Kenna Security is now part of Cisco

|Learn more

Security As Code at Cloud Security World

May 28, 2015
Ed Bellis
Chief Technology Officer, Co-founder

Share with Your Network

Last week Jason Rohwedder and I had the privilege of presenting a cloud automation use case at Cloud Security World. Our talk not only covered how we automate much of our security at Risk I/O, but how we use DevOps principles to ensure our security controls are consistent even at a high velocity.

While we have spoken about some of this content before, one thing was very new and in my opinion something that has massive potential to reduce everyone’s Mean Time to Remediate vulnerabilities.

Jason has been working on an open source project called Tattle that when boiled down is a ridiculously simple way to store and regurgitate data. In our case, software version data. Using Tattle allows someone to identify versions of software and packages running in any environment in a Common Platform Enumeration (CPE) format with hooks into many common configuration management tools like Chef, Puppet or Ansible, among others. By using Tattle in combination with the Risk I/O API, you could have a single simple script that queries for software versions running on any given asset and then updates those assets in Risk I/O. From there, Risk I/O will automatically create or close any known vulnerabilities for that particular asset and can alert you on new CVE’s that effect your assets as soon as they are published.

This dramatically lowers your mean time to remediation by avoiding vulnerability signature updates to your scanner and avoiding waiting on scanning windows to identify those new vulnerabilities before determining a course of remediation.

We’re really excited about the potential for Tattle and we’ll be updating this post as we make the source available on Github.

Below is our presentation from Cloud Security World. There are a number of other open source projects we have listed in the Resources to help you with security automation in your environment and hope you can take advantage of these.

Read the Latest Content

Research Reports

Prioritization to Prediction Volume 5: In Search of Assets at Risk

The fifth volume of the P2P series explores the vulnerability risk landscape by looking at how enterprises often view vulnerabilities.

5 Things Every CIO Should Know About Vulnerability Management

If you view vulnerability management (VM) as just a small part of your operation, it might be time to take another look.  Managing vulnerabilities is...



Get Started Using the Exploit Prediction Scoring System (EPSS).

Cyentia Institute’s Chief Data Scientist and Founder Jay Jacobs gives tips on how to get started using the Exploit Prediction Scoring System (EPSS). You...

© 2022 Kenna Security. All Rights Reserved. Privacy Policy.