At Cribl, we take a dynamic approach to balancing innovation and a comprehensive security posture in Cribl.Cloud. One of our core values, "Customers First," underpins our rigorous commitment to cloud security, driving continuous enhancements in protection, monitoring, and incident response.
Isolation Models for Stronger Security
Cloud architecture decisions, such as choosing between single-tenant and multi-tenant deployments, significantly impact your security posture. At Cribl, we’ve implemented stringent isolation models, leveraging cloud platform boundaries and clearly separating product-related accounts from corporate accounts. This foundational approach ensures our infrastructure remains secure and resilient against threats.
Visibility Is the Key: Securing What You Can See in the Cloud
Visibility is fundamental in cloud security, particularly in fast-paced, cloud-native environments. Comprehensive visibility into configurations and precise ownership tagging for resource management are essential. Early in Cribl’s journey to secure Cribl.Cloud, we deployed a Cloud Security Posture Management (CSPM) solution to automate visibility and tagging processes. After all, identifying ownership is critical—you can't secure effectively if you can't trace responsibility.
Monitor, Monitor, Monitor
At Cribl, we've implemented a world-class cloud security monitoring solution that gives us near real-time visibility into our inventory and configurations. Not only do we see detailed information on our assets, but the solution also catalogs all system components. This means we can quickly pinpoint end-of-life components and other issues that need our attention. Organizations aiming to enhance cloud security should adopt similar monitoring capabilities to maintain a proactive defense.
Attack Surface Monitoring
Monitoring the attack surface within cloud environments is crucial for gaining valuable context of your managed environment. Knowing details about the assets that belong to your cloud environment and making a concerted effort to protect public exposure when possible are foundational to a cloud security program. Taking it one step further, Cribl has created custom rules for the baselines of open ports within the product and will alert you if something falls outside of those boundaries, a detection to be thoroughly investigated by Cribl’s security teams.
Cloud Security Is a Team Sport
Open or vulnerable ports attract rapid attention from attackers, sometimes within minutes of deployment. We leverage such scenarios as teachable moments, embedding best practices into our organization's culture, even in development or sandbox environments.
Each time the team uncovers a security best practice issue in any cloud environment, we reach out and the product security team will work in any capacity necessary to resolve the issue and provide an opportunity to talk through recommended ways of doing it.
Cribl product security performed a root cause analysis of the top five security classes of issues over a period of time and created a focused security champions session that covered AWS best practices where it would remediate all the top issues. To read more about security champions at Cribl see this awesome blog by Liam McGovern that outlines our approach to security champions.
Misconfigurations Are Treated as Vulnerabilities
At Cribl, we treat security misconfigurations with the same urgency as software vulnerabilities. Our internal triage processes swiftly address high and critical severity issues. Vulnerabilities are systematically logged, ticketed, and mapped to an established gold-standard workflow to ensure consistency and efficiency.
We employ robust vulnerability scanning tools that identify operating system-level, software package, and container vulnerabilities daily, reinforcing comprehensive protection across our environments.
Enhancing Security: Leveraging Threat Intelligence with Cloud CSPM Data
Our CSPM platform provides dynamic capabilities to rapidly identify configuration vulnerabilities associated with high-profile threats, such as the infamous Log4Shell vulnerability. This capability allows us to prioritize remediation based on factors like public exposure and high privileges. Additionally, integrated threat intelligence enriches detection logs, providing security analysts with actionable context for threats detected within our infrastructure.
Context Based Cloud Threat Detection
Cribl is a security company adept at managing logs and ensuring they are routed to the right place efficiently. Multiple best practices around log sources within our cloud platforms that provide anomalous detection capabilities flow into our cloud security tooling. This allows us to correlate additional information about the target of an attack. If a specific identity is involved, we can easily get to all events by that specific identity or any related events.
Speeding Up the Hunt: Accelerating Threat Detection
Recognizing that cloud-native log data might occasionally leave detection gaps, we've augmented our defenses with lightweight, real-time detection agents that integrate with Cribl’s security control plane. These agents specifically target attacks that might evade traditional logging mechanisms, ensuring comprehensive protection from advanced threats targeting cloud infrastructure.
Constant Vigilance: Always Ready for the Hunt
As a part of our overall program, we are prepared to perform threat hunting through both our native and vendor-based tools. Investigation into an issue might provide guidance for a future threat hunting exercise. Our combination of tools and data allows us to focus and be incredibly precise about what we are looking for.
For an in-depth exploration of our threat-hunting approach using Cribl Search, refer to Robert Lackey's insightful blog here.
Wrap Up
Integrating all these security capabilities into a unified control plane enhances our ability to swiftly detect, analyze, and remediate threats. Advanced security graphs further streamline root cause analyses and bolster incident response effectiveness across our cloud resources. At Cribl, we remain committed to ongoing improvement and are dedicated to fostering secure, reliable cloud environments for our customers.
