Scribd
Upload
41 views23 pages

Cloud Security Pros: Magpie Launch

Uploaded by

yashpatel7113
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
41 views23 pages

Cloud Security Pros: Magpie Launch

Uploaded by

yashpatel7113
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 23

Free Open Source CSPM Being Released at BlackHat in August

Contents

- Cloud & Cloud Security Tools 101


- Why Magpie
- Architecture
- Security Rules
- Shadow Cloud Accounts
- Rook Plugin
- DMAP - Non-native apps and data store fingerprinting
- Roadmap & Blackhat Arsenal Release
- Demo
- Where to Find More Info
Cloud 101
Cloud 101
Cloud 101

Compute - virtual machines, containers, serverless ...

Storage - file, object, backup …


How do I know
Networking - SDN, VPC, DNS, CDN, load balancing, VPN … they are secure ?

Databases - relational, non-relational, key value, time series ...

Big data and analytics - data warehouses, data lakes, processing, analytics, ML …

Security - Identity and Access, KMS, firewalls, SIEM ...


The Shared
Responsibility Model
Category Landscape Posture Workload
DivvyCloud, Laceworks,
Checkpoint, PANW, Orca, StackRox
PrismaCloud, AquaSec, (Redhat), Aqua, etc.
etc.
The 2 existing cloud security segments are

Infrastructure
focused on infrastructure, broadly the Cloud Security Posture Cloud Workload Protection
infrastructure itself (CSPM) and then the Management (CSPM) Platform (CWPP)
Based on native APIs Based on agents, snapshots
workloads that runs on it (CWPP).

CSPM is generally defined as

- asset / service discovery


- security configuration management
- monitoring and remediation
- integration Data Security Posture Data Workload Protection

Data
Management (DSPM) Based on sidecars, proxies & SDKS
Based on native & non-native APIs

Privacera, Cyril, Sonaria,


Open Raven
Gretel, Imperva

7
Why Magpie?

1. We needed to do cloud discovery at scale to support our commercial data security product
2. Our customers kept telling us us that their current CSPM’s sucked.
3. CSPMs are “compliance” focused and not “security” focused
4. CSPMs don’t discover non-native apps / data stores (ie things deployed on compute)
5. CSPMs don’t help with “shadow cloud” discovery
6. We think CSPM is table stakes but everyone needs it
7. We are an open core company
Architecture

- Desktop Edition

- Enterprise Edition

All Apache 2.0 License


Architecture
Architecture
Security Rules

https://github.com/openraven/magpie/wiki/Magpi
e-RFC---Security-Rules-and-Policies
Rook Plugin
Non-native apps and data store fingerprinting
Shadow Cloud
Accounts Plugin
AWS Billing Office 365

AWS Billing

AWS Accounts Google


Gsuite
AWS Billing

Expensify
3D Maps
BlackHat Arsenal Release
& Roadmap
https://github.com/openraven/open-raven/projects/1
Demo
Where to Find More Info

GitHub - https://github.com/openraven/magpie

Slack -
https://join.slack.com/t/open-raven-research/shared_invite/zt-np27xiev-N5rL4AcTmrQt8YkE81BIaw
Thanks
Email : [email protected] and [email protected]

Twitter : @curphey and @kickroot

You might also like