Container Security and MITRE ATT&CK on Linux: Cmd Founder Jake King’s Interview on Risky.Biz
By: Emily Nardone
Recently, Cmd CEO & Co-Founder Jake King met with one of our favorite podcasters and award-winning journalist, Patrick Gray, from Risky.Biz. Risky.Biz is an Australian-based podcast that was founded in 2007, and is a must-listen for information security professionals looking to stay up-to-date with the market.
In the interview, Jake talks with Patrick about security within container environments. “A lot of companies don’t really understand what the container attack surface is yet,” explains Jake. Cmd is one of the few solutions that can shed light on and protect this attack surface. It provides context-rich data about user actions and enables pre-execution controls including 2FA and PAM.
An increasing number of organizations are relying on orchestrated container environments. As with any big shift in development practices, security is often one of the last things people think about. That’s why Cmd is so focused on providing the right controls at the right time to help security teams protect their environments without slowing developers down.
Jake speaks with Patrick about a few specific areas Cmd is focused on, including attribution of user actions in containers, MFA on new terminal sessions in containers, and large-scale analysis of execution data. They also discussed authorization patterns, the problems with protecting scalable cloud environments, and the importance of behavioral analysis — something that is very much in high demand by many security professionals.
Jake was interviewed from Luxembourg, where he presented at the EU ATT&CK Community Workshop. This gathering of leading threat hunters and SOC teams focused on how to use and improve the MITRE ATT&CK Framework. In his presentation, Jake discussed his work over multiple years as a leading voice in applying MITRE ATT&CK to Linux. With tens of billions of data points collected on Linux, Cmd has learned valuable insights about how to implement MITRE ATT&CK in Linux production environments.