implications.

• 🛠 Leverage basic security principles in the GenAI context. It's about adapting, not reinventing.

• 🔄 Stay agile in your strategy. GenAI technology is rapidly evolving; so should your approach.

From where Cloud Security is meeting AI, we travel down to the world where Cloud Security meets Application Security! And to share more with us about this world of Application Security, we had Idan Plotnik, CEO and Co-Founder of Apiiro.

🔒 Spotlight on ASPM: Is it changing Application Security?

Application Security Posture Management (ASPM) is the new buzzword in the cyber world, thanks to its recent accolades at the RSA Innovation Sandbox and a nod from Gartner as a cool vendor. But what's the big deal?

• What is ASPM? 🤔 ASPM stands for Application Security Posture Management. It's all about understanding and managing the security status of your applications throughout the development lifecycle—before hitting the production environment.

• The Three Pillars of ASPM:

  • Complete Visibility: Gain insights into your codebases and software supply chain, including source control managers, CI/CD pipelines, and artifactory.

  • Prioritize Alerts: With a deep understanding of your application architecture, prioritize alerts effectively.

  • Risk Management: Implement guardrails and reporting to manage application risk throughout its lifecycle. Make informed decisions about releases based on thorough risk analysis.

🌐 Cloud Security vs. Application Security: Understanding the Distinction

The line between Cloud Security Posture Management (CSPM) and ASPM might seem blurry, but it's crucial. Here's a simplified breakdown:

• CSPM: Focuses on the security posture of your cloud infrastructure in runtime. It helps you understand container interactions and locate sensitive data in your S3 buckets.

• ASPM: Deals with the nitty-gritty of your application architecture before deployment. Think API counts, open-source dependencies, secret management, and microservices architecture.

📈 The Rising Demand for Application Security Tools

In an era where applications evolve faster than ever, the need for robust Application Security Tools has skyrocketed.

• Evolving Landscape: Application architectures, technologies, and open-source components have transformed drastically, increasing complexity.

• Integration Overload: The plethora of tools and manual processes makes it hard to gauge release readiness and security.

• Unified Platform Need: A singular platform to consolidate findings from various tools (SAST, SCA, pentesting, etc.) is essential for informed decision-making regarding code release.

💡 Do SMBs Need Application Security Tools?

The answer isn't straightforward. While smaller, unregulated companies might opt for basic compliance checks, the trajectory points towards a broader adoption of ASPM solutions for modernizing application security processes.

• By 2026, Gartner predicts 40% of organizations worldwide will implement an ASPM solution. We will have to wait and see if that truly happens 🤔

⏱️ Mean Time To Remediation (MTTR): A Critical Metric

MTTR measures the efficiency of your remediation processes, with large enterprises tailoring timelines based on application impact and data classification.

• Criticality Dictates Speed: For high-impact applications, risks might need resolving within days, underscoring the importance of swift, effective remediation strategies.

We are only weeks away from Kubecon EU 2024, where you will also find the Cloud Security Podcast team, so if you are attending definitely come say hello. But if you are looking to get your Kubernetes fix, you may want to listen to this episode with Magno Logan. Presenting this one with a space spin 🧑‍🚀 because Kubernetes is complex 😊 and analogies help!

🛠️ What are Sidecars?

In the vast expanse of space, sidecars are your trusty probes, dispatched from the main ship (pod) to perform specific tasks:

• Log Collection: Think of sidecars as your mission recorders, sending vital data back to mission control (SIEM).

• Stealthy Yet Essential: Operating with low noise, they're like silent observers, critical yet unobtrusive, making them intriguing for both legitimate use and evasion techniques.

💣 Why Container Escape is Bad?

Escaping a container is akin to breaking out of your space suit: suddenly, you have the run of the ship. This breach can lead to:

• Access to the Host: A gateway to potentially commandeering the entire vessel.

• Crypto Mining: Hijackers prefer the ship's engine (the node) over a mere escape pod (the container) for their nefarious activities.

• Further Compromise: Accessing instance metadata APIs can lead to the acquisition of keys to the kingdom (or in this case, your cloud accounts).

🔑 Kubernetes Cluster Attack Entry Points

There are many entry vectors that adversaries use to infiltrate your space stations (a.k.a Kubernetes clusters):

• Exposed Applications: Like a vulnerable airlock, applications with flaws can be the first breach point. An RCE (Remote Code Execution) or command injection can leave the pod's door wide open for invaders.

• Exposed Kubernetes Services: Old versions of the Kubernetes dashboard acted as unintentional beacons for attackers. Though some threats have been mitigated, the Kube API server and other services could still be waving a flag at miscreants.

• Valid Accounts: The digital equivalent of finding the captain's keycard, access to a developer's machine or source code repository with hard-coded credentials can lead to full compromise.

🔄 Attack Entry Points: Managed vs. Self-Hosted Kubernetes

• Managed Kubernetes: You're in a co-piloted spacecraft. The cloud provider shields the control plane, but remember the credo: "Trust, but verify."

• Self-Hosted Kubernetes: Flying solo requires you to man every station. Greater control, yet a higher chance to slip on the very banana peels you're trying to avoid.

🔐 Maintaining Persistence in a Kubernetes Environment

• Deploy a Pod: The most straightforward method to cling onto your cluster. Permissions and configurations become your playground—or battlefield.

• RBAC (Role-Based Access Control): A maze of permissions that demands a keen navigator to avoid becoming lost in space.

• Seeking Secrets: Like mining asteroids for precious metals, hunting for secrets within the cluster can yield valuable resources for persistence.

Threat Modeling your cloud environment is important and we had Tyson Garett, CTO at TrustOnCloud share insights from what he has learnt in his experience.

🎯 Understanding Threat Modeling in Cloud

• Why Threat Modeling? 🤔 To build confidence. Despite adhering to regulatory frameworks and cloud best practices, many feel hesitant to elevate their data classification in the cloud. The solution? Illuminating the threats and tailoring controls to your risk appetite.

• APIs as a Focal Point: The cloud, akin to an application due to its API-centric nature, requires a unique approach to threat modeling. Understanding the API landscape is critical for identifying potential threats and enforcing effective controls.

🔍 Cloud vs. On-Prem: A Security Paradigm Shift

• Elevated Security Bar: The cloud doesn’t inherently reduce security; rather, it changes the game. This shift offers a chance to re-evaluate and enhance security practices, particularly against insider threats.

• APIs: The Double-Edged Sword: The uniform API access in cloud services simplifies management but also centralizes risk, making a comprehensive threat model more crucial than ever.

🤖 Navigating the AI Services Maze with Cloud Providers

• Documentation is Key: Start with the basics. Understanding each API and its properties is essential, leading to the creation of a dynamic data flow diagram that outlines how data moves within and outside your organization.

• The Ripple Effect: Using an AI service often means engaging with multiple foundational services. A single AI service could necessitate threat modeling for as many as 20+ other services due to integrated storage, account management, and more.

🛠️ Actionable Insights: Your Security Toolbox

• Risk Appetite Calibration: Define and understand your organization’s risk tolerance to select and implement the most appropriate controls.

• Embrace API Insights: Familiarize yourself with the APIs of your cloud services. Understanding these interfaces is pivotal in identifying vulnerabilities and enforcing security measures.

• Continuous Documentation: Maintain an evolving data flow diagram. This visual representation will be invaluable in understanding and mitigating risks associated with data movement.

• Broaden Your Threat Model: Consider the interconnected nature of cloud services. A comprehensive threat model extends beyond individual services to encompass the entire ecosystem they operate within.

⁠TrustOnCloud has kindly offered a Free ThreatModel of your choice to our listeners - you can register here to pick yours

Whats Coming Up!!

Cloud Security Training from Practitioners!

Want to learn more about Cloud Security or know someone who wants to, we got you !

If you have been following our journey for a while, you would know that one of the big reasons we started Cloud Security Podcast was to make cloud security knowledge accessible for anyone wanting to learn it.

Have you joined our FREE Monthly Cloud Security Bootcamp yet. There are paid online and corporate trainings available for those looking to hit their Cloud Security goals this year!

Are you liking this new format newsletter? What can we do better? What else would you like to see here?

Our newsletter is on a path of self improvement and reinvention, Ashish and I have challenged ourselves to bring you even more value as we continue to evolve this each week & we would love to hear from you 📢 as to how can we make this newsletter even more awesome for you (On that note! Thank you for subscribing💙)

Hope you are enjoying this new look Cloud Security Newsletter, theres plenty more to come.

Peace!

Shilpi Bhattacharjee

Was this forwarded to you? You can Sign up here, if this was helpful for you.

Want to sponsor the next newsletter edition! Lets make it happen

Have a topic or idea in Cloud Security or AI CyberSecurity to share? Submit it here

Need Cloud Security or AI Security on Cloud Security Training or Expertise ? Let’s Connect