Salt Air 29 – Use SaltStack to take back control of the security window

February 15, 2019 - Thomas Hatch

Control the Security Window

The window of time between the discovery of a security vulnerability and exploitation of that vulnerability is constantly shrinking. Enterprise security and IT operations teams are racing against the clock to protect their businesses against rapidly proliferating threats. The task is becoming more complex and the remediation window is shrinking. Control your security windows.

Watch this episode of Salt Air and learn how SaltStack SecOps can help automate rapid discovery and remediation of cybersecurity vulnerabilities to ultimately protect and secure digital business infrastructure from escalating threats, and tighter control of security windows.

“Welcome to another episode of Salt Air. My name is Tom Hatch. I’m the creator of Salt and the CTO of SaltStack. Now, I’m gonna talk about a concept inside of security. When we’re looking at securing an infrastructure, there are a myriad of tools out there that make it possible. As we’ve gone back, and we’ve talked to chief security officers, chief information officers, as well as many of the people involved in this process, the security team and the infrastructure teams. We’ve gone through and tried really hard to understand, what is it that they actually want? What can we do to actually deliver real security? As we’ve looked out there, many of the vendors that exist are much more focused around quarantining as well as detecting issues as they happen, as opposed to building a very legitimate shield. We’ve also talked to a lot of infrastructure teams about how they’re doing with enforcing different standards and being able to take things like the CIS standards. We were just making sure that their infrastructures are up to date and properly patched in a timely manner. What we’ve emerged with, is not only a number of worrying discoveries that a lot of infrastructures out there just aren’t set up to be as secure as they need to be but, we’ve also discovered that what people would really want to have is something that we began to feel people have given up on. The idea that actually being able to have an assurance that their infrastructure is securely configured to the best of their knowledge within a period of time or the enforcement of a security window. The idea of a security window is pretty straightforward. What we’re looking at is that as time moves forward new security threats emerge and changes can happen to an infrastructure. It’s easy to be able to have some config changes happen as an infrastructure just moves along, or there are no CVE’s that come out. We’re able to see that oh there’s a major kubernetes vulnerability or there’s something wrong with open SSL again. As the clock ticks, infrastructures naturally become less secure and so we wanted to be able to ask, how is it that we would reset that clock back to zero where we have a known good secure state for an infrastructure? The question arose, what are the components that really need to be enforced to have a secure infrastructure? For SaltStack we came back and said let’s focus on these two areas the configuration security and the software update and patch security. Configuration security is a complicated thing, there are hundreds of pages to CIS and disastig audits. Being able to enforce all of them is something that we rarely see infrastructure teams do in a clear concise and reliable manner. What we’ve done is put together a system which uses Salts configuration management to remote execution and event-driven paradigm to deliver the tools that allow within a few clicks to get into a configuration compliance scenario…” – Thomas Hatch

Watch Salt Air on: YouTube

Listen to Salt Air on: SoundCloud | Spotify | iTunes