In this Brand Story conversation, Sean Martin sat down with Brooke Motta, CEO and co-founder of RAD Security, to discuss a game-changing shift in cloud security: moving from signature-based to behavioral-based detection and response within the Cloud Workload Protection Platform (CWPP).
In this Brand Story conversation, Sean Martin sat down with Brooke Motta, CEO and co-founder of RAD Security, to discuss a game-changing shift in cloud security: moving from signature-based to behavioral-based detection and response within the Cloud Workload Protection Platform (CWPP).
The What: RAD Security is pioneering the future of cloud security with its state-of-the-art behavioral cloud detection and response (CDR) solution. Unlike traditional CWPP and container detection systems that depend on signatures, RAD Security employs advanced techniques to create behavioral fingerprints based on unique good behavior patterns. This innovative approach aims to eliminate the risks associated with zero-day attacks and apply zero trust principles while ensuring real-time posture verification.
The How: RAD Security's approach stands out in multiple ways. By setting behavioral baselines reflecting a system's normal operations, the platform can detect deviations that indicate potential threats earlier in the attack lifecycle. Integrated real-time identity and infrastructure context further sharpens its threat detection capabilities. This not only allows for proactive defenses but also enhances shift-left strategies and posture management, making cloud environments more resilient against emerging threats.
Key Points Discussed:
RAD Security is leading the charge in transforming cloud security through its innovative, signatureless behavioral detection and response platform. By integrating real-time identity and infrastructure context, RAD Security ensures swift and accurate threat response, laying the groundwork for a new standard in cloud native protection.
For more insights and to learn how RAD Security can help enhance your organization's cloud security resilience, tune into the full conversation.
Learn more about RAD Security: https://itspm.ag/radsec-l33tz
Note: This story contains promotional content. Learn more.
Guest: Brooke Motta, CEO & Co-Founder, RAD Security [@RADSecurity_]
On LinkedIn | https://www.linkedin.com/in/brookemotta/
On Twitter | https://x.com/brookelynz1
Resources
A Brief History of Signature-Based Threat Detection in Cloud Security: https://itsprad.io/radsec-4bi
Open Source Cloud Workload Fingerprint Catalog: https://itsprad.io/radsec-kro
Learn more and catch more stories from RAD Security: https://www.itspmagazine.com/directory/rad-security
View all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas
Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story
From Signatures to Behavior: RAD Security's Recognized Innovations for Cloud Threat Detection and Response | A Brand Story Conversation From Black Hat USA 2024 | A RAD Security Story with Brooke Motta
Please note that this transcript was created using AI technology and may contain inaccuracies or deviations from the original audio file. The transcript is provided for informational purposes only and should not be relied upon as a substitute for the original recording, as errors may exist. At this time, we provide it “as it is,” and we hope it can be helpful for our audience.
_________________________________________
Sean Martin: [00:00:00] Here we are. We're ready for another seven minutes on ITSP Magazine with a new short brand story. Today, I'm joined by Brooke Mata, CEO and co founder of RadSecurity, the company taking a signatureless behavioral approach to detect and respond earlier to cloud attacks while sharpening inputs into shift left and posture management.
Welcome, Brooke.
Brooke Motta: Thank you. Thank you for having me.
Sean Martin: I want to start off by congratulating you on, uh, RAD Security being selected as a finalist in the Black Hat Startup Spotlight Competition. Uh, I think you're recognized for your work there and, and having a signature list behavioral approach.
And, uh, if I'm not mistaken, you're one of the only organizations that also, Recognized at RSA conference, uh, for your innovations, uh, in the sandbox there.
Brooke Motta: Yeah. Great observation. That's true. We are the only company to have been selected for both. So we're really excited about the opportunity to showcase what [00:01:00] we're doing at BlackHat this year.
So thank you for recognizing.
Sean Martin: Yeah, absolutely. And, last time we spoke, we looked at kind of the how cloud native development is kind of the biggest threat facing security teams today.
And today I want to kind of touch on. Switch the conversation to look at a deeper dive in what the signature based and move from signature based to behavior based detection really means in the world of cloud workflow protection platforms.
Brooke Motta: Yeah. So, um, as we talked about in our last chat, you know, the world has moved to cloud native. And with that comes a new opportunity for, um, people with malicious intent to attack, uh, some new targets. And so what RAD has done, and much differently than our competition or even CWPP, Vendors out there is we've decided to take an approach that doesn't rely on signatures or [00:02:00] CVEs in order to catch, uh, cloud native attacks early in the development pipeline.
Instead, we're fingerprinting your workloads to understand. That's much, much earlier in the development life cycle, and we do that by detecting drift from what we've observed is known good behavior in your environment. Anything that drifts from that, we then flag as suspicious. And so it's a much, much different approach than what legacy container security solutions are doing today.
Sean Martin: And when you, when you say drift and you can share as little or as much as you want here. Um, what are some of the challenges that, uh, teams have? I mean, because drift is common, right?
Brooke Motta: Yeah, so, um, what we're doing is instead of depending on signatures and CVEs, we're providing teams with a way to detect zero days.
And so you saw in recent history, there was a vulnerability called the XZ backdoor. Um, [00:03:00] and threats. Uh, more and more threats like that are emerging. In fact, 90 percent of organizations in 2023 experienced a breach in their container. Kubernetes environment. And so rather than having the teams that are responsible for securing those containers or Kubernetes infrastructure to wait for a signature CV to be created instead, what we're doing We are identifying threats like the recent XC backdoor vulnerability much, much earlier.
Um, we also can identify things like. Um, human and non human identities that are inside your cluster. Uh, and so this allows for us to arm our customers with, uh, information that's not only useful to preventing attacks, but also, uh, helps them to detect them much, much earlier in the development life cycle.
Sean Martin: So much cool stuff here, I have a gazillion questions, but [00:04:00] let's, uh, let's go with this one. The, the supply chain. Stuff comes in through third party services and APIs and things like that. And because you're at at runtime, you're able to analyze this stuff.
So talk to me about the environment and how what you do gets the whole picture at runtime and not just dealing with stuff at build time.
Brooke Motta: That's right. Yeah. So, um, you know, there's a challenge right now. between, uh, software supply chain attackers and the people who are actually producing the software.
And so what we're helping development teams to do is to get a verified clean runtime fingerprint. against the same image running in their environment so that they actually have an opportunity to defend against the next zero day attack. Um, and so we have a whole library of fingerprints for our [00:05:00] customers in order to make sure that they're fully protected.
And we're doing that also by leveraging E. B. P. F. to codify the baseline behavior of the workload, uh, into the fingerprint. And that way the Dev Sec Ops teams or the DevOps teams can use that as a verifiable defense against. Those, uh, software supply chain attacks they were just talking about.
Sean Martin: , in the last moments we have here, talk to me about response. Um,
Brooke Motta: yeah,
Sean Martin: having the knowledge and the context, right?
Brooke Motta: That's right. So another area of differentiation for us is rather than, um, just, um, Providing the cloud detection. We actually have been really thoughtful about making sure that our customers have response actions as well.
And so, um, most companies that say they do CDR actually really mean that they're doing CD. And so rad, uh, provides customers with, uh, like I said, the [00:06:00] response actions that allow you to quarantine, label or terminate anomalous activity. Um, we're also leveraging LLMs in order to classify detections and help sock teams to understand, um, how to remediate much, much faster.
Uh, and so, uh, We're really thoughtful about making sure that our customers can quickly get to a path of remediation, not just for smaller companies, but also for very large companies at scale who don't often know exactly who is responsible for fixing what. Um, and so, um, We've built a lot in our platform and leveraged, um, some really nice integration partnerships in order to make sure that we can help response at scale.
Sean Martin: That's fantastic. And, uh, that is also seven minutes here on IDSP magazine, the time flies and you, you've said a lot of good stuff. So thanks a lot, Brooke.
Brooke Motta: Thank you so much. I appreciate you having [00:07:00] me.