News, news analysis, and commentary on the latest trends in cybersecurity technology.
Detecting Cloud Threats With CloudGrappler
The open source tool from Permiso can help security teams identify threat actors lurking within their AWS and Azure environments.
With organizations depending more on cloud infrastructure for their operations, enterprise defenders need tools that can help them monitor their cloud environments and detect threat actors before they can cause too much damage. CloudGrappler is a new open source tool from Permiso designed to scan an organization's Azure and Amazon Web Services environments looking for tactics, techniques, and procedures (TTPs) used by threat actors.
Security teams define a list of data sources that should be included in the scan and a list of predefined TTPs commonly used by cloud threat actors, and CloudGrappler scans logs and other events data to deliver a JSON report with a detailed breakdown of everything it finds. The security team can also add new queries dynamically to the input file, create a new input file with multiple queries, and define ways to filter the results based on criteria like date range and file size.
CloudGrappler uses cloudgrep, originally developed by Cado Security, to query cloud environments.
The tool captures relevant metadata, such as time stamps, resource names, and file paths. When the scan completes, CloudGrappler correlates the results with Permiso's threat intelligence data to provide context around the detected events, including details about the associated threat actor, severity level, and risk assessment. The scanning tool can query for specific threat actors, look for single events, or provide granular incident analysis, Permiso said.
About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024