PEXA consolidates security tooling to map threat exposure faster

PEXA has undergone a consolidation of security tooling over the past few years, moving to a mix of AWS and Palo Alto Networks to make it simpler to map its exposure to emerging threats.

Cloud security lead Anish Dharmakkan contrasted the two security tooling setups at AWS Summit Sydney, with reference to the efforts that went into understanding exposure to Log4j in 2021, versus the XZ Utils backdoor earlier this year.

“In 2021, we had a lot of tools, a lot of homebuilt ones and third party and other software vendors that we used to scan our systems, so when things like Log4j popped up we had to react pretty quickly and decisively,” Dharmakkan said.

Across its containers, cloud compute, CI/CD pipeline and “hundreds” of code repositories, Dharmakkan said it took “somewhere around 12 hours before we mapped everything out, and then kept updating it.”

He compared the process to what PEXA has now, which leans on a “full suite” implementation of Palo Alto Networks’ Prisma Cloud.

‘When XZ happened, all we had to do was just punch in the CVE [common vulnerabilities and exposures identifier], [to] investigate [and] find the CVE, and that maps out where Prisma sees it,” Dharmakkan said.

“We don't have to kick off any additional scans - we just have to query for the CVE and it kind of tells you where it's located in your workloads.”

Dharmakkan said that PEXA employed a bot in Prisma to monitor its CI/CD pipelines for vulnerabilities present in code that is intended to be pushed into production.

“So, based on the policies that we set, if there's ‘high’ and ‘critical’ [rated vulnerabilities] in the codebase and in the artifact that gets built, do not push it to production.

“So, it automatically flags it. But if you're paranoid like me, you can set an alert there saying, ‘If you see the CVE, just send me a Slack message or email’, so you get additional visibility.”

The way Prisma Cloud is set up means developers are alerted to detections “in their own workbench”, which Dharmakkan said was a “huge time-saver”.

“We're not spending a lot of time triaging the issues,” he said. “We know where [they are, and] we go straight to defence.”

Dharmakkan added that there was also some interplay between Prisma Cloud and various Amazon security services that PEXA used, including the Amazon web application firewall (WAF).

“Prisma Cloud reads your WAF configuration and alerts you - ‘Hey, you've got an API, but you haven't applied the rule in AWS WAF that protects you against zero days’.

“So, it's two security systems talking to each other, making sure we have the best security configuration with it.”

PEXA’s presentation was used as an illustration of a cyber security tool consolidation concept that Palo Alto Networks promotes.

Ry Crozier attended AWS Summit Sydney as a guest of AWS.

PEXA consolidates security tooling to map threat exposure faster

PEXA consolidates security tooling to map threat exposure faster

PEXA consolidates security tooling to map threat exposure faster

PEXA consolidates security tooling to map threat exposure faster

PEXA consolidates security tooling to map threat exposure faster