Risky Business Podcast Summary Episode: Snake Oilers: Sandfly Security, Permiso and Wiz Release Date: October 1, 2024 Host: Patrick Gray

Introduction

In this episode of Risky Business, Patrick Gray dives into the Snake Oilers series, where vendors pitch their cybersecurity products to provide listeners with a clear understanding of their offerings. This episode features three standout companies in the information security landscape: Sandfly Security, Permisso, and Wiz.

Sandfly Security

Guest: Craig Rowland, Founder of Sandfly Security
Timestamp: [00:07] – [14:35]

Overview: Sandfly Security presents an innovative approach to Linux security by offering an agentless intrusion detection and incident response platform. Unlike traditional endpoint detection and response (EDR) solutions that rely on agents, Sandfly leverages diagnostic tools to monitor Linux systems efficiently.

Key Features:

• Agentless Monitoring: Utilizes SSH to access Linux systems and deploys lightweight Go binaries for data collection.
• Comprehensive Compatibility: Supports a wide range of systems, from legacy Linux distributions to modern cloud deployments and embedded systems (e.g., Intel, AMD, ARM, MIPS, IBM Power CPUs).
• Robust Detection Capabilities: Focuses on processes, user activities, log tampering, file and directory changes, and policy compliance.

Notable Insights: Craig Rowland emphasizes the challenges of creating a universal Linux EDR solution due to the diversity of kernels and distributions. By eliminating the need for an agent, Sandfly enhances performance and reduces the risk of tipping over critical Linux systems.

Notable Quotes:

• "Sandfly basically is an agentless intrusion detection incident response platform for Linux." – Craig Rowland [01:36]
• "We could work on Systems up to 10 years old all the way through modern cloud deployments." – Craig Rowland [01:36]
• "It's almost like you have a full security team with all these capabilities built in the product." – Craig Rowland [07:15]

Use Cases:

• Critical Infrastructure: Ensures continuous monitoring without system downtime, crucial for environments where uptime is paramount.
• Edge Devices: Monitors devices like Synology NAS, Ubiquiti routers, and IP cameras that are traditionally hard to secure with agents.
• Posture and Drift Detection: Identifies unauthorized changes and weak SSH key management to prevent lateral movement by attackers.

Customer Scale: Sandfly Security caters to large enterprises with tens of thousands of endpoints, particularly those in critical internet infrastructure, telcos, and other high-stakes environments where security and stability are non-negotiable.

Permisso

Guest: Jason Martin, Representative from Permisso
Timestamp: [14:48] – [27:09]

Overview: Permisso specializes in identity security, focusing on building comprehensive identity and activity graphs to detect identity-based attacks and compromises across various environments, including SaaS, IaaS, and PaaS.

Key Features:

• Control Plane Integration: Connects to identity providers (IdPs) using read-only access to map entities and their access configurations.
• Entity and Activity Graphs: Constructs detailed representations of identities and their actions to identify anomalies and threats.
• Session-Based Analysis: Correlates activities across different layers to provide contextual alerts based on user behavior and access patterns.
• Machine Learning: Utilizes advanced algorithms to reduce alert fatigue by prioritizing significant risks over noise.

Notable Insights: Jason Martin highlights the shift towards proactive identity security as organizations recognize that traditional tools like SIEMs are insufficient for handling identity-based breaches. Permisso addresses this gap by offering a unified view that ties identities through their entire interaction lifecycle.

Notable Quotes:

• "We create entity graph so we understand what is in the environment and then we create an activity graph." – Jason Martin [16:43]
• "It's not any more about a set of risk scanners that run in code and then a completely set of scanners that run in cloud." – Jason Martin [32:58]
• "We're starting to see more interest in proactive purchasing." – Jason Martin [25:30]

Use Cases:

• Breach Detection and Response: Helps organizations identify compromised identities and trace unauthorized activities back to their source.
• Posture Management: Assesses and improves identity configurations to prevent privilege escalation and unauthorized access.
• Multi-Cloud and Multi-IDP Environments: Ideal for large, complex organizations using multiple identity providers and cloud services.

Customer Profile: Permisso targets Fortune 1000 companies with sophisticated security operations centers, multi-cloud infrastructures, and numerous SaaS applications. Their clients typically have thousands of employees and require advanced identity risk assessments to safeguard against evolving threats.

Wiz

Guest: Jung Liu, Senior Director of Product Marketing at Wiz
Timestamp: [27:09] – [39:59]

Overview: Wiz is a comprehensive cloud security platform designed to provide full visibility into cloud environments, prioritize critical risks, and facilitate rapid remediation. Recently, Wiz has expanded its offerings to include code and secrets discovery, enhancing its position as a multi-product security solution.

Key Features:

• Unified Cloud Security: Integrates vulnerability scanning, misconfiguration detection, and sensitive data identification into a single platform.
• Attack Path Analysis: Uncovers comprehensive attack paths that could lead to significant business impacts by connecting vulnerabilities with access permissions.
• Democratized Remediation: Empowers infrastructure and application teams to address security issues directly, ensuring swift risk mitigation.
• Code and Secrets Discovery: Extends cloud security measures into the codebase, enabling early detection of vulnerabilities and exposed secrets within development workflows.
• Integrated Posture and Runtime Monitoring: Combines security posture management with real-time threat monitoring to enhance overall cloud security.

Notable Insights: Jung Liu discusses Wiz's strategy to bridge the gap between cloud security and application security by providing contextual linkages that enable more informed prioritization and remediation. This integrated approach aims to reduce inefficiencies and improve collaboration across security and development teams.

Notable Quotes:

• "We help our customers gain full understanding of everything that is running in their cloud environment and then we help them to prioritize the most critical risk." – Jung Liu [28:09]
• "It's not any more about a set of risk scanners that run in code and then a completely set of scanners that run in cloud." – Jung Liu [32:58]
• "It's about the context of what truly matters that has been lacking." – Jung Liu [34:59]

Use Cases:

• Vulnerability and Misconfiguration Management: Identifies and prioritizes risks based on their potential impact on the cloud environment.
• Secrets Discovery and Code Security: Detects exposed secrets and vulnerable code early in the development process, integrating findings directly into developer workflows.
• Post-Incident Root Cause Analysis: Traces security incidents back to their source in the codebase to prevent future occurrences.
• Infrastructure Monitoring: Extends beyond Kubernetes to monitor various cloud technologies for unusual activities and potential lateral movements by attackers.

Customer Profile: Wiz serves organizations with complex, multi-cloud environments requiring unified security management. Their clients range from medium-sized enterprises to large corporations that value integrated security solutions to enhance their cloud infrastructure's resilience and compliance.

Conclusion

This episode of Risky Business offers deep dives into three cutting-edge security solutions addressing different facets of information security:

• Sandfly Security revolutionizes Linux security with an agentless, comprehensive monitoring platform.
• Permisso advances identity security by creating detailed identity and activity graphs to detect and mitigate identity-based threats.
• Wiz provides a unified cloud security platform that integrates vulnerability management, misconfiguration detection, and code security to prioritize and remediate critical risks effectively.

Each vendor presents unique solutions tailored to the evolving challenges in cybersecurity, making this episode a must-listen for information security professionals seeking innovative tools to strengthen their defenses.

Find More Information:

• Sandfly Security: sandflysecurity.com
• Permisso: permisso.io
• Wiz: wiz.io