Permiso Security Inc. Emerging Identity Threat Detection and Response Today is a set of three open source tools that help security teams enhance their detection capabilities for a variety of tasks.
The first new open source tool, called DetentionDodger, focuses on identifying and mitigating risks associated with credential leaks. The tool scans CloudTrail logs to detect failed policy attachments and lists identities with the quarantine policy, highlighting users whose privileges may have been compromised. By analyzing embedded and attached policies, the tool assesses the potential impact of leaked credentials based on user privileges.
DetentionDodger helps security teams proactively address threats by providing detailed insights into the security posture of identities within their cloud environments. The tool ensures that organizations can quickly identify vulnerabilities and take corrective actions to protect sensitive resources.
Second today, BucketShield, is designed to monitor and alert on Amazon Web Services Inc. buckets. S3 and CloudTrail log activities. The tool ensures a continuous flow of logs from AWS services to S3 buckets to mitigate the risk of misconfigurations that could disrupt log collection.
The tool also features support for real-time tracking of identity and access management roles, key management service configurations and S3 log streams to help maintain an audit-ready cloud environment. BucketShield gives security teams visibility into critical log activities and ensures all events are logged, allowing organizations to quickly detect and respond to potential issues.
The third tool released today, called CAPICHE Detection Framework, is an open source tool designed to simplify the process of creating cloud API detection rules. It allows defenders to create multiple discovery rules from API blocks, even when the full API names are not known, simplifying the discovery translation path and making it more accessible to security teams. Using the CAPICHE detection framework, organizations can quickly adapt their defenses to evolving cloud threats by automating the creation of rules, and in doing so, help security teams stay ahead of potential attacks, the company says.
“The learning curve for discovery in the cloud is steep and our goal is to help security teams enhance their discovery across their cloud environments without having to purchase commercial software solutions like a SIEM,” said Jason Martin, co-founder and co-CEO. . “We are committed to providing resources that can help the broader security community defend against the tactics, techniques and procedures used by modern threat actors.”
The three new open source tools released today bring the total number of open source tools released by Po Labs to 10.
Previous open source releases this year of Permiso include Cloud Console Cartographer, a tool that helps security teams understand console-based event activity in their AWS logs, and SkyScalpel, a tool that helps offensive and defensive security professionals understand how policies can be obfuscated. They are targeted by threat actors so that they are not detected in the environment.
Photo: SiliconANGLE/Ideogram
Your upvote is important to us and helps us keep the content free.
One click below supports our mission of providing free, deep, relevant content.
Join our community on YouTube
Join a community of over 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies Founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more notable figures and experts.
Thank you
