I was watching a competitor(?) of yours a few years ago who were trying to integrate https://github.com/WithSecureLabs/IAMSpy#iamspy with Cartography to have more insight into what, actually, the IAM Roles could do
Do you have similar plans or are those kinds of things left as an "exercise to the reader" via your Intel Plugins link? I do see https://cartography-cncf.github.io/cartography/modules/aws/s... but I also see https://github.com/cartography-cncf/cartography/blob/0.100.0... so it's hard to know what level of insight one wishes to support out of the box versus the localstack model of "open core, advanced features are $$$" type deal
Looked at your video demo, does SubImage actually recommend changes and generate terraform? For example instead of exposing 80/443 to the EC2 instance, deploy a ELB in-front of it that listens on 80/443 publicaly and only allow the ELB to forward traffic to the ec2 instance. Also, utilize attach role to the ec2 instance to avoid storing AWS credentials in environment vars, though if the instance was compromised an attacker could still access the s3 bucket.
Given that this is a paid product, are you liable if the chatbot misrepresents the data?
website(on firefox) nitpicks
- The handle_complexity.png image is too small to read and can't be zoomed unless opened in another tab.
- The background effect is in the foreground of chatbot_cropped_gif.gif
- The yaml schema text should have a background like the rest of the text boxes
Wow this library has a lot of history being developed at Lyft! Have you seen a good response to the paid offering? I suppose all the OSS users self hosting will switch over!
This is cool, and really makes sense for large organizations. Do you foresee a release for smaller enterprises (something as simple as a lightweight aws integration?)
Actionability >>> observability
If you can pull this off, you will have a great time
Looks very cool! Wiz is a beast at the moment so I will be watching closely to see if you (or anyone else really) will be able to go up against them
Congratulations on the launch! Can you please provide some details on your business model?
How come things like this are not built into most cloud providers?
Congrats on the launch!
Hi, interresting goal that you have in mind.
Working in a huge enterprise, I see a clear benefit for this kind of product, as we are really struggeling to keep track.
I understand that you are very early in boot-strapping, but what I was missing while skimming over the videos and links and webpage is a better high-bird view or contextualization of the apporach.
I was considering a demo, but the two options (chat and quick chat) were a bit unclear to me what they would archive / how they are structured.
Again, I have full understanding that you are still working on this. Good luck with this project.
absolutely awesome -- huge need
Looks great. Sent you a DM.
Congrats on the launch!
[dead]
[dead]
Awesome project!
As someone deeply familiar with this problem (ex-JupiterOne), I'd caution against asserting that 'deep level of customization' is a differentiator. Your buyer (CISO) and userbase (Sec Engs) are drowning. They (and I) don't want yet another product to build on top of. This is a key reason why Wiz is so successful -- an operator can turn Wiz on and immediately receive value, no adjustments or additions needed.
I'd strategically focus on making the 'actionability' part the cornerstone of the product and really become obsessed with making that part of your product incredible. The Goliath-killing story you need will be formed by figuring out how to get your product to the point where someone can turn it on and immediately receive value for the most impactful security problems first (ex: Log4J) and the total surface area of problems the product solves for second.