Highlights:
- The first new open-source tool, DetentionDodger, is intended to identify and reduce risks associated with leaked credentials.
- The second tool, BucketShield, is designed to monitor and send alerts for activities in Amazon Web Services (AWS) S3 buckets and CloudTrail logs.
An identity threat detection and response startup, Permiso Security Inc., has released a suite of three open-source tools aimed at improving security teams’ detection capabilities across a variety of tasks.
The first open-source tool, DetentionDodger, is created to identify and address risks associated with leaked credentials. It scans CloudTrail logs to detect failed policy attachments and identifies users with quarantine policies, flagging those whose privileges may be at risk. By analyzing both inline and attached policies, the tool evaluates the potential impact of leaked credentials on user privileges.
DetentionDodger assists security teams in proactively tackling threats by offering detailed insights into the security posture of identities within their cloud environments. The tool enables organizations to swiftly identify vulnerabilities and take corrective measures to safeguard sensitive resources.
The second tool, BucketShield, is built to monitor and send alerts for activities within Amazon Web Services (AWS) S3 buckets and CloudTrail logs. It ensures the continuous flow of logs from AWS services into S3 buckets, helping to prevent misconfigurations that could interfere with log collection.
The tool also provides real-time monitoring of identity and access management roles, key management service configurations, and S3 log flows to ensure an audit-ready cloud environment. BucketShield provides security teams with visibility into essential log activities, ensuring that all events are recorded and enabling organizations to swiftly detect and address potential issues.
The third tool released recently, the CAPICHE Detection Framework, is an open-source solution aimed at simplifying the creation of cloud application programming interface (API) detection rules. It enables defenders to generate multiple detection rules from API groupings, even when the full API names are not known, streamlining the detection process and making it more accessible for security teams. With the CAPICHE Detection Framework, organizations can rapidly adjust their defenses to emerging cloud threats by automating rule creation, helping security teams stay ahead of potential attacks, according to the company.
“The learning curve for detection in the cloud is steep and our goal is to help security teams bolster their detections across their cloud environments without having to purchase commercial software solutions like a SIEM. We are committed to providing resources that can help the broader security community defend against the tactics, techniques and procedures of modern threat actors,” said Jason Martin, Co-founder and Co-Chief Executive Officer.
Following the release of these three new open-source tools, Po Labs has now introduced a total of 10 open-source tools.
Earlier this year, Permiso released several open-source tools, including Cloud Console Cartographer, which assists security teams in interpreting console-driven event activity within their AWS logs, and SkyScalpel, a tool designed to help both offensive and defensive security professionals understand how threat actors might obfuscate policies to avoid detection in an environment.