CloudBees sponsored this podcast.
DevOps environments are faster, bigger and more complex than anything we could have imagined. This type of business agility has us taking the human hand out of deployments and integrations, but security has been left behind in a world of manual policies, alerts and enforcement. As entire organizations shift left, security is finally getting the attention it deserves. After all, it’s still the main headline grabber.
Up until now, security automation has mainly focused on the detection of vulnerabilities. Now two tech companies are teaming up to identify ideal software states and to automatically remediate as soon as an attack occurs.
At AWS re:Invent this December, The New Stack founder and publisher Alex Williams sat down with Liran Tancman and Corey Scobie. Scobie is the CTO of 10-year-old open source automation platform Chef. Tancman is the CEO of cybersecurity newcomer Rezilion, which allows cloud environments to self-protect and revert to the previous intended state automatically when an attack occurs. This week Rezilion announced $8 million in seed funding.
Williams spoke with Tancman and Scobie about a new partnership between Rezilion and Chef to extend the automation and reliability of DevOps to include the necessary resiliency of security automation.
The Art of Security
Beyond security engineering and startup investing, Tancman is also a classically trained violinist. The same tutor for 12 years flagged two types of mistakes in his training. First, the technical ones that you should only make once as you seek perfection. The other is the creative mistakes that need to occur as you find your art.
Tancman learned balance from this: “When you think about engineering products, startups — technology in general — you want to be very, very perfect and you don’t do stupid mistakes — talking about security. But also you want to make sure people find inspiration and find their own voice.”
DevOps automates much of the work of development and operations in a way that truly empowers these IT creative workers. This automation has to extend to security because, frankly, humans make too many stupid mistakes when it comes to this crucial lever for success — and failure.
Plus, as Williams mentioned, in the modern distributed systems like Kubernetes, it becomes less clear who is even in charge of security.
Scobie says Chef and Rezilion paired up because they share the common view that “The lack of true security automation is something that’s actually hampering the ability for customers to derive the value out of DevOps.”
Chef InSpec is a free and open source framework for testing and auditing your applications and infrastructure. It sets the compliance and security baselines for your organization, and it sets the broad standard of what your application should be doing and how it should be behaving. InSpec makes sure your organization factors your security and compliance policies into each stage of development.
Then, Rezilion learns from what is being deployed into the CI/CD pipeline to understand what is the intended state. Rezilion automatically reverse engineers any pushed code to create a policy based on what the developers intend it to do. If something is flagged as not part of the intended state, then Rezilion works with Chef InSpec to revert back to that previous state. Rezilion learns and updates with each new version.
“We believe with the combined technology of Rezilion with fingerprinting and detection, with standard baselines for security from InSpec, and with infrastructure automation and remediation through Chef and Habitat, that we can create a self-healing system,” Scobie said. “An autonomous system that says ‘Look, I detected something that’s happening that wasn’t by design and I’m going to take a remediation action’.”
This tech combination aims to be the answer to these two crucial enterprise questions:
- How do I make sure I don’t have vulnerabilities?
- How can I fix that vulnerability?
Watch or listen to this full episode of The New Stack Makers to learn just how this integration was developed and designed.
Chef and Rezilion are sponsors of The New Stack.