A Day in the Life of a Cloud Security Researcher at Panoptica

Becca Gomby
Wednesday, Jan 18th, 2023

Efficiently protecting the cloud at scale

You probably know our amazing research team from the cloud vulnerabilities they’ve discovered such as the AWS RDS Vulnerability, the AWS ECR Public Vulnerability, or the Azure Cloud Shell Command Injection. The real secret sauce is how the Panoptica Cloud Security Research Team is actively involved in the development of our attack path analysis, risk prioritization, and creation of graph algorithms.  

In this post, we will focus on The Cloud Security Research Team at Panoptica and how they work. Their job is to unearth various services, issues, and vulnerabilities across cloud service providers to bring the most value to the market and Panoptica’s customers.  

Meet one of Panoptica’s Cloud Security Researchers, Dana Tsymberg 

Dana came to Panoptica with a background as a cyber analyst in a mobile department for a software company. There, she searched for new malware and trends in mobile phones. Dana’s move from the world of mobile software to cloud security was spurred by her interest in expanding her knowledge while also exploring a new career path. She initially had taken a course during the last semester of her undergraduate degree about cloud services, which sparked the desire to further explore the field of cloud security. When joining Panoptica, Dana came with a general understanding of different cloud services and providers but spent the early days of her time in her new role, really digging into the documentation and services, as well building attack path simulations, to understand how everything worked. 

Where does a cloud security researcher start? 

The process of uncovering new enriched insights and attack paths is first and foremost driven by feedback and pain points we hear from customers or prospects in conversations. Our team makes sure that we understand what the most common pain points users of cloud security tools are feeling alongside new developments in the hundreds of services released by AWS, Azure, GCP, and Kubernetes.  

Once the problems or services are identified, what comes next? 

Reading, researching, and more research. Dana’s next step is to pour over the specific service’s documentation to uncover and fully comprehend the ins and outs of the service. How does it work? How is the architecture built?  

During this step, Dana runs simulations whereby she creates and connects accounts to see how deeply into the services she can dive and what kind of access she can get – whether into open buckets or identifying potential attack paths. Once there is a path discovered or point of entry, Dana will check the statistics to see how many of Panoptica’s current customers have such a vulnerability in their cloud. If Dana sees that this is a common point of failure for a percentage of customers – a ticket will be opened for the Graph Algorithm Team to start building the topology of the attack path and the surrounding environment. Dana provides the specifications and characteristics of each asset and how they are connected to one another. Then, the teams will work together to ensure that there is the correct naming, risk, and impact associated and attributed to each asset / resource / service and to make sure the risk of the attack path accurately reflects the critical discovery. 

Panoptica cloud application security

Cloud Security Research Team + Graph Algorithm Team = cloud security wins 

The collaboration that exists between the Graph Algorithm Team and the Cloud Security Research Team maximizes the power of the graph to provide the deep and immediate security value that our customers love. The relationship between the two teams, alongside the ongoing feedback from customers and market research, feeds the ability for this dynamic machine to continuously reflect the most up-to-date cloud security risks.  

Researchers from the Cloud Security Research Team, like Dana, deliver all forms of enrichment to the graph topology – specific edges and nodes that cannot be derived from collectors, labels indicating severity and permissiveness of a specific role or roles, and additional properties on nodes or edges that give added value from a security perspective. The relationship between these two teams is symbiotic. The research team provides input to the graph for improved topology and detection, but also uses the graph for investigations and extended research endeavors.   

“It can be said that without the Cloud Security Research Team the graph would be mainly a visibility tool displaying the topology of the cloud account without added security wisdom, and without the Graph Algorithm Team the security research team would not have a way to translate its findings to a data engine that produces contextual value from these findings - detection of attack paths, prioritization, severity and risk scoring, and all of the other advanced capabilities of the graph.” - Roy Maor, Graph Algorithm Lead

Going above and beyond: Dynamic Remediation that DevOps love 

For every attack path that is discovered, Dana and the rest of the Cloud Security Research Team work to build out-of-the-box remediations. The same is true for open security findings, each single finding can also be remediated using the provided Dynamic Remediation provided by the Panoptica Platform in the form of a Deny GuardRails via Terraform or YAML.  

Cloud security research is a finite resource that should be maximized 

When you blend Panoptica’s Cloud Security Research Team with our Graph Algorithm Engineers we bring together the best cloud security insights from both perspectives. This is one-way Panoptica stands alone as the most efficient CNAPP solution in the market.  

While other vendors may have their offensive and defensive teams of researchers, these teams are often working as a separate entity from the product efforts and lack the graph algorithm outputs available the second you connect your cloud account. At Panoptica we pride ourselves on our focus of cloud security risks from the perspective of the attacker, and it is through this lens that the team can best serve customers and provide out-of-the-box remediations for attack paths and security findings across AWS, GCP, Azure, and Kubernetes.  

How to become a great cloud security researcher, like Dana 😊 

Great cloud security research can come from anyone who has a true passion for deep diving into new materials and tracking trends. Even if you aren’t a cloud security expert now, that doesn’t mean you can’t be down the road. According to Dana, all it takes is a thirst for knowledge, genuine curiosity, and an open mind. Connect with Dana on LinkedInread blog posts from our Research team, and follow us on X to get our cloud security content and educational resources.  

Popup Image