Exploring the Wiz Cloud Security Platform

John Hammond · Beginner ·🔐 Cybersecurity ·1y ago

Key Takeaways

The video explores the Wiz Cloud Security Platform, a cloud security platform that provides 100% visibility and big picture coverage of entire business environments, and demonstrates its features and tools for cloud security, vulnerability management, and AI security.

Full Transcript

Cloud security isn't just the cheesy saying of oh it's someone else's computer even with hosting providers like AWS gcp Azure and more it's still your operational infrastructure and your attack surface but between all the different kinds of cloud Technologies even mixing in container security kubernetes and AI there is a lot to juggle obviously it's a whole another world compared to traditional endpoint security so look let me tell you about some sweet tooling that you can use to not just gain visibility over all your Cloud assets but even detect and prevent against threats all with the context of your entire environment and let me be straight up this is a fully featured and dedicated video for our sponsor whiz but hey we use whiz like at my day job we love it everyone I know that uses whiz absolutely loves it and by the way they're kind of the fastest growing software company like literally ever and even Google wanted to buy them for like $23 billion that's the biggest one of cash they've ever put on the table so seriously whiz is a big deal and they're freakin fantastic they do also have a ton of sweet free educational resources like a CTF or Capture the Flag war game equivalent I've showcased their eks cluster games a bit before but a really cool new one they have is prompt Airlines that's online at prompt airlines.com and it's all about about AI security and those prompt engineering tricks super cool stuff but anyway let me show you a bit of their platform whiz connects to your environment and then scans everything without an agent so you get that 100% visibility and the big picture coverage of your entire business and then it calculates all the potential risk factors across your org think like Network exposure vulnerabilities identity threats misconfigurations everything they do all this with that holistic approach and context to track down what they call toxic combinations that a threat actor or any attacking adversary could leverage those are at the end of the day the most critical risks that you want to solve within your environment to improve your security posture but let's check out the dashboard we can dive into one of those critical risks and a toxic combination as an example of what might threaten your business here's a simple one right let's start small let's say there was a publicly exposed virtual machine or seress function that has a super high severity vulnerability affecting it there's a known public exploit out and about already in the wild and worst of all this Cloud asset actually has access to sensitive data within your orc but look at the coolest part here check out that attack path visualization whiz will give you basically a whole flowchart as to how this goes down you can see all of the involved resources what the potential damage and impact might be and it'll even cover some of the remediation we'll touch on that in a sec but I do want to show you the security graph here say you've got an AWS ec2 instance that you can see is absolutely publicly exposed and if you want you can totally click into this this is all interactive here with that you can see the exact path and route to the internet like you've got your load balancer all the network in your faces you know but if you click into any of the end points you can get the external perspective like what does this attack surface look like from the outside and there's no secrets here right oh just a classic HTTP 200 status okay and a typical engine X server just doing its thing but I do love that it captures a screenshot and it really renders what it looks like in a web browser even something as simple as that can really help you uncover stuff that you just don't want to be publicly exposed what about that vulnerability though we can drill down into it and see that it is cve 2020 9283 now I know that for some team members I'm thinking like upper management or whatever they don't particularly care about what that cve identifier is or all the tech details but maybe you or us Tex at the end of the day want to get that detail all in all we know that it's bad and we want to get that vulnerability fixed you've got all the technical Insight outlined here and you can even see just how readily available an exploit is like in this case it's just flat out on exploit DB but keep in mind the context here whiz is going to give you all that visibility so you know that this threat will offer access to an IIM role there's a whole identity aspect here and following through the green colors here you can see that I IM roll has access to other S3 buckets maybe like internal storage right and that has some sensitive stuff pii emails data that you just don't want to have compromised from Cradle to grave though what we're looking at is the big picture for what could totally be a data breach that could be something in the news or headlines for your business and I know when we say oh it's in the cloud it's someone else's computer the onus and ownership of security is still on you so it's a matter of having that visibility to even first identify and then correlate what leads to what in your environment that is a toxic combination and with whiz you got all the actionable details to tell you this is a critical risk if you wanted to interrogate a little bit more though you can get the full details of that cloud asset you can see that it might be running Docker containers maybe some kubernetes in the mix and even other vulnerabilities that whiz discovered so what do we do how do we fix this up well you've got this remediation tab right over here that gives you the play-by-play instructions as to what to change now obviously this varies right from one issue to another and some of the bullet points might have to be a little bit more generic or strategic than tactical but at the bottom here you can just as easily gener generate remediation steps for whatever solution you might be working with you've got the classic command line you've got the AWS console terraform and more if you've connected whiz to your GitHub source code repository in cicd pipeline whiz can even trace the vulnerability through the pipeline back to the code and person that committed it all using the graph and even give you a single click pull request to fix it and if you want an easy button you can click that ask AI magic and have that clean all things up for you with a little bit more brass tax details and speaking of AI I know it's a Hot Topic but it's obviously very real and here to stay so when we dig into AI security whiz has a ton of functionality to protect you there too but it's the real stuff it's not like fluff or just throwing buzzwords around they're literally tracking what AI Services you in your organization might be using even if you don't even realize like services that are just offered by the cloud providers themselves or in apps that you might use or even your own models that you might use in your infrastructure obviously a lot of folks rush to adopt AI crazy fast and security hasn't really been on the Forefront of their minds in that process so again first pillar of our process here whiz and their agentless scanning is going to build out that inventory of what AI components are in your environment you can see here some of the platform as a service tricks that P s acronym things like AWS Bedrock Sage maker Azure open Ai and all those super handy here though to see at a glance how many resources utilize this or how many instances of this you have in your environment across different projects for each and every component you've got the visibility of your hosted AI models like hugging face here Lang chain and all the other software tidbits you have that are related to AI but the biggest thing here are these exposed secrets or sensitive API Keys obviously that's Bad News Bears and look I'm sorry i' I'd love to ask i' love to get your opinion right how many orgs do you think even have an inventory like a list of things like this not even in the direction of AI but just an asset and application inventory do you have an accurate upto-date and ultimately documented asset inventory especially for cloud infrastructure anyway I don't mean to fall down the rout hole here I'm sorry but I do think that is one of the most awesome parts of whiz and that's like part number one whiz is doing the same toxic combination analysis even for AI and a ton of their researchers are digging into these threats and seeing what other risks exist they have one use case here that I'd love to show off because this is an attack technique that targets exposed buckets that have ai training data but it's World writable so think like anyone on the internet internet can totally poison your training data ultimately meaning new bad results and outputs to anyone that uses the AI that obviously opens the door for further damage think like adding in links for either compromised websites further malware fishing and social engineering that laundry list just goes on and on but take a look here whiz is tracking an exposed resource on the Google Cloud platform that has those weak access controls and anyone can manipulate or tamper with the data that is used to train in this case gcp vertex AI if you click into the IM am bindings here you can see everyone in the world has data read and write access there's nothing stopping a bad actor from just clobbering your training data and getting some malicious inputs into your AI Solution that's kind of wild whiz is still doing what they do best here though they've got through mediation steps you can generate as always and the big picture view with context of how this holistically impacts your environment I hope you got a chance to see though we're talking about all the big players here like whiz is streamlined to play nice with gcp AWS Azure it's working everywhere I know though so far we've kind of been in like aisle one for the nist cyber security framework and the Cyber defense Matrix and all we've been chatting a lot about identifying buing your attack surface and knowing your environment with that asset inventory and holistic approach but there is more to dig into here whiz can do so much more for that active prevention or detection of threats so honestly I got together with some of their folks and I tried to pick their brain about hey what are the new Innovations and new capabilities that they're bringing to the table I got to chat with Alma Raziel and Greg zemlin some of the product managers at whiz and I do want to let them chime in a bit and uh I know you went through a whole lot of inventory to start like hey getting the Telemetry kind of having the insight as to what is actually in your environment especially in the case of AI as well um how has that changed over time because if I may I I know you all have seen incredible growth um but there's has there been sort of a a path and a trajectory of okay getting the inventory and then moving to defense is there a little bit of prevention or uh how is the security approach kind of changed throughout you all building and building and building and making this awesome thing that's that's actually a great question so I think where we started and where is kind of uh the core functionality of whiz is with actually creating the inventory for the environment gaining the visibility and then spotting the most critical risks that we see in the environment and telling you to fix them so actually uh uh we also have a club uh for customers that reach zero critical issues like this is what we uh say is the goal when you connect with for uh your environment you want to reach zero critical issues in order to reduce your attack surface in the environment and then once we uh achieve that then there are two more directions that we're going to uh this last year that can uh kind of expand security both left and right so if we're talking about shifting security left we're talking about uh connecting also into uh uh the sdlc systems being able to uh scan the code that is finally being deployed to the cloud environment and this helps us achieve a few different goals so first of all it makes the remediation for what uh we see regarding risk in the cloud environment a lot easier because we can track everything back to the source code and actually tell you where uh for example the container image that has the vulnerability is uh uh is actually uh stored and where you can just face it in the code so it will affect all of the machines not only uh a single machine that you will patch so that is one thing it can also uh help preventing from the risk ever reaching the environment because if you scan the code before you actually deploy it you can uh know what the effect of this code will be on the environment and prevent any risk from happening in the first place and then lastly we can also secure the sdlc system uh itself for any misconfigurations that might be there as well so that is uh kind of the left side and then if we go to uh to the right side then of course we have uh real time uh threat detection and response so very exciting times for detection and response now it whiz as we are uh working uh after the gem security acquisition uh a few months ago we're working towards uh a lot of new exciting features in detection and response and of course we already have the runtime sensor that's doing real time threat detection so uh uh tune in to uh to hear more in the near future about that one thing to elaborate a little bit there is like really taking it from that approach that Elma just described and really like a Natural Evolution through the product it allowed us to build everything right it is like truly one unified product here and so um I didn't show you but those vulnerabilities that we were looking at in that first toxic combination like all the developer information there the repo information who did the commit like what layer uh actually in the in the code the vulnerabilities in um and it's the same approach that we're taking with Jam so we did acquire them um but the good news is like they're a new company they were just like in build build build phase of their product and saw some tremendous success um but instead of bringing that product on and trying to do some front-end magic we went back from the ground up and we're rebuilding all of Gem's technology on uh whiz infrastructure just to ensure that we keep that consistency across the product fun fact we are actually part of that zero critical Club they sent us some sweet swag for maintaining an average of zero high in critical findings I think it's pretty sweet not going to lie but all righty I don't mean to keep rambling here but honestly seriously I'm a huge Fanboy of whiz I think they have a beautiful like usable product that is practically magic for cloud security and I do want to Echo the sentiments that Greg and Alma shared with me like really you got to play with the thing super encouraging folks to interact with the platform see the interface and watch it in action if you are a little bit keen on learning more about whiz check them out with the link below in the video description jh. life/ Wiz thank you so much for watching please do all those YouTube algorithm things like comment subscribe and with that I'll see you in the next video

Original Description

https://jh.live/wiz-2024 || Get the big picture of your security posture across your entire cloud environment with Wiz and their Cloud Native Application Protection Platform: https://jh.live/wiz-2024 Play Prompt Airlines for free: https://promptairlines.com/ Learn Cybersecurity with Just Hacking Training: https://justhacking.com Learn Coding: https://jh.live/codecrafters Don't listen to other "influencer" VPN crap -- host YOUR OWN: https://jh.live/openvpn WATCH MORE: Dark Web & Cybercrime Investigations: https://www.youtube.com/watch?v=_GD5mPN_URM&list=PL1H1sBF1VAKVmjZZr162aUNCt2Uy5ozAG&index=4 Malware & Hacker Tradecraft: https://www.youtube.com/watch?v=LKR8cdfKeGw&list=PL1H1sBF1VAKWMn_3QPddayIypbbITTGZv&index=5 📧JOIN MY NEWSLETTER ➡ https://jh.live/email 🙏SUPPORT THE CHANNEL ➡ https://jh.live/patreon 🤝 SPONSOR THE CHANNEL ➡ https://jh.live/sponsor 🌎FOLLOW ME EVERYWHERE ➡ https://jh.live/twitter ↔ https://jh.live/linkedin ↔ https://jh.live/discord ↔ https://jh.live/instagram ↔ https://jh.live/tiktok 💥 SEND ME MALWARE ➡ https://jh.live/malware 🔥YOUTUBE ALGORITHM ➡ Like, Comment, & Subscribe!
Watch on YouTube ↗ (saves to browser)
Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from John Hammond · John Hammond · 0 of 60

← Previous Next →
1 Code Commentaries? PHP to JavaScript in Bash and PHP!
Code Commentaries? PHP to JavaScript in Bash and PHP!
John Hammond
2 Tutorials? MySQL connection with PHP and Bash!
Tutorials? MySQL connection with PHP and Bash!
John Hammond
3 Variable Naming in Python! Happy Birthday, Linux! Nokia N900!
Variable Naming in Python! Happy Birthday, Linux! Nokia N900!
John Hammond
4 JavaScript Splits The URL!
JavaScript Splits The URL!
John Hammond
5 HTML Tables in Python!
HTML Tables in Python!
John Hammond
6 HTML, Net Shares, GML!
HTML, Net Shares, GML!
John Hammond
7 Python 08 Programming Style and Comments
Python 08 Programming Style and Comments
John Hammond
8 Python 26 Object Oriented Programming
Python 26 Object Oriented Programming
John Hammond
9 75 Python Tutorials, Out Now!
75 Python Tutorials, Out Now!
John Hammond
10 Batch 14 Mathematical Expressions
Batch 14 Mathematical Expressions
John Hammond
11 Batch 85 Array Append
Batch 85 Array Append
John Hammond
12 Batch 86 Array Count
Batch 86 Array Count
John Hammond
13 Batch 87 Array Index
Batch 87 Array Index
John Hammond
14 Batch 88 Array Insert
Batch 88 Array Insert
John Hammond
15 Batch 89 Array Remove
Batch 89 Array Remove
John Hammond
16 Batch 90 Array Reverse
Batch 90 Array Reverse
John Hammond
17 Python [colorama] 00 Installing on Linux
Python [colorama] 00 Installing on Linux
John Hammond
18 Python [colorama] 09 Cursor Position
Python [colorama] 09 Cursor Position
John Hammond
19 Python [hashlib] 02 Algorithms
Python [hashlib] 02 Algorithms
John Hammond
20 Python 00 Installing IDLE on Linux
Python 00 Installing IDLE on Linux
John Hammond
21 Python [pygame] 11 Rectangular Collision Detection
Python [pygame] 11 Rectangular Collision Detection
John Hammond
22 Python [pygame] 12 Platforming Rectangular Collision Resolution
Python [pygame] 12 Platforming Rectangular Collision Resolution
John Hammond
23 Python [XML-RPC] 01 Research
Python [XML-RPC] 01 Research
John Hammond
24 Python [pyenchant] 03 Personal Word Lists
Python [pyenchant] 03 Personal Word Lists
John Hammond
25 FancyURLopener Authentication and User-Agent [urllib] 03
FancyURLopener Authentication and User-Agent [urllib] 03
John Hammond
26 Python 04: PEP8 Coding
Python 04: PEP8 Coding
John Hammond
27 Python Challenge! 17 COOKIES
Python Challenge! 17 COOKIES
John Hammond
28 Google CTF 2016: Ernst Echidna
Google CTF 2016: Ernst Echidna
John Hammond
29 Google CTF 2016: Spotted Quoll
Google CTF 2016: Spotted Quoll
John Hammond
30 Google CTF 2016: Can you Repo It?
Google CTF 2016: Can you Repo It?
John Hammond
31 Google CTF 2016: No Big Deal
Google CTF 2016: No Big Deal
John Hammond
32 Google CTF 2016: In Recorded Conversation
Google CTF 2016: In Recorded Conversation
John Hammond
33 Homemade CTF Challenge: 01 "Orchestra"
Homemade CTF Challenge: 01 "Orchestra"
John Hammond
34 Homemade CTF Challenge: 02 "Bae's Base"
Homemade CTF Challenge: 02 "Bae's Base"
John Hammond
35 Homemade CTF Challenge: 03 "Web Hunt"
Homemade CTF Challenge: 03 "Web Hunt"
John Hammond
36 Homemade CTF Challenge: 04 "UPX"
Homemade CTF Challenge: 04 "UPX"
John Hammond
37 Homemade CTF Challenge: 05 "The Assumption Song"
Homemade CTF Challenge: 05 "The Assumption Song"
John Hammond
38 Homemade CTF Challenge: 06 "A Brisk Stroll"
Homemade CTF Challenge: 06 "A Brisk Stroll"
John Hammond
39 Homemade CTF Challenge: 06 "I lost my password!"
Homemade CTF Challenge: 06 "I lost my password!"
John Hammond
40 web25 :: Mr. Robot : EKOPARTY CTF 2016
web25 :: Mr. Robot : EKOPARTY CTF 2016
John Hammond
41 web50 : RFC 7230 :: EKOPARTY CTF 2016
web50 : RFC 7230 :: EKOPARTY CTF 2016
John Hammond
42 misc50 : Hidden inside EKO :: EKOPARTY CTF 2016
misc50 : Hidden inside EKO :: EKOPARTY CTF 2016
John Hammond
43 Hack The Vote 2016 CTF: Sander's Fan Club [web100]
Hack The Vote 2016 CTF: Sander's Fan Club [web100]
John Hammond
44 Hack The Vote 2016 CTF Warpspeed [forensics150]
Hack The Vote 2016 CTF Warpspeed [forensics150]
John Hammond
45 Juniors CTF 2016 :: Black Suprematic Square
Juniors CTF 2016 :: Black Suprematic Square
John Hammond
46 Juniors CTF 2016 :: Six Strange Tales
Juniors CTF 2016 :: Six Strange Tales
John Hammond
47 Juniors CTF 2016 :: Lost Code
Juniors CTF 2016 :: Lost Code
John Hammond
48 Juniors CTF 2016 :: Here Goes!
Juniors CTF 2016 :: Here Goes!
John Hammond
49 Juniors CTF 2016 :: Southern Cross
Juniors CTF 2016 :: Southern Cross
John Hammond
50 Juniors CTF 2016 :: Clone Attack
Juniors CTF 2016 :: Clone Attack
John Hammond
51 Juniors CTF 2016 :: Dirty Repo
Juniors CTF 2016 :: Dirty Repo
John Hammond
52 Juniors CTF 2016 :: Hackers Blog
Juniors CTF 2016 :: Hackers Blog
John Hammond
53 Juniors CTF 2016 :: Voting!!!
Juniors CTF 2016 :: Voting!!!
John Hammond
54 Juniors CTF 2016 :: The Good, The Bad and The Junkman
Juniors CTF 2016 :: The Good, The Bad and The Junkman
John Hammond
55 Juniors CTF 2016 :: Stop Thief!
Juniors CTF 2016 :: Stop Thief!
John Hammond
56 Juniors CTF 2016 :: ROFL
Juniors CTF 2016 :: ROFL
John Hammond
57 Juniors CTF 2016 :: Restriced Area
Juniors CTF 2016 :: Restriced Area
John Hammond
58 Juniors CTF 2016 :: Oh SSH!
Juniors CTF 2016 :: Oh SSH!
John Hammond
59 HackCon CTF 2017 TRIVIA and BONUS Challenges
HackCon CTF 2017 TRIVIA and BONUS Challenges
John Hammond
60 HackCon CTF 2017 "Bacche" Challenges
HackCon CTF 2017 "Bacche" Challenges
John Hammond

The Wiz Cloud Security Platform provides a comprehensive solution for cloud security, vulnerability management, and AI security, offering features such as attack path visualization, remediation guidance, and AI security functionality. By using Wiz, users can gain visibility into their cloud assets, identify and remediate vulnerabilities, and reduce their attack surface.

Key Takeaways
  1. Drill down into a vulnerability to see its details
  2. Use Wiz to get visibility into cloud assets and identify threats
  3. Remediate vulnerabilities using Wiz's play-by-play instructions and remediation steps
  4. Trace vulnerabilities through pipelines and code repositories using Wiz
  5. Use Wiz's AI security functionality to track and protect AI services and models
💡 The Wiz Cloud Security Platform provides a unique approach to cloud security by offering 100% visibility into cloud assets, identifying and correlating threats, and remediating vulnerabilities, making it an essential tool for organizations looking to reduce their attack surface and protect their AI

Related Reads

📰
Cloudflare to block cynical search-and-scrape bots from ad-supported web pages
Learn how Cloudflare blocks search-and-scrape bots from ad-supported web pages and understand the implications for publishers
The Register
📰
My Thought Process While Investigating a Real Suspicious Email
Learn how to investigate suspicious emails by following a cybersecurity expert's thought process and methodology
Medium · Cybersecurity
📰
Fake Invoice Emails Targeting Small Businesses in Schenectady
Learn how to protect small businesses from fake invoice email scams that can cost thousands
Medium · Cybersecurity
📰
Why Cybersecurity Is No Longer an IT Decision; It’s a Business Strategy
Cybersecurity is now a business strategy decision, not just an IT decision, due to its significant impact on a company's bottom line
Dev.to · Code Decode Labs
Up next
How to Recover from a Site Hack with Sucuri - Detailed Guide
Guide Answers
Watch →