Latacora collects and analyzes data about services our clients use. You may have read about our approach to building security tooling, but the tl;dr is we make requests to all the (configuration metadata) read-only APIs available to us and store the results in S3. We leverage the data to understand our clients’ infrastructure and identify security issues and misconfigurations. We retain the files (“snapshots”) to support future IR/forensics efforts. This approach has served us well, but...| Latacora - Security Practices for Growing Businesses on Latacora
Introduction Most “security tools” today are typically composed by code that consumes an API and applies predefined logic to identify issues. This is generally accomplished by: Fetching a subset of the endpoints exposed by the service / API being audited (i.e. the information required for the evaluation logic, such as a list of the EC2 instances deployed in an AWS account, as well as their configuration) Storing the data retrieved Evaluating this data to produce “findings” (this is th...| Latacora - reliable security on Latacora