Engineer 🛠 Currently, I am mainly involved in the development of cloud security tools. Today, I’d like to introduce RISKEN, one of the tool we have developed and released as OSS. Who am I ? Japan
Posture Management). By using RISKEN, you can automate some security operations of collecting, evaluating, and notifying vulnerabilities or threat information in the system environment.
3 steps. 1. Install the pre-required tools. a. Docker Desktop b. kubectl 2. Exec commands below. 3. Access to http://localhost/ How to use RISKEN? $ git clone https://github.com/ca-risken/k8s-sample.git $ cd k8s-sample $ make local-apply ……
for various cloud environments called Data Source. For example, it includes AWS, GCP, GitHub, Wordpress, OSINT-tools and more. GCP AWS GitHub Portscan Wordpress OWASP ZAP How to register datasource(doc): https://docs.security-hub.jp/en/
displays the description of the current state, the nature of the threat, and recommended actions. Additionally, by clicking the ChatGPT button, the content will be summarized for you (optional). This can be helpful for non-security professionals.
Compared to other CSPM tools, RISKEN has the following features: • Wide coverage 👐 RISKEN supports a wide range of scanning features, including AWS and GCP and more. • Detection accuracy 📝 RISKEN adopts a scoring system. This not only checks for simple policy violations but also defines detailed threat levels and implements mechanisms to eliminate false-positives as much as possible. • Continuously improved based on experience in cloud incident response🔄 We have scanned more than 1,348 cloud environments. We have received various feedback from on-site engineers and have made continuous improvements.
small system cost (AWS) Paid security solutions In our company, we are currently monitoring over 1300 cloud environments. (AWS accounts: 915, GCP projects: 433) Compared to paid solutions, the cost has been reduced by 100 times or more. We host RISKEN on an AWS, and the cost is not significant as it only involves the expenses of a small servers(EC2 or EKS cluster) and a database.
tool has been helpful in practice. 1. Security research has sped up Generally, once an incident occurs, it is common for other cloud environments to conduct similar investigations. For example, the leakage of IAM credentials is one of the most common security incidents, but by using this tool, we were able to quickly investigate IAM resources with leakage risks. 2. Subdomain Takeover Using the domain scanning, we detected a subdomain that was potentially vulnerable to being taken over by others. Due to our early detection, we were able to address the issue before an incident occurred.