logo

⚡ Lightning Talk: Cloud(Security)Events -- A Lightweight Framework for Security Reactions

Authors:   Evan Anderson


Summary

CloudEvents is a lightweight standard for recording and routing event information of all types which is easy to extend and supported by a variety of existing tools. It can help tie many different security tools together, from proactive supply chain vulnerability notifications to real-time monitoring and reactive data collection.
  • CloudEvents is a cncf project to standardize a simple envelope for events
  • It lets you convert things between all the formats that are already out there in the world
  • CloudEvents can be used to be proactive and initiate a security scan or rescan
  • It can also be used to react to security issues and solve problems
  • CloudEvents is not difficult or mysterious, but a helpful tool in the security toolbox for cloud-native practitioners
Falco did a great series of blog posts with eight different systems that you could integrate through Cloud events with Falco sidekick to basically solve the problem of a pod running in a cluster that just started a terminal that's connected to an interactive terminal. You could build yourself a little web shell run it and watch it get shut down.

Abstract

With many different sources of security information, making sense of it all can be daunting. CloudEvents is a lightweight standard for recording and routing event information of all types which is easy to extend and supported by a variety of existing tools. In this presentation, Evan will illustrate how CloudEvents can help tie many different security tools together, from proactive supply chain vulnerability notifications to real-time monitoring and reactive data collection. In less than 5 minutes, we’ll show how CloudEvents is useful as a storage format, a data interchange, and as a mechanism for triggering serverless functions to drive remediation of detected issues. In the end, you’ll discover that CloudEvents is not difficult or mysterious, but a helpful tool in the security toolbox for cloud-native practitioners.

Materials:

Tags: