Behind the Scenes Episode 340 – NetApp Spot Security

Welcome to the Episode 340, part of the continuing series called “Behind the Scenes of the NetApp Tech ONTAP Podcast.”

2019-insight-design2-warhol-gophers

This week, NetApp Spot Product Manager Isma Rizvi (isma@netapp.com) and Security Evangelist Matt Trudewind (@NTAPMatt) join us to discuss cloud security by way of NetApp Spot Security!

For more information:

  • Spot Security website – Link
  • Spot Security’s customer facing documentation – Link
  • Our GA announcement – Link

Tech ONTAP Community

We also now have a presence on the NetApp Communities page. You can subscribe there to get emails when we have new episodes.

Tech ONTAP Podcast Community

techontap_banner2

Finding the Podcast

You can find this week’s episode here:

I’ve also resurrected the YouTube playlist. You can find this week’s episode here:

You can also find the Tech ONTAP Podcast on:

I also recently got asked how to leverage RSS for the podcast. You can do that here:

http://feeds.soundcloud.com/users/soundcloud:users:164421460/sounds.rss

Transcription

The following transcript was generated using Google Cloud’s speech to text service. As it is AI generated, YMMV.

Episode 340: NetApp Spot Security – Transcription

I’m here in the basement of my house. And with me today, I have a couple of special guests to talk to us all about Security in the cloud as well as with ONTAP. We do this a lot because security is ever-changing and we need to be able to cover these things instead of date. But today, we’re talking specifically about Spot Security and to do that we have is Isma Rizvi, so Isma, what do you do here at NetApp and how do I reach you? Hi Justin, thank you for having me here. I’m the producer manager to Spot Security. And my job is to help customers make their Cloud Journey safer. The Spot Security is a comprehensive Cloud security platform, which allows customers to get a 360-degree, a quality into their environment when I say that. I mean all of your misconfigurations compliance breach, your events anomalies Etc, detect and analyze and mitigate risks. That’s what we do. You can reach me at isma.rizvi@netapp.com or online via LinkedIn. I am looking forward to this conversation, all right? And we canctalk about security and NetApp, so I brought along Matt Trudewind. So, Matt, what do you do here in NetApp and how do I reach you? Yeah, it’s in my contract. Anytime security is mentioned, you have to include me on the podcast. That’s right. I’m a, I’m a security Evangelist mentioned, but I’m actually in the engineering group and so my conversations are typically more Technical. And so that’s one of my focuses here to get some of our our technical security information out to come downstairs and partners and how they can apply them to their business cases. And you can reach me on Twitter @NTAPMatt. That’s NTAPMatt. All right. So when you start using the cloud, you’ll start to find out if you have a little less control over things and you have with on premise instances and and with that control comes less visibility. So we need to have things to help us get more ability in their environments and that’s where things like Spot, so Isma, give me the overview of Spot Security, like what specifically does it add in terms of value for the cloud offerings? Yep.
Into the first part that you were mentioning that cloud is a big black hole, right? We don’t know what goes him to be honest. And one goes out, we talk to customers day in day out, who say that every developer has just been up an instance and S3 bucket. And you wait a business account all together and they don’t really have the right visibility into what’s going on. So, for example, the latest IBM database, report stated that 45% of all breaches that happened last year, happened on cloud and Cloud security can be tricky, right? With, with the whole shared responsibility model and the rate with which companies are moving into Cloud vs, their teams being well-versed with Cloud security that is in the scene and that is exactly what Spot Security you know, does we are trying to make this platform as a One-Stop solution for all your needs? How we begin doing this is that we firstly. Begin doing an agent, less assessment of your environment where we are able to dispatch.
100% of your assets automatically once we do that. We for those start, analyzing all of these assets from this configurations, we analyzed literally every deltree data. We do Port scanning Source. I’d be scanning the heart of all of this is our graph technology, which takes in all of this data puts it into a, a service man, and a risk map, which helps you highlight which of these assets are talking to which of these assets and which of these assets are connected directly to the Internet. So they are directly exposed, you know, one public ivies.
This helps customers see that if this is my crown jewel or this is my acid with business. Criticality is this talking to an asset which is just one hop away from internet box. Is this talking to an acid where which it just doesn’t have to those? Are the kind of things that we give you visually available and on top of that, we don’t just stop that. We give you like a Three, Sixty degree view of that page Tire Network that you have created. When I see 360-degree view, it means that we will see all the risk associated to those assets, all the compliance breaches for those assets. For example, I know that this particular asset is containing PCI Data or piii data and it is not even complaining to pci-dss. Those are the kind of red marks. Read lots that we can highlight in real time, customers and then a normal is designed. So, what we do is we actually scan millions of events that are coming in your environment and then we categorize them into, you know, config
Oil change. I am change. So on, I’m a normal. He’s so for anomalies. What before the do is that we classify them based on the miter tactics. So which of these anomalies I actually leveraging the from all the way from initial access, all the way to execution, which of these anomalies are actually leveraging that particular practice. So, that’s what we do in a nutshell and I think it was a little over a nutshell. But that’s what Spot Security comes into the picture, into the whole change in Cloud environment home. When you say, there’s a map is, is it an actual visualization with like icons and all the stuff or, you know, how does it look when you’re when you’re kind of browsing through it?
Yeah. So so that two kinds of maps that we can create one our risk Maps. The risk map is for each list configuration. The misconfiguration is on a particular Target asset. And how many of you know? So if you have less than one asset that as you can be connected to five other assets that can be connected to services and so on. So we show you that visualization in terms of a graph literally. And you can see the connections, you can see the direction of network flow and then you can see individually all the assets and that map what are the risks as well? Additionally like I was telling you that you can actually create a Maxwell assets of your business, criticality your crown jewels, put them on a map together and across regions across vpcs, you can put them on a map together and you can actually visualize the network diagram, which exit is starting to Which acid or service which are directly exposed to the internet, all of that individual graph. So it shows you which things are connected. Does it offer recommendations job?
For how to fix things is, it have an actual button, you can click to fix it there and write write that in there.
So it gives you recommendations so we help you remediate your risk and we help you do it. Via you can use AWS CLI, you can use the console, you can use Python. So we’ll walk, you step-by-step process on how to remediate. But we also understand that prioritized, remediation is a bigger problem than Cloud, right? So what we do essentially is that we have our own ngajak using which we see. This is the highest impact recommendations, which combines multiple Logics, such as how many of the assets in this map. Our internet facing how many of these huge risk. What is the severity of the risk? And so, on basis, on which we give you, a prioritized actionable, insights to work on, we don’t do automated remediation. We give you guided remediation. However, we give you the python script as well, so customers can actually just write a Lambda function and automate that as well. Is there any sort of API exposure do you have rest apis or things that people can just kind of build into their existing
Seeing API infrastructure or is it not? Is it not currently available with Spot?
Not currently available in the roadmap but not currently available. Not currently available, you say, hmm. All right, cool. So sounds like Spock security. Can be quite a bit? Is this all Cloud resident? Is it an agent? You install like, how does it get deployed environment within 15 minutes? You can on board your Cloud accounts and off. Not just when you get on board, your bank Cloud accounts, and one blue as well. And it only takes a few minutes to on board. And within 15-20 minutes you’ll start seeing findings and it’s real wage. Every 15-20 minutes rather I would say whenever it any activity is detected in your environment you will see that on the platform and it’s completely agent class. Okay. So as far as getting access to this, with the cost structure look like is it a per-seat license? Is it something that’s included with certain aspects of of you know the cloud offerings of NetApp
So we charge you, like I said, we track approximately fifteen, different asset types, and protein, different compliance and all the other features that I talked about. But we only charge you for the number of easy to injustices, which are running in, and, in your environment and that too. We calculate the consumption early basis. So let’s say, you’ve purchased 400 easy to instances for a year, that’s going to suck still $9,900 ninety. Nine dollars for each ec2 instance, it means that $99 for each. Each of instance means that 24 hours 365 days. It is running package, tracking unique easy to instances. So basically, we convert that into an Arleigh consumption rate and it’s literally as much as the customer is using and not a penny more than that.
And the good news is, if you using the other part of Spot, you can kind of track this cost and see if you’re using things that you’re not necessarily needing.
Correct. So yeah, so it’s been input everyone. That’s right. So let’s let’s talk about the NetApp software angle here. So you know, we have Spot Security available. Does it tie in touch to CVS or CVO or on prime, or all the above? How does it monitor those things? Does it handle all that? Or is it you know, specific to certain use cases or does it just basically it doesn’t care what the product is. It just does stuff.
So currently we can scan your AWS accounts, therefore, we can scan your AWS assets. So you’re KMS. Your virtue PCS Cloud, real easy to S3, I am and so on. That’s kind of cool though because that’s this is sort of one of the First Security products that we have that. It’s not like built into ONTAP, right? It’s actually yeah, to Cloud security, which I actually think is kind of neat. A lot of people aware of that, which is why we’re putting this out on podcast, like this. Well, yeah, but there is a cloud aspect to NetApp in in ONTAP, right? So you have your, your Cloud volume services or FSA sex and Amazon, right? So I would imagine that there’s at least a portion of Spot Security that has to accommodate those thoughts cuz I do live in Amazon, or are we just talking about specifically, you know, the Amazon Cloud specific things?
So if you’re specifically looking for the different services and resources that you use fire AWS and very soon on the shore as well, in that being said, we are increasing the different types of resources that we scan literally on our Spring by Sprint basis. So fingers crossed but as of now we don’t do that. Okay, so it’s it’s basically agnostic this point, it’s not, you know, you’re not pigeon-holed into doing just, you know, NetApp stuff. So it actually works if you’re just doing Amazon AWS Cloud stuff, right? Correct wage. All right. Cool. So so you’re not, you’re not limited. If you don’t if you’re NetApp customer or not like you can use it. If you’re not enough customer, you can just basically use it to, to monitor all your other club resources. Yeah. And it’s supposed to be a multi-cloud solution. So if you’re using AWS and Azure and in future TCP, and so on, all of those findings will be into one compact
The dashboard you don’t have to, you know, switch and the overall risk posture is what we are aiming for.
So Matt, what would you call something that, that encompasses multiple things into a single dashboard? What’s, what’s that term? That we like to use?
Single-pane-of-glass. That’s right. Single-pane-of-glass. That’s everyone’s. You have a term. Yeah. But we have it. Yes, we have it, right? So that would be awesome. Actually to have some integration down there as well but so it’s not in Cloud Manager today that right? As my know, all right. Sorry I’m making more editing. No, that’s fine. People need to know this stuff right now. What I need to know what it can and can’t do. So as far as Spot Security goes, does it handle any like, I guess because it handles anything AWS, it’ll hang out, all compute, it’ll handle, Kubernetes instances, pretty much anything that lives there.
Yes. But like I said, we are every spend every quarter. We are trying to add as many more services and resources right now we support approximately fifteen different asset types, including your S3, your lb easy to be PCS and so on, are you currently taking feedback from people to try to prioritize what gets added in future releases? Yeah, absolutely. So we have a lot of trial customer trials running and we are, you know, speaking with customers twice Thrice four times in a week, and we took in a lot of feedbacks. We actually have a way for internal use as we actually have a way to track the different RFEs, because I’m requests or feature enhancements. So anyone who’s you know, selling them, or their customer success and they want to upsell to Spot Security. We have a very formalized way in which we are receiving feedback and we are putting them into our roadmap with timelines and everything.
And if, if I was not internal if I was a customer or somebody listening to the podcast, how would I make a request to you? Just go through LinkedIn or your email? Just go to the Spot secured with the website. You have Spot.io from there if you just go to products and, you know, browse to Spot Security, there’s a button there, which says request demo off to do is click on that and that’s about it. We offer a 30 day free trial for all our customers to and within that free trial. Literally, we allow you to do anything, you know, one, good as long as it’s as many logins and so on. So we give you a 30-day free trial for you to assess us, give us feedback and hopefully, we convert you into a customer.
So let’s say I get that 30 day free trial, I put all my stuff in there and then I forget about it and then the trial ends and then six months later I’m like you know what, I kind of want to buy that now. Do I have to redo all that, or can I just convert it to a license know? So the moment the customer signs up for the first time even if it’s trial or if purchased it, we maintain a unique identifier from D1. So if it’s a trial in our back, end the trial, key code gets converted into an actual customers key code. They don’t have to do the whole formalities once again off. As soon as it’s just, you know, comes to us via the internet tools that you have sales force and so on, we we will not expect the customers to do all of those things. Once again,
And isn’t it isn’t one of those things where like, it’ll automatically convert to page, debating them are on pricing, well, yeah, I just, I’ve had experiences with other things were like, you sign up for the free trial and it’s like, oh you put your credit card information while you’re signing up for the free trial, then it converts and you start paying and you forget all about it and but Spot the cloud in the cloud offering should tell me that that’s going on. That’s happening.
Yeah, yeah, absolutely. All right. But yeah, so you know if if you were to, I guess if you, if there’s one thing that people didn’t know about Spot Security that you wanted them to know, what would that be?
o one thing that I think customers don’t know about us and they should definitely talk about us is that we are not a c, s p. M. We are aiming to be a comprehensive Cloud security tool. And so it’s not just the misƒconfigurations wage
Are on the, you know, we are already doing anomaly detection, we are doing shaft visualization, we are on the path of doing, you know, a lot more threatened l. So, so, yeah, I’m looking out for the space. It’s it’s going to be massive basil. So what are the csb EM anyway, so see svm is a cloud security posture management which only detects misconfigurations of your clown assets, like you’re easy to and your S3 and so on. So it tells you that what are the right hardening guidelines for your different assets and it helps you a highlight that be give you a compliance views and that’s about it. But we are trying to do is that we begin. Like I said, We Begin from asset inventory. Discovery, we do misconfigurations event analysis. Family is, all of this is MLB’s. We’re not doing any rule-based engine for event analysis and anomaly detection and the Crux of everything is a graphic technology which see svm don’t have right off.
Graphic energy helps you visualize everything into one single pane of glass and see what are the different 360 degree view of your network. In terms of risk compliance need an ominous threat and so on. All right, excellent. So, speaking of single panes of glass mat, what is Cloud Manager offer? I know that we talked about how Spot Security, does it really Faithfully support specific ONTAP or NetApp things? But Cloud Manager is another tool that we can use for for doing things cylinder Spot Security, but from a NetApp angle. So what is there today that people don’t talk about?
Yeah, Cloud Manager is is really powerful, right? Most people think about it, kind of, as you mentioned, just sort of managing your storage Assets in the cloud and ONTAP, but there was a ransom wear protection Dash board. We probably talked about it in a previous upload and it’s constantly evolving, right? That’s one of the great things about the. Our Cloud products is they can they come out with more recent updates than, you know, ONTAP is. So the reason why protection dashboard does a lot more than protect from ransomware, it has security best practices. And one of the most recent ones is integrates with ActiveIQ off ActiveIQ. I always like to mention all their now, it’s been quite a while, but I always like to say it was the artist formerly known as Auto Sport, but it for people from not familiar with it, what it does is it takes information from ONTAP and and other systems and then it provides you with best practice, guidelines, maybe you’re at risk misconfigurations. You can see it all from a dashboard and you have to go to ActiveIQ to see it. Oo.
Well, ransomware protection, dashboard, and Cloud Manager has integrated that. And so now you’ll be able to look and see from Cloud Manager. If you have any security vulnerabilities on your own choices, for example, right to those need to be patched, you get a great look into that. You don’t have to go separately into ActiveIQ at the same time since there’s a ransomware protection dashboard page. I’ll tell you, there’s a, some data immutability panel and it will show you basically if snaplock if it’s turned on right and how many, how many volumes it’s turned ONTAP and do you have cloud data sense as well? Do you have cloud data since policies configured on these volumes snaplock is useful for protecting your snapshots from deletion by malicious insiders or stolen credentials and so you can get a read out there. Again single-pane-of-glass of only if the system needs to be patched for some sort of vulnerability related to a CD but also if your your data, your snapshot data log,
Detective with snaplock and do you have data sets on those policies cuz data cents is useful for classification of data. Probably want to know where those most important assets are that rely the reside on NetApp storage or ONTAP storage? And so, data X data sets, can tell you that actually can tell you for other storage as well. So, those are some of the, the recent additions. And that’s again, one of the cool things about Cloud Manager is Jake, Paul’s very quickly, don’t have to wait every six months for updates there and you’re getting more Security in that as well. So, yeah, that’s that’s the way we’re focusing and it really helps with the whole zero trust ONTAP texture. We always preach on here, that customers should be applying to their data, right? Zero trust is not just for networking. It’s also for data security. So those are some exciting things that we have out today.
All right. Sounds like we got a lot of options here when we’re talking about security and NetApp and cloud and and, you know, included, right? So, you know, as far as a tech, surge management and security, vulnerability detection, Isma Spot. Security is is your baby. So again, how do we figure out, you know, where to find more information, as well, as how to get access to it? Yeah, so we have public leasing documents, it’s called Doc’s d, o c, s. From there. You can again it’s just from the left navigation. Jump on the Spot Security, you will have the entire documentation, the how to the knowledge guides and and thus. And so on to get in touch with us, you can page to us. Absolutely. You can write to me directly, isma.rizvi@NetApp.com And you can always just go to the website and request for a demo. Once you do that, someone from the team, will immediately reach out to them.
And we will, you know, set you right up for a demo.
And that if you want to find out more information about, you know, automatic ransomware protection, or Cloud Manager. How would we find that? Yeah, there’s, there’s a lot of information available out there with me. One of the good places to start is the hardening guide for ONTAP TR-4569. It talks a lot about security, hardening postures and sort of best practices, but it also has information around setting up ActiveIQ. So you want to make sure you have turned on, so you can utilize the Cloud Manager dashboard. So, you go to Cloud. NetApp, and you can learn more all about cloud-managed or other Cloud products. It’s also a good stopping stopping point. If you have any feedback or or any information about this that you’re trying, you can’t find. You can always get me on Twitter @NTAPMatt and I can get you. If I can’t answer the question I’ll probably get you to the right person who can. So they’re just some good places to start out.
All right, excellent. Well thanks again so much for joining us and talking to us all about Spot Security as well as the rants more protection and ONTAP is always good to have a refresher on that is my Matt thanks again.

Advertisement

One thought on “Behind the Scenes Episode 340 – NetApp Spot Security

  1. Pingback: Behind the Scenes Episode 346: How Executech Approaches Cybersecurity (with James Fair) | Why Is The Internet Broken?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s