![osquery vs sysdig osquery vs sysdig](https://sysdig.com/wp-content/uploads/2017/08/Screen-Shot-2017-08-22-at-7.53.03-AM.png)
You should put your initial focus on getting a broad coverage of Not only they can be a huge time sink, but they are also an inefficient use Let me repeat it you can’t secure what you don’t understand.Ī caution of warning: avoid rabbit holes It is important to stress that you need to understand how something works before securing (or attempting to secure) it. Once you have a clear picture of what you need to secure, improve the overall security and maturity of the organization). extinguishing the fires) and long term goals (a.k.a. These risks will then be essential to put together a well-thought roadmap that addresses both short (a.k.a. To familiarise yourself with a new environment and, as a good side-effect,
#Osquery vs sysdig code#
Complete by mapping the environments and workloads to their originating source Code (a.k.a.Continue by understanding the technology powering the company’s Workloads.We can split the process into different abstraction levels (or “ Phases”), from cloud, to workloads, to code: Luckily, abstraction works in our favour. What kind of questions should you ask yourself? Although the rest of the post is more tailored towards internal teams, the same concepts can also be used by consultancies. You are delivering a consulting engagement: This is different from the previous 2, as this usually means you are an external consultant.You are going through a merger or acquisition: Congrats (I think?)! You now have a completely new setup to review before integrating it with your company’s.You are starting a new job/team: Congrats! You are the first engineer in a newly spun-up team.There are multiple situations in which you might face a (somewhat completely) new environment: Subsequent security reviews and prioritization of the The outcome of this investigation can then be used to inform both Having a mix of workloads (from container-based, to serverless, to legacy VMs). The security architecture of a multi-cloud SaaS company, Part of the “ Cloud Security Strategies” series,Īims to provide a structured approach to review
![osquery vs sysdig osquery vs sysdig](https://1.bp.blogspot.com/-ncx80gX0b1g/XO89POvQc8I/AAAAAAAABWk/yeupkmvjl94eV_Oi2ffdGs5o7KA_YsPnACLcBGAs/s1600/ugly.png)
Getting up to speed in a new environment (or company altogether)Īnd finding its most critical components. Here I want to tackle precisely the challenge many (new) teams face: Trying to either get things started or improve what they have already. “ That’s great, but how do you even know what to prioritize?”įrom the security team of a small but growing start-up toĪ CTO or senior engineer at a company with no cloud security team That can be rolled out to establish such cloud security program:įollowing that post, one question I got asked was: The result can be found in a micro-website which contains the list of controls Outlining some advice that can be undertaken toĮstablish a cloud security program aimed at protectingĪ cloud native, service provider agnostic, container-based offering. “ On Establishing a Cloud Security Program”,
![osquery vs sysdig osquery vs sysdig](https://cdn2.hubspot.net/hubfs/2617658/Osquery%20Resource%20Hub%20Thumbnails/Thumb_Palantir_AuditingosqueryP2.png)
Stage 3: Understand the network architecture.Stage 2: Identify the primary tech stack.Stage 1: Understand the high-level business offerings.Stage 8: Identify existing security controls.Stage 7: Understand the current secrets management setup.Stage 6: Understand the current monitoring setup.Stage 5: Understand the current IAM setup.Stage 4: Understand the network architecture.Stage 3: Understand what is running in the Accounts.Stage 2: Understand the high-level hierarchy.