View article in it's entirety on securityboulevard.com
From Michael Vizard at SecurityBoulevard: "Sonrai Dig provides a way to discover and analyze all those dependencies using a graph engine to determine overall security posture, while the Governance Automation Engine makes it possible to enforce policies defined by the cybersecurity team.
Hannigan said IT organizations are being asked to secure integrated services that can easily be a toxic combination. Permissions granted to one microservice can be extended to other services in ways a cybersecurity team never intended. Cybercriminals, meanwhile, are getting more adept at identifying dependencies they can exploit.
Sonrai Dig currently supports Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP) and various distributions of Kubernetes, all of which have well-defined application programming interfaces (APIs) that a graph engine can invoke to discover relationships and misconfigurations. Because most of the services invoked on these platforms are provisioned by developers, misconfigurations have become a major cybersecurity issue when, for example, ports to cloud database or storage services have been left open.
As organizations embrace best DevSecOps practices to address these security issues, Sonrai Dig and Governance Automation Engine will help define the swim lanes around which cybersecurity and application development teams will collaborate, Hannigan said. In theory at least, developers are supposed to be taking more responsibility for implementing controls defined by cybersecurity teams. However, it’s also clear cybersecurity teams need to be able to verify those controls have been implemented."