Community Knowledge Sharing with CyberNest - Ben Siegel, Aaron Costello - ESW #379
Oct 11, 2024
auto_awesome
Ben Siegel, founder of CyberNest, and Aaron Costello, chief of SaaS security research at AppOmni, dive into the complexities of knowledge sharing in cybersecurity. They discuss overcoming corporate reluctance to share information, emphasizing community-driven collaboration. Aaron highlights the dangers of SaaS misconfigurations, stressing user responsibility. The conversation also touches on the blurred lines of shared responsibility in cloud services and the evolving dynamics of cybersecurity tools and market consolidation.
Building a community for knowledge sharing in information security can overcome corporate reluctance to share valuable insights and resources.
SaaS misconfigurations often arise from user errors, necessitating improved training and documentation from providers to mitigate data exposure risks.
Recent funding activities in cybersecurity showcase significant investments aimed at developing innovative solutions to address pressing security challenges.
The evolving importance of cyber resilience emphasizes the need for organizations to prepare robust strategies against sophisticated digital threats and risks.
Deep dives
Building a Knowledge-Sharing Community
A podcast episode highlights the creation of a knowledge-sharing community by Ben Siegel, founder of CyberNest. The platform focuses on helping IT and security professionals validate and share resources, such as reports and frameworks, enhancing their ability to establish effective security programs. Participants can rate and review content, ensuring trustworthiness and relevance through collective knowledge. This social approach aids members in networking and supports career growth by creating a profile that reflects their expertise and contributions in the industry.
The Challenges of SaaS Misconfigurations
Aaron Costello from App Omni discusses the prevalent issue of SaaS misconfigurations that can lead to significant data exposure. Many organizations struggle with proper configurations, resulting in potential vulnerabilities stemming from user errors rather than vendor failures. As highlighted in the conversation, improved documentation and user feedback mechanisms from SaaS providers could mitigate these risks. Costello emphasizes the need for continuous monitoring and enhanced training to prevent future misconfigurations and protect sensitive data.
Funding News and Market Trends
The episode also presents recent funding activities, showcasing Eon, Resolve AI, and Harmonic Security, who collectively raised substantial sums to enhance their offerings. Eon secured $127 million, demonstrating significant backing for their innovative solutions in the cloud backup space. Resolve AI garnered $35 million for their autonomous platform that tackles production issues, while Harmonic AI raised $17.5 million to advance their focus on data privacy. These investments reflect a growing interest in addressing pressing cybersecurity challenges through innovative technologies that simplify complex processes.
The Importance of Cybersecurity Automation
Tynes, a security automation and orchestration platform, is highlighted for its ability to streamline security operations, allowing teams to react faster and make informed decisions. By automating intricate processes, security practitioners can focus on the most critical tasks without being bogged down by repetitive manual efforts. The integration of automation tools aids organizations in boosting their operational efficiency while ensuring robust security measures are actively in place. This shift signifies the growing recognition of automation's role in enhancing cybersecurity resilience.
The Shift Towards Cyber Resilience
A discussion on the evolving perspective around cyber resilience emphasizes its importance for organizations facing sophisticated digital threats. The 2024 Level Blue Futures Report suggests that while IT leaders note positive outcomes from rapid technological advancements, a staggering 85% also acknowledge the increased risks they entail. Identifying barriers to cyber resilience and the challenges impacting cybersecurity remains crucial in planning for future threats. Organizations must prioritize robust strategies to enhance their resilience, ensuring readiness against potential cyber incidents.
Highlighting the DFIR Reporting Community
The episode showcases the valuable contribution of the DFIR reports, which dissect various threat campaigns and help organizations understand the tactics, techniques, and procedures employed by malicious actors. These reports serve as essential resources for incident response teams, enabling them to learn from past incidents and strengthen their defense strategies. By providing detailed analyses of breaches and attacks, DFIR reports contribute significantly to the broader security community's knowledge base. Engaging with such resources can empower security professionals to proactively address vulnerabilities in their environments.
Reflections on the State of Security Market Consolidation
A thought-provoking conversation emerges about the ongoing security market consolidation and the implications it holds for innovation and competition. Some industry experts argue that while past trends suggest a path towards consolidation, the future might present new opportunities for innovation in response to evolving threat landscapes. As security technology continues to develop and adapt to the digital environment, the industry may see a blend of established players and new entrants aiming to address key security challenges. Understanding the dynamics of this market is crucial for practitioners and organizations navigating their security strategies.
For this interview, Ben from CyberNest joins us to talk about one of my favorite subjects: information sharing in infosec. There are so many amazing skills, tips, techniques, and intel that security professionals have to share. Sadly, a natural corporate reluctance to share information viewed as privileged and private has historically had a chilling effect on information sharing.
We'll discuss how to build such a community, how to clear the historical hurdles with information sharing, and how to monetize it without introducing bias and compromising the integrity of the information shared.
Aaron was already a skilled bug hunter and working at HackerOne as a triage analyst at the time. What he discovered can't even be described as a software bug or a vulnerability. This type of finding has probably resulted in more security incidents and breaches than any other category: the unintentional misconfiguration.
There's a lot of conversation right now about the grey space around 'shared responsibility'. In our news segment later, we'll also be discussing the difference between secure design and secure defaults. The recent incidents revolving around Snowflake customers getting compromised via credential stuffing attacks is a great example of this. Open AWS S3 buckets are probably the best known example of this problem. At what point is the service provider responsible for customer mistakes? When 80% of customers are making expensive, critical mistakes? Doesn't the service provider have a responsibility to protect its customers (even if it's from themselves)?
These are the kinds of issues that led to Aaron getting his current job as Chief of SaaS Security Research at AppOmni, and also led to him recently finding another common misconfiguration - this time in ServiceNow's products. Finally, we'll discuss the value of a good bug report, and how it can be a killer addition to your resume if you're interested in this kind of work!
