Lacework Polygraph Prevents Bitcoin Mining on AWS

Lacework Polygraph Prevents Bitcoin Mining on AWS

I interviewed Dan Hubbard, Chief Security Architect of Lacework this week.

We had a chat about what lacework is doing in the security Domain in AWS.

we discussed everything from Bitcoin mining prevention using Polygraph to the security best practice companies should be paying attention to.

Lacework is a Cloud security company whose goal is to allow companies to operate at the same pace as DevOps, secure thousands of continuously changing workloads, and monitor activities and metrics that are unique to the cloud.

Typically this can prove to be a big challenge says Dan for a number of reasons.

• Most organisations address security after the fact.
• Most traditional approaches to security are no longer fit for purpose as they do not address cloud-specific issues end to end.
• Security is seldom built into the migration process.

To address these issues Lacework suggests a multistep approach:

• 1. Address Compliance and Configuration using cloud trail and AWS Config.
  2. Perform Exhaustive Best practice checks on your environment.

“Polygraph is the secret sauce and runs throughout the security model”

This I found of interest and Dan walked me through the multistep process in more detail

Perform Compliance and configuration checks

Using cloud trail and AWS config, Polygraph will baseline the environment and understand and report back the date for analysis. Polygraph consumes all the information from cloud trail to get this done.

Perform best practice checks

Polygraph will put out agents into the environment to gather all the information required

Full SAAS Dashboard

The service is presented via a multi-tenant dashboard highlighting the views and viewpoints ready for analysis

Complete Breach Statistics

These are provided real-time to allow decisions to be made with the right information at hand.

No Patches Ever

No patches required no right-sizing it like googling it just works whatever the environment.

We went on to discuss what Dan called the 3 commandments of cybersecurity

The “3 commandments” of cybersecurity in the cloud.

1. When you are operating in the cloud: Log all your API calls and store them in a place where you can query the data at a moment’s notice.
2. Use Continual compliance: to perform real-time compliance and configuration checks for detect misconfigurations and mistakes.
3. Protect your applications: Find out if anyone has access to your services out of the box this is key in preventing the recent trend of bitcoin mining attacks on instances and AWS accounts that have been compromised. Typically, the only way the organisation finds out about the breach is by an alert from the accounts department of an unusual spend activity on the account. With Polygraph, this can be detected and addressed.

Security best practices for securing CI/CD chains in AWS

These are divided into 4 tactical areas:

1. Use an Orchestration system.Use of an orchestration tool like terraform or cloud formation, kubernetes, Mesos allows you to diminish the margin for error from manual operations.
2. Consciously divide your system into Test/Dev/Production, these should be stand-alone to eliminate the risk of impacting or taking down the production environment.
3. Need for right data at the right time. To answer complex questions really quickly. We need to ask the right question quickly, the developer needs to have access to this information so that targeted questions can be asked.
4. Building bridges between security and dev teams. This is the most important as it helps to close some of the gaps during migrations and deployment as the team will be aligned from the start.

Brilliant interview we will definitely talk again so and keep an eye on what lacework.

To find out more about Lacework and our other lacework go Here

About Dan 

Dan Hubbard is Chief Security Architect at Lacework, driving innovation and expanding the company’s security strategy for public and private clouds. Dan’s expertise spans from reputation and advanced classification systems to large-scale security data mining, and cloud security.  twitter:@dhubbard858