Rootconf Mini 2024

Introduction:

This security tech talk proposes to dive into the evolution of detecting and securing Personally Identifiable Information (PII) and secrets across complex infrastructures. Sensitive data, such as PII and secrets, can be found anywhere—from logging services like Grafana, SaaS apps like Slack and Microsoft Teams, cloud buckets, or even employee desktops and shared folders. As security teams face the ever-growing challenge of locating and protecting this data, a scalable and automated approach is necessary to safeguard against data breaches and maintain compliance.

This session will explore how to build a scalable, automated framework that detects PII and secrets across all layers of your infrastructure, whether in cloud environments, on-prem systems, or local devices. We’ll also address how secrets or PII shared during Google Meet sessions or even printed through office printers can be detected—extending the reach of your detection efforts to every possible data exposure point.

Challenges with Existing Solutions:

Many traditional data protection tools face significant limitations when detecting PII and secrets across modern, decentralized infrastructures. Common challenges include:

• Fragmented Data Locations: PII and secrets can be stored in various locations, including logs, cloud buckets, desktops, and SaaS platforms, making detection inconsistent and often incomplete.
• Limited Detection Capabilities: Existing solutions typically focus on specific systems, such as cloud storage or log files, but often overlook data exposures in more unconventional locations, such as local devices, meeting platforms, or printers.
• Scalability Concerns: Handling petabytes of data and continuously monitoring large, distributed systems can lead to performance degradation in many current solutions.
• Manual Processes: Traditional methods rely heavily on manual interventions or partial automation, leaving room for missed vulnerabilities and inefficiencies.

Technical Challenges:

Developing a robust detection framework requires overcoming several technical hurdles:

1. Diverse Data Sources: Integrating detection mechanisms across various platforms like SaaS applications, on-premise servers, cloud buckets, and desktops is a major challenge due to the diversity in data formats and architectures.
2. Data Volume and Real-Time Processing: Managing and analyzing massive datasets (petabytes of data) in real-time or near-real-time requires a high degree of optimization to ensure fast processing without performance bottlenecks.
3. Accuracy in Detection: Ensuring that PII and secrets are accurately identified without generating false positives or missing hidden data across diverse systems is an ongoing technical challenge.
4. Cross-System Communication: Ensuring smooth communication between systems like cloud services, local machines, and SaaS applications, while maintaining consistency in detection, demands a distributed and resilient architecture.

Lessons Learned:

Through building and scaling detection frameworks, several key lessons have emerged:

• Automating Detection is Critical: Manual processes are insufficient for the growing complexity of modern infrastructures. Fully automated solutions like Hawk Eye, which has successfully scanned petabytes of data across multiple companies, are crucial for full coverage.
• Design for Scalability: To future-proof the detection framework, it’s essential to design for scalability from the outset, ensuring that the system can handle massive data volumes across different environments.
• Multi-Platform Integration: Ensuring detection coverage across diverse systems—from SaaS platforms and cloud services to desktop environments, video meetings, and even printer logs—is crucial for thorough monitoring.
• Continuous Monitoring: Real-time detection and alerting help mitigate the risk of data breaches by ensuring sensitive data exposures are identified and acted upon as quickly as possible.

Participants Will Learn:

• How to implement an automated PII and secrets detection framework across various infrastructures, including logs, cloud buckets, and local devices.
• Practical strategies for integrating detection with SaaS platforms, employee desktops, and even online meetings and printer logs.
• Best practices for scaling detection across large datasets and managing continuous, real-time monitoring.
• Insights into common vulnerabilities where PII and secrets are often hidden and how to mitigate them.

Takeaways:

1. Actionable Techniques: Attendees will leave with practical knowledge on how to automate PII and secrets detection across a range of environments, from logs and cloud storage to unconventional sources like video meetings and print logs.
2. Scalability and Real-Time Monitoring: Participants will gain insights into building scalable detection systems that continuously monitor and process petabytes of data in real-time.

Target Audience:

This session is highly beneficial for:

• Security Engineers: Looking to enhance their organization’s detection and security framework for sensitive data.
• DevSecOps Teams: Seeking automated, scalable solutions to detect and protect PII and secrets in their infrastructure.
• IT Administrators and Compliance Officers: Focused on data privacy and regulatory compliance efforts, ensuring sensitive data is secured across diverse systems.

Conclusion:

As privacy regulations tighten and the risk of data breaches continues to rise, automating the detection of PII and secrets is a necessity for modern security teams. This talk will provide actionable strategies for building a scalable, real-time detection framework that can cover all possible exposure points, including video meetings and printers, ensuring comprehensive data protection across the organization.