Risky Business Snake Oilers: Sandfly Security, Permiso and Wiz
Oct 1, 2024
This episode features insights from guests representing Sandfly Security, Permiso, and Wiz. Sandfly discusses their innovative agentless approach to securing Linux systems, tackling challenges like SSH key management. Permiso emphasizes machine learning in identity security, focusing on proactive measures to detect threats. Wiz explores cloud security vulnerabilities and the importance of integrating safety measures into coding practices. Together, they shed light on the evolving landscape of cybersecurity and its critical role in today's digital world.
AI Snips
Chapters
Transcript
Episode notes
Agentless Linux Detection At Scale
- Sandfly inspects Linux systems agentlessly by SSHing in and running short Go binaries that self-destruct after collecting data.
- This approach expands coverage across kernels and devices while avoiding kernel-level instability and heavy QA costs.
Perform Fast, Low-Impact Forensic Checks
- Use SSH access and ephemeral binaries for fast, low-impact forensic checks that finish in 30–60 seconds.
- Limit privileges (e.g., use sudo controls) and integrate with key vaults to reduce exposure when scanning hosts.
Look Beyond Logs For Linux Compromise
- Sandfly focuses on compromise indicators beyond logs: suspicious processes, user anomalies, log tampering, and file/directory changes.
- Many Linux threats avoid logs, so detecting tampering and runtime anomalies is more effective than log-only monitoring.