►
From YouTube: Innovation Sandbox 2018 StackRox
Description
The RSAC Innovation Sandbox Contest brings out cybersecurity’s boldest new innovators who have made it their mission to minimize infosec risk. Each year, 10 finalists grab the spotlight for a three-minute pitch while demonstrating groundbreaking security technologies to the broader RSA Conference community.
https://www.rsaconference.com/events/...
A
Businesses
are
trying
to
innovate,
using
containers,
microservices
and
cloud
native
principles,
they're,
fundamentally
changing
how
they're
building
applications
and
managing
their
infrastructure.
Now
this
increased
velocity,
modularity
and
configurability
has
also
substantially
increased
the
attack
surface.
This
is
the
fundamental
problem
we
wanted
to
solve
at
stackrocks.
A
We
look
at
it
as
though
security
has
to
be
built
using
the
same
core
principles
of
cloud
native.
The
same
way
applications
are
built
and
deployed,
meaning
that
they
have
to
be
form
factor
agnostic.
They
have
to
be
able
to
collect
analyze
and
actually
respond
to
this
information
in
the
context
of
immutable
and
ephemeral
infrastructure,
meaning
security
has
to
be
continuous
in
this
infrastructure.
A
The
main
things
we
see
are
the
fact
that
this
entire
stack
is
highly
configurable
modular,
as
well
as
the
fact
that
it
is
highly
highly
scalable.
Now
at
each
one
of
these
layers,
all
these
constructs
or
tools
can
constantly
change
and
shift
based
on
the
business
needs.
So,
even
though
the
businesses
select
these
constructs,
they
still
have
to
be
able
to
not
create
lock-in
for
their
developers.
This
is
where
security
has
typically
suffered.
A
A
What
we
do
is
we
abstract
away
all
the
building
blocks
using
a
distributed
sensory
model,
so
we
can
collect,
regardless
of
the
form
factor
from
every
component
in
the
infrastructure,
so
it
allows
developers
and
devops
to
be
able
to
change
these
constructs
and
these
tools
and
can
leverage
whatever
is
best
for
their
business
models.
We
use
this
to
be
able
to
capture
telemetry,
so
we
can
create
visibility
and
insight
at
every
layer
of
the
stack
and
on
top
of
that,
create
detection
and
then
leverage
the
existing
infrastructure
for
enforcement.
A
Now,
to
do
this,
you
have
to
speak
a
common
language.
This
is
where
we
created
our
adversarial
intent
model
aim
which
focuses
on
a
set
of
subset
actions.
Every
attacker
has
to
take
to
move
through
your
infrastructure,
regardless
of
the
orchestrator,
the
container,
the
host
or
the
application.
This
allows
us
to
actually
stitch
together
alerts
without
getting
into
the
root
of
why
something
happened
and
be
able
to
really
present
the
abstract
level
to
the
operator,
so
they
understand
their
business
risk
and
their
application
risks.
A
Now
to
do
this,
we
have
to
put
together
a
whole
new
team
to
do
this.
This
is
why
we
don't
really
focus
on
just
the
executive
team
we
had
to
put
together
the
best
security
researchers
we
had
to
get
put
together
great
data
scientists
and
machine
learning
experts,
and
we
had
to
bring
in
disciplines
that
understood
distributed
systems
and
microservices
from
a
lot
of
prominent
companies.
At
the
same
time,
this
is
a
substantial
problem
and
we
knew
we
couldn't
just
solve
it
on
our
own.