Future of SOC, Kubernetes Security, DevSecOps, and AI in Cybersecurity

Greetings from Cloud Security Podcast!

Happy 4th of July for all those of you who were celebrating. June has been quite a wild month as the team was travelling across the globe hosting Cloud Security and AI Security Events and Panels with our community members, if you came and said hello to us, thank you for making the time!

Our team was also busy attending many conferences in June, we kicked June off with Infosec Europe, HashiDays London and AWS re:Inforce 2024, before heading down to where it all began 🦘🐨

A few highlights from June 2024

Whats ahead in this newsletter…

• Evolving Cloud Security Landscape & the Future of SOC

  • Key Trends in Cloud Security with Ely Kahn

  • SOC in the Cloud World

  • AI and Security Operations

• Mastering Kubernetes Security in 2024 with Jimmy Mesta

  • Focus Areas for Kubernetes Security

  • Handling Kubernetes Alerts

• DevSecOps in 2024 with David DeSanto

  • Evolution and Maturity of DevSecOps

• Practical Applications and Insights with Kelsey Hightower

  • Focus on Core Issues

  • Patient Innovation

• AI in Cybersecurity: Today and Tomorrow

  • Real-world Applications

  • Practical AI Implementations

  • Predictions for the Future

Cloud Security Podcast June 2024

This month we spoke to:

• Ely Kahn from SentinelOne about the evolving Cloud Security Landscape

• Jimmy Mesta from Rad Security about the current state of Cloud Native and Kubernetes Security

• David DeSanto from GitLab about the shift with DevSecOps

•  Kelsey Hightower about practical ways to look at AI (and life)

• Clint Gibler from tldr;sec to talk about current state and future potential of AI Security.

Evolving Cloud Security Landscape & the future of SOC

We spoke to Ely Kahn at RSA 2024. Ely is the VP Product Management for Cloud Security, AI/ML, and Core Platform at SentinelOne and has spent many years in Cloud Security and we were keen to get his take on how things have changed and where are they headed?

🔍 Key Trends in Cloud Security

• Organizational Evolution:

  • Initially, cloud security was managed by small teams within a Cloud Center of Excellence.

  • Now, it has evolved into a more decentralized approach, with security responsibilities spread across various departments and directly to developers.

• Threat Landscape:

  • Automation and supply chain threats are the biggest concerns.

  • Automated attacks target misconfigurations and vulnerabilities, often leading to ransomware incidents.

  • Supply chain attacks, where a software provider is compromised, can have widespread impacts.

🛠️ SOC in the Cloud World

• Decentralization of SOCs:

  • Traditional large SOCs are becoming obsolete.

  • The new model involves distributed security engineers working globally in a follow-the-sun model.

• Automation and AI in SOCs:

  • AI is being leveraged to automate lower-level tasks, allowing analysts to focus on higher-level investigations and root cause analysis.

  • The future involves AI conducting full investigations and presenting results to human analysts for review.

🚀 AI and Security Operations

• AI-Powered SOC:

  • AI can automate and enhance SOAR (Security Orchestration, Automation, and Response) systems.

  • AI-driven tools can create and manage playbooks, reducing the manual effort required by security teams.

• Similarity Analysis:

  • Using vector databases and AI, security alerts can be correlated across multiple customers to provide more accurate triage and response recommendations.

  • This approach leverages collective intelligence to improve incident handling.

🎯 Strategic Priorities for 2024

• Leveraging AI:

  • CISOs and SOC directors need to assess how AI can streamline operations and reduce manual effort.

  • AI assistant tools can improve the efficiency of threat hunting and investigations.

  • The shift towards using AI for full investigations will save significant time and resources.

• Preparing for AI Threats:

  • With AI projects increasing, organizations must anticipate and prepare for new threat models related to AI systems.

Mastering Kubernetes Security in 2024!

We also caught up with returning guest and Co-Founder of Rad Security at RSA, Jimmy Mesta the current state of Cloud Native and Kubernetes Security

🔍 Focus Areas for Kubernetes Security

1. Cloud Native Security Defined:

• Real-Time Monitoring: Utilizing cloud APIs and real-time data collection to secure workloads.

• Containers and Microservices: Leveraging the dynamic nature of cloud-native applications for better security practices.

2. Challenges in Transition:

• Infrastructure vs. Development: Bridging the gap between infrastructure and development teams to streamline security processes.

• Proactive Security: Shifting from reactive to proactive security measures to maintain robust defense mechanisms.

3. Practical Tips for CISOs and Security Leaders:

• Enable Developer Efficiency: Implement tools and processes that keep security in mind without hindering development speed.

• Runtime Bill of Materials (RBOM): Establishing baselines and expected behaviors to pre-define and detect anomalies.

🤔 Common Questions Answered

Q: What is eBPF, and why is it important?

• eBPF (extended Berkeley Packet Filter): It's a powerful tool for monitoring and collecting low-level data from the kernel, providing insights that static CSPM tools cannot.

Q: How do you manage alert fatigue?

• Contextual Alerts: Implementing behavioral baselining reduces unnecessary alerts by focusing on deviations from the norm, rather than static rule-based alerts.

Q: Who should handle Kubernetes alerts?

• Specialized Roles: Emerging roles like detection engineers are crucial for managing and responding to Kubernetes-specific alerts efficiently.

Whats DevSecOps in 2024?

DevSecOps has been around for a while now but as cloud gets more complex and the increasing adoption of AI, how is DevSecOps changing? We spoke to David DeSanto, Chief Product Officer at GitLab about how he is seeing things shift with DevSecOps.

🔍 Shifting Security Left with DevSecOps

• Defining DevSecOps: Integrating security and compliance into the DevOps process to create a seamless, secure development lifecycle.

• Developer-Friendly Security: Focus on making security testing accessible and efficient for developers, helping to catch vulnerabilities early in the CI/CD pipeline.

• Guardrails and Governance: Providing tools for compliance and governance, ensuring software is securely shipped with clear policies and approval processes.

📈 Evolution and Maturity of DevSecOps

• Journey to DevSecOps: Organizations are at different stages, from embedding existing security tools into CI/CD processes to completely overhauling their systems.

• Collaboration Over Finger-Pointing: Increasing partnership between security and development teams, reducing blame and enhancing cooperation.

• Customer Insights: Security teams are now often driving the adoption to improve code security and streamline processes.

🔧 Integrating Security into the SDLC

• Delta Code Scanning: Efficient scanning of new code changes to quickly identify vulnerabilities without long wait times.

• Comprehensive Policies: Implementing policies for software build materials, attack surface analysis, and compliance reports to maintain visibility and control.

🛠 Popular Security Tools

• DAST and API Security: Customers often start with DAST and API security due to their critical role in modern applications, particularly single-page apps.

• Secret Detection and SAST: Following DAST, secret detection and static application security testing (SAST) are popular for their comprehensive vulnerability detection capabilities.

🤖 AI in Security

• AI Guardrails: Ensuring safe adoption of AI by allowing control over which projects can use AI and providing a 'kill switch' for sensitive projects.

• Developer Efficiency: AI tools can significantly enhance developer productivity by automating vulnerability resolution and other tasks, allowing for faster and more secure code deployment.

• Wider Adoption: Beyond developers, AI is helping security and platform engineering teams improve efficiency across the board.

Now for this episode with Kelsey Hightower who you may know of if you have delved into the world of Kubernetes, we switched gears a bit to talk about AI and Life.

🚀 Practical Applications and Business Insights

📊 Using AI to Solve Real Problems

• Generative AI in Business: Businesses should evaluate AI tools based on their specific problems rather than following trends.

💬 Strategic Adoption of AI

• Focus on Core Issues: Companies should understand their core business problems before adopting AI. Using AI as a tool should be driven by clear, tangible benefits rather than the fear of missing out on trends.

• Patient Innovation: Some companies can afford to be patient and prioritize customer needs over jumping onto the latest tech bandwagon.

"If you could afford it, would you buy your time back?" - Kelsey Hightower

🤖 Are you interested in AI Cybersecurity?

Then you should definitely checkout our sister podcast AI Cybersecurity Podcast that is hosted by Ashish Rajan and Caleb Sima.

For the latest episode of AI Cybersecurity Podcast, Caleb and Ashish sat down with Clint Gibler from tldr;sec to talk about current state and future potential of AI Security.

AI in Cybersecurity: Today and Tomorrow

• Current State:

  • AI's ability to handle permissions may surpass current manual methods.

  • AI should be seen as a tool for specific problems, not a catch-all solution.

• Future Vision:

  • AI could significantly streamline access permissions, minimizing human error.

  • Predicted a phase of disillusionment followed by more robust and practical AI applications.

Real-world Applications

• LLMs for Translation:

  • Translation from natural language to domain-specific security query languages.

  • Simplifying complex queries and making them accessible to less experienced users.

• Fuzzing with AI:

  • AI-generated inputs to test application robustness.

  • Reducing human effort in creating test cases, making fuzzing more efficient and effective.

Practical AI Implementations

• Unit Test Generation:

  • Automating the creation of unit tests, similar to how AI can aid in fuzzing.

  • Enhancing test coverage with minimal manual input.

• Summarization of Threat Intelligence:

  • Utilizing LLMs to summarize and analyze large volumes of text from cyber threat forums and dark web marketplaces.

  • Improving the efficiency of threat intelligence gathering.

AI’s Role in Enhancing Security

• Automating Security Tasks: From access permissions to vulnerability detection, AI can reduce the burden on human security teams.

• Learning from Data: AI systems can improve over time by analyzing vast amounts of data, leading to more accurate and reliable security decisions.

Challenges and Considerations

• Trust and Acceptance: Widespread acceptance of AI in critical security roles will take time and trust.

• Accuracy and Reliability: Ensuring AI models provide accurate and reliable outputs, particularly in security-sensitive areas.

Predictions for the Future

Short-term (Next 1-2 Years)

• Improved AI Tools: More mature and sophisticated AI tools for cybersecurity tasks.

• Enhanced Integration: Better integration of AI tools within existing security frameworks.

Long-term (Beyond 2 Years)

• AI Pen Testing: AI-driven penetration testing bots performing at the level of entry-level human testers.

• Holistic AI Systems: Development of comprehensive AI systems capable of handling complex security tasks autonomously.

Cloud Security Training from Practitioners!

Want to learn more about Cloud Security or know someone who wants to, we got you !

If you have been following our journey for a while, you would know that one of the big reasons we started Cloud Security Podcast was to make cloud security knowledge accessible for anyone wanting to learn it.

Have you joined our FREE Monthly Cloud Security Bootcamp yet. There are paid online and corporate trainings available for those looking to hit their Cloud Security goals this year!

Are you liking this new format newsletter? What can we do better? What else would you like to see here?

Our newsletter is on a path of self improvement and reinvention, Ashish and I have challenged ourselves to bring you even more value as we continue to evolve this each week & we would love to hear from you 📢 as to how can we make this newsletter even more awesome for you (On that note! Thank you for subscribing💙)

Hope you are enjoying this new look Cloud Security Newsletter, there’s plenty more to come.

Peace!

Shilpi Bhattacharjee

Was this forwarded to you? You can Sign up here, if this was helpful for you.

Want to sponsor the next newsletter edition! Lets make it happen

Have a topic or idea in Cloud Security or AI CyberSecurity to share? Submit it here

Need Cloud Security or AI Security on Cloud Security Training or Expertise ? Let’s Connect