Last week Jason Rohwedder and I had the privilege of presenting a cloud automation use case at Cloud Security World. Our talk not only covered how we automate much of our security at Risk I/O, but how we use DevOps principles to ensure our security controls are consistent even at a high velocity.
While we have spoken about some of this content before, one thing was very new and in my opinion something that has massive potential to reduce everyone’s Mean Time to Remediate vulnerabilities.
Jason has been working on an open source project called Tattle that when boiled down is a ridiculously simple way to store and regurgitate data. In our case, software version data. Using Tattle allows someone to identify versions of software and packages running in any environment in a Common Platform Enumeration (CPE) format with hooks into many common configuration management tools like Chef, Puppet or Ansible, among others. By using Tattle in combination with the Risk I/O API, you could have a single simple script that queries for software versions running on any given asset and then updates those assets in Risk I/O. From there, Risk I/O will automatically create or close any known vulnerabilities for that particular asset and can alert you on new CVE’s that effect your assets as soon as they are published.
This dramatically lowers your mean time to remediation by avoiding vulnerability signature updates to your scanner and avoiding waiting on scanning windows to identify those new vulnerabilities before determining a course of remediation.
We’re really excited about the potential for Tattle and we’ll be updating this post as we make the source available on Github.
Below is our presentation from Cloud Security World. There are a number of other open source projects we have listed in the Resources to help you with security automation in your environment and hope you can take advantage of these.