An Interview with Lightspin: Demystifying Cloud Security and Kubernetes

Vandis’ CTO, Ryan Young, sat down with Jonathan Rau, Chief Information Security Officer at Lightspin, to discuss how the Lightspin solution helps security and DevOps teams achieve a resilient cloud security posture, with the ability to detect security risks and eliminate critical vulnerabilities.

Ryan: Can you tell us about Lightspin and how you are able to detect, prioritize and fix any risks to cloud and Kubernetes environments?

Jonathan: Lightspin’s mission is to serve cloud engineers at every phase of their journey. While other tools out there focus on the Cloud Ops side only, we offer value for engineers from build to runtime. From DevOps to SecOps and everything in-between. DevOps love us for this. For instance, we pride ourselves in providing ready-made infrastructure as code (IaC) via dynamic guardrails for quick deployment, reducing the time to fix for all our customers.

How does it work? Lightspin ingests data about your cloud assets and Kubernetes clusters, and runs several checks against them to detect misconfigurations, weaknesses, vulnerabilities and so on. Where the “magic” happens, is every single one of these data points is placed on a graph in relationship to one another. Using our threat research team’s expertise and other open-source data, we run detections against these groups of issues to find which combinations pose the more inherent threats and provide information on how to collapse those attack paths and ultimately treat associated risks.

Ryan: Can you explain what Graph Technology is and why it is important to cloud and network environments?

Jonathan: A graph is just a type of database to show the data we already have access to. It provides a contextual and efficient way to query and represent cloud security specific issues in an interrelated way.

When it comes to cloud security, it is a logical exercise to represent all our assets, weaknesses, vulnerabilities, and associated data as Nodes and enter the metadata as Properties to build Edges. This can represent hierarchal inheritance (a cloud asset is part of another cloud service), network connectivity, identity-based access, and business context data such as assets and applications grouped within a certain business unit, division, or cost center. When you have all this context data available in a programmatic way and understand inherent risks posed by certain configurations and apply threat emulation data – it becomes easy to utilize graph query languages to identify clusters of various Nodes and Edges that denote a specific attack path or vector an adversary (internal or external) may exploit.

Ryan: Can you explain the concept of CSPM and how it is applied?

Jonathan: CSPM, or Cloud Security Posture Management describes any tool that uses a cloud provider’s API, parses the output, and maps that output against “best practices” to present back to a user to show when the “posture” of any given asset bucks a normal best practice. Some CSPM tools map these technical best practices into controls from certain compliance regimes and some other CSPM tools serve as a Configuration Management Database (CMDB) of sorts since by virtue of scanning a resource they must collect the resource.

Why do you need a CSPM? Because it is the #1 way for you to significantly reduce the risk of a breach. There are over 500 services on AWS alone. The cloud is simply too complicated for teams to get their arms around the whole picture, and they must have context to properly prioritize and fix issues. Gartner has a famous stat: they predict 99% of breaches will be a result of human error, misconfiguration, and such. The out of the box tools from cloud service providers (CSP) are lacking in their robust feature set. CSPMs have been around for many years as a result. Where Lightspin innovates is on serving the cloud-native SaaS companies with deep dive graph technology and complete coverage from build to runtime. 

Ryan: What makes the Lightspin platform different from other solutions in this space?

Jonathan: Where Lightspin breaks away is the representation of the relevant data on a property graph that also considers all other security issues (vulnerabilities, runtime errors, malware, threat intelligence data, and more) as well as the asset’s relation to others to identify epicenters of issues that are most likely where an attacker would breach the system. Lightspin goes deeper than any other solution to present root cause analysis and provide DevOps teams dynamic remediation. All of this is available out of the box, without any custom configuration.

For more information on the “secret sauce” refer to our blogs or test it out yourself with absolutely no obligation. You can view our “start for free” or contact info@vandis.com for an enterprise solution.