Jesse Trucks is the Minister of Magic at Splunk, where he consults on security and compliance program designs and develops Splunk architectures for security use cases, among other things. He brings more than 20 years of experience in tech to this role, having previously worked as director of security and compliance at Peak Hosting, a staff member at freenode, a cybersecurity engineer at Oak Ridge National Laboratory, and a systems engineer at D.E. Shaw Research, among several other positions. Of course, Jesse is also the host of Meanwhile in Security, the podcast about better cloud security you’re about to listen to.

Links:

• Autonomous drone attacked soldiers in Libya all on its own: https://www.cnet.com/news/autonomous-drone-attacked-soldiers-in-libya-all-on-its-own/
• 3 SASE—or ‘sas-ee’-Misconceptions to Consider: https://www.darkreading.com/cloud/3-sase-misconceptions-to-consider-/a/d-id/1341088
• Chinese APT Groups Continue to Pound Away on Pulse Secure VPNs: https://www.darkreading.com/attacks-breaches/chinese-apt-groups-continue-to-pound-away-on-pulse-secure-vpns/d/d-id/1341174
• Cybersecurity M&A Roundup: 36 Deals Announced in May 2021: https://www.securityweek.com/cybersecurity-ma-roundup-36-deals-announced-may-2021
• The VC View: Identity = Zero Trust for Everything: https://www.securityweek.com/vc-view-identity-zero-trust-everything
• Three Things Holding Back Cloud Security: https://securityboulevard.com/2021/05/three-things-holding-back-cloud-security/
• What does the Future Hold for Cloud Security: https://hackernoon.com/what-does-the-future-hold-for-cloud-security-i82e35md
• Report: Cloud Security Breaches Surpass On-Prem Ones for the First Time: https://www.mariakorolov.com/2021/report-cloud-security-breaches-surpass-on-prem-ones-for-the-first-time/
• What is DevSecOps, and how Can it Improve Your Security: https://biztechmagazine.com/article/2021/05/what-devsecops-and-how-can-it-improve-your-security-perfcon
• State of Security Research Zeroes in on Data Strategies: https://www.splunk.com/en_us/blog/leadership/state-of-security-research-zeroes-in-on-data-strategies.html

Transcript

Jesse: Welcome to Meanwhile in Security where I, your host Jesse Trucks, guides you to better security in the cloud.

Announcer: If your mean time to WTF for a security alert is more than a minute, it’s time to look at Lacework. Lacework will help you get your security act together for everything from compliance service configurations to container app relationships, all without the need for PhDs in AWS to write the rules. If you’re building a secure business on AWS with compliance requirements, you don’t really have time to choose between antivirus or firewall companies to help you secure your stack. That’s why Lacework is built from the ground up for the cloud: low effort, high visibility, and detection. To learn more, visit lacework.com. That’s lacework.com.

Jesse: Automation of processes is crucial for speed and reliable repeatability. However, automating tasks and procedures should be done with a certain amount of caution. Start by automating discrete tasks, then group or chain those tasks after thorough testing for safety. As you build experience and confidence in these groups of tasks, you can automate larger collections of operations. This is where security orchestration, automation, and response—or SOAR platforms—are critical to maintain automated operations in a cost-effective manner with minimal overhead.

In large-scale dynamic cloud deployments, whether using full-system stacks, containers, or cloud-native microservices, automating security operations is a requirement for functional response. This necessitates a high level of trust in your automation. Likely you’ll migrate into more machine learning and fuzzy-logic-based decision criteria that could have unintended consequences if you don’t put the right guardrails in place. Unfettered machine-based decision-making is how Skynet [laugh] is born. Please do be careful on your testing and implementation and production.

Meanwhile, in the news. Autonomous drone attacked soldiers in Libya all on its own. This is Skynet straight out of a Terminator movie. Remember this story when you are implementing automation in your environment. Unchecked and unmonitored automation can cause serious problems where there were none.

3 SASE—or ‘sas-ee’—Misconceptions to Consider. If you thought this was about self-addressed stamped envelopes, you are at least as old as I am. It’s pronounced ‘sas-ee’, which is all wrong phonetically. SASE, like my dog named Sassy, is a very valuable member of the family, but it won’t cure all your woes.

Announcer: This episode is sponsored by ExtraHop. ExtraHop provides threat detection and response for the Enterprise (not the starship). On-prem security doesn’t translate well to cloud or multi-cloud environments, and that’s not even counting IoT. ExtraHop automatically discovers everything inside the perimeter, including your cloud workloads and IoT devices, detects these threats up to 35 percent faster, and helps you act immediately. Ask for a free trial of detection and response for AWS today at extrahop.com/trial. That’s extrahop.com/trial.

Jesse: Chinese APT Groups Continue to Pound Away on Pulse Secure VPNs. I hope you’ve patched your Pulse Secure VPN because if you haven’t, a nation-state will own you soon. Go patch it and turn up monitoring if you haven’t already.

Cybersecurity M&A Roundup: 36 Deals Announced in May 2021. None of us should wonder why the cybersecurity vendor market is so confusing after seeing the list of mergers that happen routinely. Just like with other tech markets, the big companies are slowly eat...