Lets talk about Cloud Security Challenges and AI Innovations

Greetings from Cloud Security Podcast!

We want to start this edition by saying a big thank you to all of you who came and say hello to us at BsidesSF and RSA in San Francisco, couple of weeks ago. It is always incredibly humbling for us when we get to meet our listeners, audience members, community members, guests and partners in person and the love you all continue to show us and the podcasts is incredibly appreciated. Thank you for all the love and support, it truly is the driving force behind everything we do!

Can you spot yourself in our highlights?

Recap of RSA will be coming soon (next edition of the newsletter)

Whats ahead in this newsletter…

• Episode Highlights

  • Rich Mogull & Chris Farris

    • Practical Strategies for Cloud Security

  • Amol Mathur, SVP & GM - Prisma Cloud, Palo Alto Networks

    • The Evolution of Cloud Threat Landscape

    • Overcoming AI Challenges in SOC Operations

  • Jeff Moncrief, Field CTO at Sonrai Security

    • Identity as the New Network

    • Challenges and Strategies for Implementing Least Privilege

  • Sarah Polan, Field CTO at Hashicorp

    • Importance of Kubernetes in DevSecOps

    • Zero Trust and Machine Identity

• Special Feature: AI Cybersecurity Podcast

  • Highlights from RSA Conference 2024, BSides SF 2024, and related fringe activities

  • Special Mention Talks and Upcoming Episode Teasers

  • AI Security Challenges and Practical Steps for CISOs

Cloud Security Podcast May 2024

May has been a jam packed month for Cloud security Podcast as we were able to share conversations that we had just before our team headed out to San Francisco and also interviews we had the pleasure of recording in person at both BSides SF and RSA Conference. We still have some great episodes lined up with that we captured at San Francisco!

This month we spoke to:

• Rich Mogull & Chris Farris about the real world challenges of Cloud Security and how to tackle them

• Amol Mathur, SVP & GM - Prisma Cloud , Palo Alto Networks about the role of AI in Security Operations and Cloud Security

• Jeff Moncrief, Field CTO at Sonrai Security about why least privilege matters in Cloud Security.

• Sarah Polan, Field CTO at Hashicorp about how DevSecOps has evolved over the yearz and how it plays out in the world of Kubernetes

We spoke to Rich Mogull & Chris Farris about steps you can take to win at cloud security

🧩 Practical Strategies for Cloud Security

🔍 CSPM as a Threat Hunting Tool:

Chasing vulnerabilities is a losing game. Focus on structural improvements and proactive measures.

• Approach: Use CSPM to identify critical vulnerabilities quickly. Focus on easily exploitable issues first.

• Example Issues: Publicly writable S3 buckets, exposed RDS databases, unencrypted EBS volumes.

• Initial Steps: When dropped into a chaotic cloud environment, start by understanding the governance, team responsibilities, and political environment.

🛠️ Tools and Automation:

• Triage Method: Adopt a triage approach similar to disaster response teams. Focus on what can be saved quickly and effectively.

• Billing Alerts: Set up automated billing alerts for unexpected charges, a common sign of crypto mining attacks.

• SOAR Integration: Integrate CSPM with Security Orchestration, Automation, and Response (SOAR) tools to handle high-severity incidents efficiently.

👥 Training Programs:

• Get hands on training with resources like CloudSLAW (Weekly labs) & Cloud Security Bootcamp (Monthly Labs) to build foundational cloud security skills.

• Security Champions: Develop in-house training and security champions programs to foster a culture of security.

📊 Leveraging Threat Models:

• Universal Threat Model: Chris and Rich introduced a Universal Threat Actor Model to help prioritize common threats and vectors. You can use this model to contextualize CSPM findings and prioritize responses based on realistic threat scenarios.

We spoke to Amol Mathur, SVP & GM - Prisma Cloud , Palo Alto Networks, in person how Security Operations and Cloud Security is evolving in 2024, in the world of Precision AI and Generative AI.

🚀 The Evolution of Cloud Threat Landscape

• Growth and Focus Shift:

  • Over the last five years, the cloud has become mainstream.

  • COVID-19 accelerated the migration of critical workloads to the cloud.

  • Threat actors are increasingly targeting cloud infrastructure and applications due to their critical nature and valuable data.

• Increased Attack Sophistication:

  • Attacks often start with social engineering on enterprise devices and then pivot to cloud environments.

  • There's been a notable surge in the frequency and sophistication of these attacks.

🌐 From Code to Cloud to SOC

• Transition in Enterprise Security:

  • Shift from a focus solely on cloud (IAC) to integrating cloud into SOC operations.

  • Enterprise SOCs must adapt to understand and manage cloud-specific constructs and technologies.

• Integrated Threat Detection:

  • Need for SOC tools that natively understand cloud environments.

  • Rapid incident response requires comprehensive context available at the SOC operators' fingertips.

  • AI-driven tools can provide guided investigations and necessary context without manual intervention.

🧠 AI in Cybersecurity: Current and Future Roles

• Precision AI vs. Generative AI:

  • Precision AI: Traditional machine learning and statistical models for threat detection.

  • Generative AI: Emerging technology that enhances threat detection, guided investigations, and more.

• Three Key Applications of AI:

  1. Securing with AI:

     • Enhanced threat detection capabilities.

     • Faster incident response.

  2. Securing the AI:

     • Visibility and posture management of AI applications.

     • Runtime detection of AI-specific threats.

  3. Simplifying Cybersecurity with AI:

     • AI-driven guided investigations and remediation.

     • Natural language processing for complex query resolution.

📊 Overcoming AI Challenges in SOC Operations

• Knowledge Gap:

  • SOC teams often lack deep cloud knowledge.

  • AI tools must bridge this gap by providing relevant context and insights automatically.

• Accuracy and Trust:

  • Concerns over AI "hallucinations" and false positives.

  • Importance of rigorous validation and high accuracy (over 90%) before deployment.

• Selecting the Right AI Tools:

  • Evaluate the vendor's data volume and quality.

  • Assess the maturity and expertise of the vendor's security research team.

  • Look for a proven track record of AI model efficacy and continuous improvement.

We spoke Jeff Moncrief, Field CTO at Sonrai Security about why identity is the new network in the world of Cloud.

🔑 Identity as the New Network

• Identity Evolution: Jeff emphasizes that identity is not just the new perimeter; it is the new network in cloud-native environments.

• Identity Fabric: Essential for the functionality of any cloud-native setup, acting as the conduit through which everything communicates.

🛡️ Challenges of Implementing Least Privilege

• Complexity: Implementing least privilege in the cloud is more complex than on-premises due to the proliferation of identities and services.

• Misconceptions: Many still think of least privilege in traditional terms (username, password, role-based access), but cloud environments require a different approach.

• Visibility and Context: Native tools provide limited visibility and lack context, making it hard to understand the true risk landscape.

⚙️ Strategies for Effective Least Privilege

1. Visibility: Start by gaining visibility into your entire cloud environment to identify unused and excessive permissions.

2. Segmenting Access: Instead of network segmentation, focus on segmenting across the access fabric.

3. Unused Permissions: Remove unused permissions to reduce the attack surface significantly.

4. Ongoing Governance: Implement trip wires and alerts for critical identities and permissions changes.

📈 Addressing Identity Proliferation

• Cyber Litter: Jeff introduces the concept of "cyber litter" – leftover identities and permissions from past projects that still pose risks.

• Permissions Attack Surface: The average cloud environment has a massive permissions attack surface, with many permissions going unused but still posing risks.

🛠️ Tools and Frameworks

• Cloud Native Tools: AWS IAM Access Analyzer, GCP's permissions visibility tools, and Azure's Entra ID offer basic least privilege capabilities but can lack comprehensive coverage and context.

• Third-Party Solutions: Consider tools that provide deeper insights and actionable intelligence across multi-cloud environments.

📊 Real-World Application

• Strategy Over Whack-a-Mole: Avoid the trap of playing whack-a-mole with individual permissions. Focus on a strategic approach to manage the permissions attack surface.

• Focus on Production Environments: Start with your most critical environments (e.g., production) and work outward, applying zero-trust principles.

💡 Frameworks and Best Practices

• Use Established Frameworks: CIS benchmarks, PCI, and CSA's CCM provide good starting points but need to be complemented with tools that offer detailed visibility into permissions.

• Continuous Improvement: Treat least privilege as an ongoing process rather than a one-time project. Regularly review and update permissions and identities.

We spoke to Sarah Polan, Field CTO at Hashicorp about how DevSecOps in the world of Kubernetes

☸️ Introduction to DevSecOps:

• Evolution of DevOps: DevSecOps is the next iteration, integrating security throughout the application lifecycle.

• Key Components:

  • Golden images and pathways

  • SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing)

  • Secrets management

  • Continuous monitoring and remediation

☸️ Importance of Kubernetes in DevSecOps:

• Immutable Applications: Kubernetes allows for the creation of immutable applications, enhancing security and resilience.

• Scalability and State Management: Effective for managing state and scalability, crucial for modern distributed systems.

☸️ DevSecOps for All Sizes:

• Large Organizations: Focus on platform engineering to scale DevSecOps practices efficiently.

• SMBs (Small and Medium-sized Businesses): Traditional DevSecOps practices can be scaled as the organization grows.

☸️ Starting with Secrets Management:

• Value of Secrets Management: Essential for managing credentials securely, preventing costly breaches such as crypto mining.

• Ease of Adoption: Easier for developers to grasp compared to more complex security measures like SAST and DAST.

☸️ Zero Trust and Machine Identity:

• MTLS (Mutual TLS): Crucial for encrypting data in transit and ensuring secure communication between services.

• Identity Brokering: Central to implementing Zero Trust, ensuring that identities are managed effectively.

🤖 Are you interested in AI Cybersecurity?

Then you should definitely checkout our sister podcast AI Cybersecurity Podcast that is hosted by Ashish Rajan and Caleb Sima.

Speaking of which, we recently shared an episode speaking about all the AI Security trends and highlights from RSA Conference 2024, BSidesSF 2024 and all the fringe activities that takes place in San Francisco during that week!

Main Themes:

1. AI Dominance at RSA: With 137 AI-focused talks out of 600, AI was the dominant theme. Though most people were expecting many more AI talk and AI messaging on the expo floor and were pleasantly surprise that this was not the case.

2. Focus on Practical Implementation: Happy to report that the emphasis was on securing AI pipelines, patching systems, and implementing least privilege before enabling AI.

🔍 Deep Dive into BSidesSF

BSidesSF Overview:

• A practitioner-led conference running alongside RSA, focused on technical, hands-on sessions.

• Known for its community vibe and technical depth, attracting professionals from major tech companies.

Key Highlights:

• Adobe’s LLM Logs Talk: How to fine-tune large language model logs for security events by Wilson Tang, Cyber Security Data Scientist at Adobe

• Sigma Rules Automation: Leveraging AI to create efficient security rule queries by Dave Johnson from Feedly. We actually had the pleasure of interviewing Dave and this episode will be dropping soon. Keep an eye out!

The talks are yet to be released online, once they are shared we will be sure to share them on our socials and newsletter for you!

Special Mention:

• Caleb Sima’s Keynote: A positive outlook on AI in security, predicting AI’s impact on top security challenges and changes in organizational behavior.

• Clint Gibler of tl;dr sec condense 100s of hours of research into his talk about the current trends in AI Security.

💡 Key Insights from RSA Conference

The Fringe Festival of Cybersecurity:

• Most meaningful interactions and insights often happen outside the main conference floor.

• Major companies hosted exclusive events at nearby hotels.

Innovative AI Announcements:

• Palo Alto Networks: Precision AI announcement.*

• SentinelOne: Purple AI platform.

Innovation Sandbox:

• Spotlight on the top 10 innovative startups with a focus on AI, data security, identity, and more.

AI Security Challenges:

• Data Leakage Concerns: Still a top concern, but shifting towards understanding AI as part of the broader third-party risk management.

• Practical Steps: Emphasis on securing infrastructure and implementing best practices before fully deploying AI solutions.

🎯 Actionable Takeaways for CISOs

1. Evaluate Vendor Claims: Ask if the vendor is creating their own LLM or fine-tuning existing models, and what data they are using.

2. Transparency: Ensure vendors are open about the AI technologies they use.

3. Integrate AI Thoughtfully: Use AI as a tool to enhance existing security measures rather than seeing it as a standalone solution.

*Sponsored

Cloud Security Training from Practitioners!

Want to learn more about Cloud Security or know someone who wants to, we got you !

If you have been following our journey for a while, you would know that one of the big reasons we started Cloud Security Podcast was to make cloud security knowledge accessible for anyone wanting to learn it.

Have you joined our FREE Monthly Cloud Security Bootcamp yet. There are paid online and corporate trainings available for those looking to hit their Cloud Security goals this year!

Are you liking this new format newsletter? What can we do better? What else would you like to see here?

Our newsletter is on a path of self improvement and reinvention, Ashish and I have challenged ourselves to bring you even more value as we continue to evolve this each week & we would love to hear from you 📢 as to how can we make this newsletter even more awesome for you (On that note! Thank you for subscribing💙)

Hope you are enjoying this new look Cloud Security Newsletter, there’s plenty more to come.

Peace!

Shilpi Bhattacharjee

Was this forwarded to you? You can Sign up here, if this was helpful for you.

Want to sponsor the next newsletter edition! Lets make it happen

Have a topic or idea in Cloud Security or AI CyberSecurity to share? Submit it here

Need Cloud Security or AI Security on Cloud Security Training or Expertise ? Let’s Connect