An Interview With Elastic
As the Deputy CISO of Elastic, Anthony Scarfe is no stranger to the challenges of securing Non-Human Identities (NHI’s): He’s spent over 15 years in the cybersecurity space, and previously worked in infrastructure and data center networking. Elastic is the leading platform for search-powered solutions, helping everyone — organizations, their employees, and their customers — find what they need faster, while keeping applications running smoothly, and protecting against cyber threats. With brands like Uber, Slack, Microsoft, and thousands of others using their platform 24/7, Anthony has no shortage of secrets and Non-Human identities to secure.
After engaging with his team and implementing Entro Security’s platform we sat down with him to get a better understanding of the problems he was facing and how Entro Security’s NHI Security platform was able to help.
In your career and past experiences, how have you approached securing secrets?
Anthony: “Historical approaches to detecting secret exposure were to pattern match and look for a certain kind of string from logs – focusing on finding out after something had already been exposed. In terms of challenges we were facing it was getting that visibility. We would deal with some secret exposures. We would try to educate people. But we did that kind of from a perspective of always being behind – only catching up when we find something. We had a good incident response process around it, but how do we educate people, show them the big picture, and actually drive the majority on a journey around how we manage non-human identities?”
How have you been able to use Entro’s platform to change things?
Anthony: “First of all, Entro has helped us in the ‘Detection’ part of the journey – detecting when something’s gone out or somebody shared a secret in Slack or Git Hub, so in a reactive mode Entro is who we built our process around. And then in a proactive mode on the ‘best practices’ side, we’re plugged into various data sources of information about non-human identities, like our AWS, GCP, and Azure environments. It lets us see maturity, which secrets are not being managed well, which ones have not been used for a long time and exist in the environment but are stale and need to be rotated.”
How do you integrate with Entro technically?
“So after we connected Entro into all of these different sources like AWS, GCP, and Azure, we actually pull all of the findings from Entro into the ElasticStack. We’re not heavy users of the UI of any of our security tools. We pull data into place and then automate response processes. We call it ‘technical governance’, where we’re looking at the big picture and telling teams where to improve. So ‘technical governance’ is more ‘dashboard-and-reporting’ driven, and incident response is more reactive to very specific events.”
So what has been the biggest benefit since using Entro?
Anthony: “We just have much more confidence in our ability to manage this problem. It’s really about being able to go from reactive to a proactive, maturity-based program. Getting more accountability from the teams that own the technology, and being able to have that conversation in a way that’s based on data and facts. We have data. We can talk about NHIs and secrets in a mature way and make trade-off decisions. Now we have visibility.”
What advice would you give other CISOs from your journey?
Anthony: “I would advise any CISO who’s not thinking about NHI and secrets security that they should be. There was a time when solutions on the market weren’t looking at it from a more program-based maturity-based way of thinking, where it was very one-dimensional, and now with Entro we can look at these Non-Human Identities from different dimensions. If something gets exposed, we now know not only that it was exposed, but where it came from, who owns it, when it was last used & what it has permission to, so it is a much more rich set of data that we can use to go and drive maturity. And that’s important – no CISO wants to manage individual instances of anything. Put the right infrastructure around it to go and enable somebody to plan ahead and build a program, that’s what Entro is doing.”