yes it's bit hard to manage overwhelming alerts, we need to do heavy tuning to make it suitable for operations. also severity associated with these alerts not always correct.
@@kirangavara 100%, most tools are designed for broad-based detection that is dependent on binary controls (limited), signatures (limited), and profiling (can be erroneous). What will help is the old sliding scale of adversary vs defender - we have to be aware of their TTP (that is always evolving) and tools that are empowered with this rich database (think threat research) to the specific asset (workload) you are protecting is needed. For eg, there is no value in a tool that is a linux supported EPP when your target is Windows.
Thnq Ashish for sharing Another precise video for these buzz words. And products from various vendors are using marketing strategies to cash out. But in reality there is lot of noise and false positives. Mostly capability and resources issues to manage these tools, is an overhead to Org. Plz do a video on how to do atleast 80% of Observability setup for all type of Workloads on cloud like CNAPP...
a whole new rash of "data-centric" cloud security tools... Gartner just defined, Data Security Posture Managment (DSPM). We add Data Discovery, Data Access Control (DAC), and Data Detection and Response (DDR)
@@CloudSecurityPodcast few CNAPP players through - IMO only Aqua Security & Prisma Cloud (They've been around since the early days and cover most of what Gartner defines them Supply Chain, CSPM, CWPP, CIEM etc).
hi want to guide for career in cloud security certification. I have completed az-500 certificate. after that what should I do my I know,please help me now I am working as cloud operation engineering
In limited context, they could be - if inline prevention can be taken out of the equation or if the rapid detection can lead to network isolation using the control plane. For, e.g., in the K8s context using behavioural detection/signatures etc., determine a pod is compromised, then use API to block its network connectivity or kill the pod to mitigate the propagation of potential privilege escalation, lateral movement etc. Other use cases in Cloud Native Workloads are possible eg serverless I would imagine.
I would be careful when presenting these tools, a lot of times the assumption is that CSPM will "make me compliant", and unscrupulous sales reps will try to capitalize on that. The CSPM tool is only as effective as its ability to ingest, process and map the findings in clouds. An unsupported cloud resource or an unchecked framework/standard means gaps. The CSPM tools for Compliance Control should be taken with a grain of salt, and are fine for "check in the box" and a litmus to overall health - but should not be confused with Security!
@@CloudSecurityPodcast yes, its my personal opinion, paloalto keeps on innovating 💡 and they will be bringing SCA capability to prisma cloud to make more devsecops friendly
IMO Technical Leader - no. Prisma Cloud is a stiched-up solution that had decent product acquisitions that gave it a breadth of coverage but NOT depth in all cases. The self-developed capabilities lack widespread adoption and are a failed start, their version of WAF, and CIEM for example have limited use cases in the Cloud world (from a capability and cost perspective. Their Shift left Capability is extremely limited (IaC scanning, no integrated code scanning) and the recent foray into Supply Chain through acquisition is an attempted bolt-on. Do not even get me started on the CWP/twist lock that is "noisy" and does not look like it stops attacks. Good at marketing though. Gotta peel the layers of the Onion :)
Checkout our FREE & Paid Cloud Security Training at www.cloudsecuritybootcamp.com
Thanks man. I am routing for cloud security.
very good non-technical examples that made the concepts easy to understand
Glad it was easy to understand. Any cloud security topic that is top of mind for you at the moment?
Would like to hear your views on how to monitor alerts on cloud better !!!
noted! Thank you Anshul
yes it's bit hard to manage overwhelming alerts, we need to do heavy tuning to make it suitable for operations. also severity associated with these alerts not always correct.
@@kirangavara 100%, most tools are designed for broad-based detection that is dependent on binary controls (limited), signatures (limited), and profiling (can be erroneous). What will help is the old sliding scale of adversary vs defender - we have to be aware of their TTP (that is always evolving) and tools that are empowered with this rich database (think threat research) to the specific asset (workload) you are protecting is needed. For eg, there is no value in a tool that is a linux supported EPP when your target is Windows.
Thnq Ashish for sharing
Another precise video for these buzz words.
And products from various vendors are using marketing strategies to cash out.
But in reality there is lot of noise and false positives.
Mostly capability and resources issues to manage these tools, is an overhead to Org.
Plz do a video on how to do atleast 80% of Observability setup for all type of Workloads on cloud like CNAPP...
Would love to see video on CIEM for seeing in real world use cases.
noted for a future video - thank you Vineet!
@@CloudSecurityPodcast Keen as well. I have found most implementations by current vendors of CIEM to be basic and limited.
Really informative and easy to understand, keep it up bro
Glad you got value from this Chirag!
Thank you @Chirag Nayyar ! Is there a Cloud Security Topic that is top of mind for you that we can cover on the Channel?
a whole new rash of "data-centric" cloud security tools... Gartner just defined, Data Security Posture Managment (DSPM). We add Data Discovery, Data Access Control (DAC), and Data Detection and Response (DDR)
Gartner do love their acronyms, to be fair it does help defenders understand the challenge and appropriate response.
Loved this! Would love to see more jargons being broke down into more consumable nuggets 🎉
If only we had such good and easy-to-understand content when I started! Took a while to wrap my head around this when I started years ago :)
@@devsecop4284 Is there a Cloud Security Topic that is top of mind for you that we can cover on the Channel?
Thank you Pratistha! Is there a Cloud Security Topic that is top of mind for you that we can cover on the Channel?
Can you give examples of CWPP and CSPM vendors?
Palo Alto Prisma Cloud, Wiz, Lightspin, Orca Security & many more - most of them are covering both and CNAPP too.
Hope this answered your question?
@@CloudSecurityPodcast few CNAPP players through - IMO only Aqua Security & Prisma Cloud (They've been around since the early days and cover most of what Gartner defines them Supply Chain, CSPM, CWPP, CIEM etc).
hi want to guide for career in cloud security certification.
I have completed az-500 certificate.
after that what should I do my I know,please help me
now I am working as cloud operation engineering
very nice
Can you discuss how some CNAPP vendors can be 100% agentless?
In limited context, they could be - if inline prevention can be taken out of the equation or if the rapid detection can lead to network isolation using the control plane. For, e.g., in the K8s context using behavioural detection/signatures etc., determine a pod is compromised, then use API to block its network connectivity or kill the pod to mitigate the propagation of potential privilege escalation, lateral movement etc. Other use cases in Cloud Native Workloads are possible eg serverless I would imagine.
Should we call these tools frameworks as well?
i personally wouldn't call them framework as they features expected from the 4 Cs.
I would rather say, you could use these tools to comply with your compliance framework control requirements
@@kirangavara Thanks for clarifying. That means the tools are solutions to achieve compliance.
I would be careful when presenting these tools, a lot of times the assumption is that CSPM will "make me compliant", and unscrupulous sales reps will try to capitalize on that. The CSPM tool is only as effective as its ability to ingest, process and map the findings in clouds. An unsupported cloud resource or an unchecked framework/standard means gaps. The CSPM tools for Compliance Control should be taken with a grain of salt, and are fine for "check in the box" and a litmus to overall health - but should not be confused with Security!
Palo Alto Prisma Cloud leader in this category followed by few other
Would you say in your personal opinion Palo Alto is good in all of these categories?
@@CloudSecurityPodcast yes, its my personal opinion, paloalto keeps on innovating 💡 and they will be bringing SCA capability to prisma cloud to make more devsecops friendly
IMO Technical Leader - no. Prisma Cloud is a stiched-up solution that had decent product acquisitions that gave it a breadth of coverage but NOT depth in all cases. The self-developed capabilities lack widespread adoption and are a failed start, their version of WAF, and CIEM for example have limited use cases in the Cloud world (from a capability and cost perspective. Their Shift left Capability is extremely limited (IaC scanning, no integrated code scanning) and the recent foray into Supply Chain through acquisition is an attempted bolt-on. Do not even get me started on the CWP/twist lock that is "noisy" and does not look like it stops attacks. Good at marketing though. Gotta peel the layers of the Onion :)
@@kirangavara acquisition != innovation :)
@@devsecop4284 It is not but they do not want to reinvent the wheel when they have cash to buy innovation built by others :)