FIRST Annual Conference LT RISKEN / FIRST LT RISKEN

Transcript

1. RISKEN for Cloud Security @FIRST 2023-06-06

2. Name: Kiyoshi Ogasawara Company: CyberAgent, Inc. Role: Software & Security

   Engineer 🛠 Currently, I am mainly involved in the development of cloud security tools. Today, I’d like to introduce RISKEN, one of the tool we have developed and released as OSS. Who am I ? Japan

3. 1. Introduction to RISKEN (Cloud Security tool) 2. How to

   use 3. Features & Cost Topics RISKEN OSS

4. What is RISKEN? RISK + KEN vulnerability threat serverity exploitability

   finding identify detection The name RISKEN is made up of two words. 検

5. What is RISKEN? RISKEN is similar to CSPM (Cloud Security

   Posture Management). By using RISKEN, you can automate some security operations of collecting, evaluating, and notifying vulnerabilities or threat information in the system environment.

6. For example, on a MAC PC, launching RISKEN is just

   3 steps. 1. Install the pre-required tools. a. Docker Desktop b. kubectl 2. Exec commands below. 3. Access to http://localhost/ How to use RISKEN? $ git clone https://github.com/ca-risken/k8s-sample.git $ cd k8s-sample $ make local-apply ……

7. How to use RISKEN? Data Source RISKEN has scanning features

   for various cloud environments called Data Source. For example, it includes AWS, GCP, GitHub, Wordpress, OSINT-tools and more. GCP AWS GitHub Portscan Wordpress OWASP ZAP How to register datasource(doc): https://docs.security-hub.jp/en/

8. How to use RISKEN? Once the scanning of various data

   sources is completed, you can see the security findings (issues). Fidnings Alerting

9. How to use RISKEN? This is a finding detail. It

   displays the description of the current state, the nature of the threat, and recommended actions. Additionally, by clicking the ChatGPT button, the content will be summarized for you (optional). This can be helpful for non-security professionals.

10. What is the difference between RISKEN and other CSPM tools?

    Compared to other CSPM tools, RISKEN has the following features: • Wide coverage 👐 RISKEN supports a wide range of scanning features, including AWS and GCP and more. • Detection accuracy 📝 RISKEN adopts a scoring system. This not only checks for simple policy violations but also defines detailed threat levels and implements mechanisms to eliminate false-positives as much as possible. • Continuously improved based on experience in cloud incident response🔄 We have scanned more than 1,348 cloud environments. We have received various feedback from on-site engineers and have made continuous improvements.

11. Cost The cost was reduced by about 100 times. 💰

    small system cost (AWS) Paid security solutions In our company, we are currently monitoring over 1300 cloud environments. (AWS accounts: 915, GCP projects: 433) Compared to paid solutions, the cost has been reduced by 100 times or more. We host RISKEN on an AWS, and the cost is not significant as it only involves the expenses of a small servers(EC2 or EKS cluster) and a database.

12. Case study Let me introduce some cases of how this

    tool has been helpful in practice. 1. Security research has sped up Generally, once an incident occurs, it is common for other cloud environments to conduct similar investigations. For example, the leakage of IAM credentials is one of the most common security incidents, but by using this tool, we were able to quickly investigate IAM resources with leakage risks. 2. Subdomain Takeover Using the domain scanning, we detected a subdomain that was potentially vulnerable to being taken over by others. Due to our early detection, we were able to address the issue before an incident occurred.

13. Summary Let me summarize the key points of today's presentation..

    1. RISKEN is a cloud security OSS. 2. It is cheap but powerful tool. 💪 … If you are interested, please feel free to try it out.🤚

14. Please feedback 🙏 RISKEN OSS • Documentation ◦ https://docs.security-hub.jp/en/ (English)

    ◦ https://docs.security-hub.jp/ (Japanese) • GitHub ◦ https://github.com/ca-risken/k8s-sample (installation) • Contact us ◦ https://github.com/orgs/ca-risken/discussions (github) ◦ [email protected] (email) ◦ @gassara5 (twitter (me))

15. Thank you for your attention!