The Justice Engine is a plugin that we’ve developed for Security Monkey that acts as Judge and Jury of resources. It begins by calculating the risk any given cloud resource poses to our company. This risk is calculated based on the resource’s configuration over time. Configurations such as having a resource accessible to the whole Internet are weighed heavily by the Justice Engine and are more likely to be flagged to be removed.
Open Source Developments at SendGrid: The Justice Engine
Tell Hause August 16, 2018 • 3 min read
Note: This post comes from SendGrid’s Security Team. For more technical posts like this, check out our technical blogroll.
As described within SendGrid Security teams’ last post, we are using a tool we call Krampus to help us mitigate potential risk within our cloud infrastructure. Our aim within this post is to explain and share how we leverage that tool to make our lives easier. In our initial post on our team’s approach to cloud security, we mentioned the following:
“Our ability to enable the business to quickly execute on our cloud security strategy relied on us being able to stand on the shoulders of giants. For example, we have opted to run a modified version of Netflix’s Security Monkey project in order to identify resources with security issues.”
And one might very well ask “What kind of modifications did you make?”
The answer to that…we call the Justice Engine.
What is this Justice Engine that you speak of?
The Justice Engine is a plugin that we’ve developed for Security Monkey that acts as a Judge and Jury of resources. It begins by calculating the risk any given cloud resource poses to our company. This risk is calculated based on the resource’s configuration over time. Configurations such as having a resource accessible to the whole Internet are weighed heavily by the Justice Engine and are more likely to be flagged to be removed.
Once the resources’ score has been calculated, the Justice Engine continues by formatting the results into a standard that Krampus can action, and finishes by warning the various resource owners of the planned action.
Major thanks for the article.Thanks Again. Awesome.
A round of applause for your blog article.Really thank you! Great.
Im thankful for the blog.Really thank you! Keep writing.
Appreciate you sharing, great blog.Much thanks again. Keep writing.
Very good article post.Really looking forward to read more. Fantastic.
I loved your blog post.Much thanks again. Keep writing.
Thanks for sharing, this is a fantastic blog post.Really thank you! Cool.
Im thankful for the blog.Much thanks again.
I cannot thank you enough for the article.Much thanks again. Cool.
Hey, thanks for the blog post.Much thanks again. Much obliged.
Major thanks for the article.Really looking forward to read more. Great.
Wow, great blog article.Really thank you! Want more.
Appreciate you sharing, great blog. Really Great.
I am so grateful for your article post.Really thank you! Awesome.
Major thanks for the article post.Much thanks again. Want more.