Risky Business Podcast Episode Summary: "Snake Oilers: Pangea, Cosive and Sysdig"

Release Date: April 17, 2025
Host: Patrick Gray

Introduction

In this episode of Risky Business, host Patrick Gray delves into the world of information security through the unique format of "Snake Oilers," where vendors pitch their products to the audience. This edition features three distinct companies: Pangea, Cosive, and Sysdig, each presenting innovative solutions to current cybersecurity challenges. The discussions are rich with insights, addressing pressing issues in AI security, threat intelligence, and runtime security for Linux environments.

Pangea: Securing AI Applications

Speaker: Oliver Friedrichs, Co-founder and CEO of Pangea
Timestamp: 00:00 – 16:47

Overview: Pangea focuses on implementing robust security controls and guardrails around AI applications, addressing the escalating concerns as enterprises deploy hundreds of AI models. Oliver Friedrichs outlines the critical nature of securing AI, especially customer-facing applications vulnerable to prompt injection attacks and data leakage.

Key Points:

1. AI Security Challenges:

   • Enterprises are rapidly building numerous AI applications, necessitating stringent security measures.
   • Major threats include prompt injection, where malicious users manipulate AI behavior against its intended directives.

2. Pangea’s Solution:

   • Pangea offers a comprehensive set of guardrails that protect against eight of the top ten AI security threats identified by the OWASP Open Worldwide Application Security project (Timestamp: 02:56).
   • The company employs machine learning to detect and prevent prompt injections with over 99% accuracy (04:38).

3. Use Cases and Early Adoption:

   • Early adopters include organizations like Grand Canyon Education, which uses Pangea’s redact service to prevent the leakage of Personally Identifiable Information (PII) through chatbots (07:06).
   • Pangea also addresses model output monitoring, ensuring that AI systems do not inadvertently expose sensitive data or behave inappropriately.

4. Evolving Threat Landscape:

   • Oliver emphasizes the dynamic nature of AI threats, with over 170 prompt injection methods classified to date (05:07).
   • The team continuously updates their models to counter new attack vectors, akin to traditional anti-malware strategies (06:39).

5. Future Directions:

   • Pangea anticipates the integration of AI with operational tools, highlighting risks associated with AI agents capable of executing commands autonomously (16:09).
   • The company is committed to staying ahead of the curve by developing robust taxonomies and leveraging large language models for enhanced threat detection.

Notable Quotes:

• "Prompt injection allows you to manipulate the model in a way that it evades that." – Oliver Friedrichs (04:38)
• "We've built a very robust taxonomy with a group of PhD level researchers that work here that are focused on this problem." – Oliver Friedrichs (05:07)

Cosive: Managed Threat Intelligence with Cloud MISP

Speaker: Chris Horsley, Founder of Cosive
Timestamp: 17:XX – 31:23

Overview: Cosive, an Australian threat intelligence consulting firm, introduces their latest product offering: Cloud MISP. MISP (Malware Information Sharing Platform) is an open-source threat intelligence platform that Cosive has reimagined as a hosted, cloud-based solution to simplify its deployment and maintenance.

Key Points:

1. Understanding MISP:

   • MISP is pivotal for sharing comprehensive threat intelligence, encompassing indicators of compromise (IOCs) like hashes, URLs, and domains, as well as in-depth reports on threat actors and vulnerabilities (18:14).

2. Challenges with Traditional MISP:

   • The complexity of setting up and maintaining MISP instances leads many organizations to deploy it informally, resulting in underutilization and fragmented threat intelligence efforts (21:24).

3. Cosive’s Cloud MISP Solution:

   • Cosive offers a managed Cloud MISP service that handles the technical burdens of deployment, patching, and integration with existing security infrastructures like SIEMs and firewalls (19:12).
   • The service leverages AWS native features for high availability and scalability, ensuring a production-grade deployment (23:08).

4. Community and Collaboration:

   • MISP’s network effect thrives on its community-centric approach, allowing organizations to connect and share threat data seamlessly (19:05).
   • Cosive facilitates this by managing the complexities, enabling organizations to focus on actionable intelligence rather than technical setup.

5. Consulting Services:

   • Beyond hosting, Cosive provides consulting to help organizations mature their threat intelligence programs, aligning with the CTI Capability Maturity Model (CTI CMM).
   • They assist in defining intelligence requirements, stakeholder engagement, and producing relevant intelligence products (25:41).

6. Adoption and Growth:

   • Cloud MISP has seen significant international interest, attracting various sectors including finance, telecommunications, and education (22:12).
   • Organizations benefit from Cosive’s expertise in optimizing MISP usage, transforming threat intelligence from raw data into strategic insights.

Notable Quotes:

• "MISP can do more than that. We're sending reports which might be about threat actors or campaigns or vulnerabilities." – Chris Horsley (18:14)
• "We've re-architected MISP in a sense so that it uses AWS sort of native platform, native features." – Chris Horsley (23:08)

Sysdig: AI-Enhanced Runtime Security for Linux

Speaker: Alex Lawrence, Director of Cloud Security Strategy at Sysdig
Timestamp: 32:32 – 47:11

Overview: Sysdig presents its runtime security solution tailored for Linux environments, emphasizing cloud-native architectures such as Kubernetes and containers. Alex Lawrence discusses how Sysdig leverages AI to enhance real-time security monitoring and threat detection.

Key Points:

1. Runtime Security Solutions:

   • Sysdig offers a comprehensive runtime security platform designed to monitor and protect Linux systems in real-time, particularly in cloud-native environments (32:32).
   • The platform focuses on both preventative and detective controls, with a strong emphasis on real-time threat detection in ephemeral and large-scale environments (33:28).

2. System Call Monitoring:

   • Sysdig operates by intercepting system calls, the fundamental operations through which applications interact with the operating system (35:41).
   • This approach allows Sysdig to gain deep visibility into every action occurring on a host, akin to packet monitoring in traditional network security (35:57).

3. Deployment Flexibility:

   • The Sysdig agent can be deployed in various environments, including baked into system images, integrated via DevOps tools, or deployed as daemon sets in Kubernetes clusters (36:25).
   • This flexibility ensures that Sysdig can seamlessly integrate into diverse infrastructure setups.

4. Creative Threat Detection:

   • The platform’s strength lies in its ability to detect a wide array of threats by monitoring system behavior, such as unusual process executions or suspicious network activities (37:06).
   • Users can customize detection rules to match specific security policies and operational requirements, enhancing the platform’s adaptability (37:27).

5. AI Integration – Sage:

   • Sysdig introduces "Sage," an AI-driven assistant designed to navigate the extensive telemetry data generated by Sysdig’s platform (42:12).
   • Sage leverages Large Language Models (LLMs) to help security teams sift through vast amounts of data, prioritize critical events, and uncover hidden threats efficiently (44:31).

6. Adoption and Feedback:

   • The integration of AI has led to substantial growth, with user adoption increasing by over 300% as organizations seek more effective ways to manage and interpret their security data (45:22).
   • Feedback highlights the value of AI in enabling quicker response times and better resource allocation in dynamic cloud environments.

Notable Quotes:

• "Sysdig does preventative stuff. Everybody does preventative stuff. The thing that we're focused on the most though, is that detective side of the house." – Alex Lawrence (33:28)
• "AI is addressing the data lake problem. Right. We've got a lot of data, more than we can ever do anything with, with a human being." – Alex Lawrence (42:12)
• "Containers are basically just getting their shelf life smaller and smaller and smaller." – Alex Lawrence (46:24)

Conclusion

This episode of Risky Business provides a comprehensive look into cutting-edge cybersecurity solutions offered by Pangea, Cosive, and Sysdig. Pangea tackles the intricate challenges of securing AI applications, Cosive simplifies threat intelligence sharing through their managed Cloud MISP service, and Sysdig enhances runtime security for Linux environments with AI-driven tools. Each vendor presents unique strategies and innovations addressing the evolving landscape of information security, offering valuable insights for professionals in the field.

Final Thoughts: Patrick Gray effectively navigates through each vendor’s presentation, eliciting detailed explanations and engaging discussions on the practical applications and future directions of their products. The inclusion of real-world use cases and the emphasis on ongoing adaptation to emerging threats underscore the critical importance of robust security measures in today’s rapidly advancing technological environment.

Connect with the Vendors:

• Pangea: Visit Pangea Cloud to learn more about their AI security solutions and participate in their AI escape room challenge for a chance to win a $10,000 prize.
• Cosive: Explore their offerings at cosive.com for managed Cloud MISP services and threat intelligence consulting.
• Sysdig: Discover Sysdig’s runtime security solutions and AI integrations at sysdig.com.

Stay tuned for part two of this Snake Oilers series, featuring three more innovative vendors in the cybersecurity landscape.