News, news analysis, and commentary on the latest trends in cybersecurity technology.
Detecting Cloud Threats With CloudGrappler
The open source tool from Permiso can help security teams identify threat actors lurking within their AWS and Azure environments.
With organizations depending more on cloud infrastructure for their operations, enterprise defenders need tools that can help them monitor their cloud environments and detect threat actors before they can cause too much damage. CloudGrappler is a new open source tool from Permiso designed to scan an organization's Azure and Amazon Web Services environments looking for tactics, techniques, and procedures (TTPs) used by threat actors.
Security teams define a list of data sources that should be included in the scan and a list of predefined TTPs commonly used by cloud threat actors, and CloudGrappler scans logs and other events data to deliver a JSON report with a detailed breakdown of everything it finds. The security team can also add new queries dynamically to the input file, create a new input file with multiple queries, and define ways to filter the results based on criteria like date range and file size.
CloudGrappler uses cloudgrep, originally developed by Cado Security, to query cloud environments.
The tool captures relevant metadata, such as time stamps, resource names, and file paths. When the scan completes, CloudGrappler correlates the results with Permiso's threat intelligence data to provide context around the detected events, including details about the associated threat actor, severity level, and risk assessment. The scanning tool can query for specific threat actors, look for single events, or provide granular incident analysis, Permiso said.
About the Author
You May Also Like
How to Evaluate Hybrid-Cloud Network Policies and Enhance Security
September 18, 2024DORA and PCI DSS 4.0: Scale Your Mainframe Security Strategy Among Evolving Regulations
September 26, 2024Harnessing the Power of Automation to Boost Enterprise Cybersecurity
October 3, 202410 Emerging Vulnerabilities Every Enterprise Should Know
October 30, 2024
State of AI in Cybersecurity: Beyond the Hype
October 30, 2024[Virtual Event] The Essential Guide to Cloud Management
October 17, 2024Black Hat Europe - December 9-12 - Learn More
December 10, 2024SecTor - Canada's IT Security Conference Oct 22-24 - Learn More
October 22, 2024