February 16, 2023
By Arnie Lopez - WW Systems Engineering, Skyhigh Security
I think the security industry is slowly, maybe without even realizing it, beginning to come to an important realization – security products are a thing of the past, and security platforms are the necessary tools of the day. Security products are designed to address consistent, often cookie-cutter use cases, but this is no longer sufficient. Today’s organizations, large and small, blend tools and applications to create custom workflows for everyday processes, and these unique situations must be secured with flexible security platforms.
I was recently engaged with a large customer whose situation really highlighted this fact. This organization was building a workflow for their customers to submit files to them through WhatsApp which were then processed into AWS S3 buckets. Of course, proper security controls were critical for these file submissions including preventing malware or sensitive content from being submitted.
Initially, the customer was attempting to use the near real-time scanning capabilities of our Cloud Access Security Broker (CASB) to scan the submitted files. The plan was to drop the submitted files into an “unscanned” S3 bucket which would then initiate a Lambda script. The script would be responsible to determine when our CASB had scanned the file, whether it was clean, and would then move the file to either a “production” bucket or a “quarantine” bucket based on the result. This approach seemed to fit cleanly into the intended use cases of CASB, but it was ultimately trying to put a square peg into a round hole. The challenge became how to determine whether the file had been successfully scanned. Using our incident management API, any detection could be easily found, but no incidents are created for a clean file!
After engaging with the customer, we were able to design a simpler, more elegant, and faster solution for the customer. This approach changed the behavior of the Lambda script to upload the file to a dummy URL through our Secure Web Gateway (SWG) solution in the cloud. If you’re not familiar with our solution, our SWG has a hidden gem – we expose an option to see and directly manipulate the underlying policy language. This allowed us to, in just a few minutes, build a custom policy that would not only scan the files but to send custom responses to the Lambda script with details about any detections. This had the following benefits:
- A much simpler Lambda script that could be written more quickly.
- A more reliable solution with fewer moving parts and points of failure.
- Near instantaneous scan response times.
- More customizable scanning behavior and subsequent response actions
This is a powerful example of why building rigid, overly simplified solutions targeting cookie-cutter use cases is no longer a viable approach. Today’s organizations need a flexible, platform-style approach that enables them to elegantly weave the needed components of their security solutions together with their business workflows to achieve optimal outcomes. We, the security industry, need to have a heightened awareness of this and continue to enable customers with flexible and modular offerings that can achieve the infinite, unique challenges our customers face.
2023 is going to be a year to evaluate and assess the effectiveness of your security posture. It’s an opportunity to simplify and consolidate, which will also lower your total cost of ownership with a platform versus multiple products. This also makes your security team more productive, reducing the number of products they need to learn and use. Learn more about what we can do for you at skyhighsecurity.com.
Back to Blogs