Last Updated on March 18, 2022
One could argue that there are two kinds of cybersecurity postures: the kind where you “hope” you’re secure and compliant, and the kind where you can prove it. Facing growing pressure from clients, regulators, boards and other stakeholders, the need to be transparently (and now the buzzword is “continuously”) secure and compliant is becoming critical for many organizations.
But as Maxime Lamothe-Brassard, founder of “security infrastructure as a service” provider LimaCharlie, points out on a recent episode of The Virtual CISO Podcast, there’s a level of “provable security” that we largely overlook. This potential blank spot starts with the promises and reputations of the vendors whose technology and/or services we’re trusting to protect us. But is trusting vendors’ promises and the black-box functionality of typical SaaS or on-premise security solutions the same as knowing exactly how and why you’re protected?
The AWS approach to provisioning security
“Cybersecurity has to evolve past these promised-based kinds of security into knowable security positions,” Maxime explains. “You want to be able to say, ‘Yes, we’re protected, and this is how we’re doing it.’”
That is, you know your security is working because your tools are open and transparent. It starts with a different philosophy for how to mix, match and provision security solutions.
Today most businesses buy security products from vendors. This involves evaluations, contracts, licenses, minimums… often there’s considerable friction in the process.
LimaCharlie takes the “AWS approach”: Self-serve, scale-up/down, mix and match, billed monthly, pay as you go for the tools you use, with no contract lock-in.
Like connecting Lego blocks
Modular toolsets are great, but it’s been known to take significant expertise and time to build anything with them, let alone test it.
LimaCharlie is “trying to stay on the side of ease of use,” according to Maxime. “We want this to be Lego blocks. The tools can work together and you can assemble them. But we also don’t want to over-segment the space, so that to do a little thing you need to figure out a bunch of different Lego blocks.”
For example, a key idea within LimaCharlie is “sensor.” In their world, it’s a very broad term. Ingest a sensor and you bring its telemetry into your environment, whether that’s from Windows, Mac, Linux, Chrome OS, and so on and on. This is the foundation of LimaCharlie’s first and still strongest use case, endpoint detection and response (EDR).
“It’s a point of pride for us that it’s a 100-millisecond round trip between the cloud and the endpoint,” states Maxime. Queries that might have taken a day with conventional EDR take seconds with LimaCharlie’s tools.
“You can start to think of all your endpoints as an extension of the cloud,” Maxime offers. “Like AWS, we’re API first. So, you can take our Python SDK and super quickly write something that literally goes against all of your endpoints and gets some data, and based on that makes a call or does something else with it. And it’s running directly in the box—it’s interactive.”
Maxime characterizes LimaCharlie’s EDR as “not so much an EDR [product] as an agent that has EDR capabilities.” You can choose a preconfigured set of services to make your EDR capabilities greatly resemble a boxed EDR offering, for instance. Then you can choose to layer hundreds of SIGMA open-source detection rules on top of that. Or not. You’ve got complete control.
Ultimately, in Maxime’s view, LimaCharlie gives your team the ability to take ownership of your environment and how you’re handling security at a level that boxed products rarely allow.
To listen to the LimaCharlie podcast with Maxime Lamothe-Brassard all the way through, click here.
Interested in other SaaS approaches to security? We recommend this podcast on attack surface management: EP#69 – Steve Ginty – Can You Benefit From Attack Surface Management?