Nov 20 · 3 min read
By: Brian Gladstein
Presenting at My First BSides
This past weekend, I was honored to present at BSides CT. This was my very first presentation at a BSides, and to be able to do it in my home state of Connecticut made the experience particularly special.
I’m no stranger to getting up in front of a room full of people, but I’ll admit I was a little nervous this time, knowing the caliber and level of proficiency of people in the room. BSides is where real security experts go to learn new things. I wanted to make sure the information I was giving them was valuable. Many thanks to Cmd’s resident ML expert Deepali Arora and Head of Security John Brunn for helping me build the data, analysis, and substance of this talk.
The good news — it seemed to land. Both during the talk in the (overflowing) room, and at our table afterwards, we received a stream of acknowledgment that access control in sprawling Linux cloud and datacenter environments is a growing issue in need of adequate solutions.
The Cmd Difference: Security That Works the Way DevOps Wants
Cmd is working to revolutionize the way we protect Linux clouds and data centers. DevOps teams are unsatisfied with the existing products in this market — all of which slow them down — and Cmd has stepped up to the task of securing their environments while keeping them agile. There are a multitude of Linux security products, but few capable of unobtrusive yet powerful protection in high-paced environments.
As the popularity of Linux has exploded, it has become a primary target for cyberattacks. Many companies with vulnerable Linux infrastructure are way behind on solving some of the foundational issues that are needed to deliver secure cloud-scale services, such as monitoring who is access what in the environment, controlling that access, and putting guardrails around what they can and can’t do.
A Linux-First Approach to Privileged Access Management
Solid visibility and control over users in Linux environments depends on four capabilities. Call these the “new requirements” for privileged access management in high-scale Linux environments. These are:
- 100%-accurate identity-based tracking, attributing everything that happens to a recognized individual
- Fine-grained control of command executions and the ability to set rules about what happens in the environment
- Detection and remediation of access gaps ensuring that alerts are sent out about suspicious activity and highlighting issues proactively to prevent potential hacks in advance
- Lastly, the solution needs to be DevOps friendly, so that your team will actually use it
Changing PAM Means We Need Better Data
Old-fashioned PAM is only tracked through the standard proprietary method controls, succession level access control, no detection and remediation control, and many PAM solutions are only built for Windows and are not as successful on the Linux platform.
To address the requirements we have for how Privileged Access Management needs to work today, you need a lot of data. You need to know what is happening on systems, what the context of those systems is at any given moment, and what the implications are from a security and risk perspective.
A modern PAM solution will centralize that data, keep it clean and scrubbed, and will build capabilities on top of it including monitoring and detection, granular policy management, and enforcement and control.
Cmd Is Pioneering PAM for Clouds & Data Centers
Cmd has collected 40+ billion data points, and we are starting to notice some really interesting patterns. Cmd data and algorithms are revealing vulnerabilities that many companies’ current solutions overlook as we monitor sessions and commands moment-to-moment.
For example, in one case Cmd showed that a user was exporting a series of root commands, followed by a series of file commands. The multiple file exports raised a red flag for the security team monitoring user activity.
Cmd’s rich session-based data enables users to build a detailed understanding of user behavior, including where they log in from, which systems they access internally, and when they normally log in. This data showcases patterns in user behavior, helping security teams to identify suspicious activity.
Thank you BSides CT
A final shout-out to the good people running BSides CT. It was a great event, packed with great people. I was so happy to be a part of it, and I look forward to doing it again in the future!
Sign up for a free trial to check out our product: https://demo.cmd.com/free-trial/
The full-length interview can be found here: https://www.youtube.com/watch?v=wFDMs0L9RFI