AWS Database Blog

The World is a graph: How Wiz reimagines cloud security using a graph in Amazon Neptune

This is a guest post by Ami Luttwak, CTO at Wiz, co-authored with Brad Bebee, General Manager of Amazon Neptune.

Graphs are changing the way we parse and understand the world. Social graphs have had a huge impact on how we analyze social interactions across many industries. Now, in security, we can build totally new types of solutions that precisely understand the context of the environment. Amazon Neptune has empowered users to discover complex relationships in their data, and more easily address critical business challenges like effectively measuring their cloud security posture.

By making graph databases available as a managed service, organizations of all sizes can better understand and act on their security data. You can think of graphs as a type of data structure, consisting of nodes and edges (or vertices and links). This makes it easy to visualize how users interact with file systems, network devices, and more. When seeing the interconnections and defining everything by their relationships to other resources, it makes perfect sense that the cloud security operating model is best represented as a graph. Only then can we identify the interconnections across the complex cloud stack.

Graphs aren’t an easy button for security, however. Extracting the important relationships, focusing on only what really matters, and efficiently managing billions or trillions of relationships has proven challenging. Additionally, architectural decisions are crucial because the legal and privacy implications of managing such secure data are huge.

Wiz is on a mission to help organizations effectively reduce risks in their cloud and Kubernetes environments. In this post, we share how Wiz reimagines cloud security as a graph in Neptune.

Cloud security as a graph

Answering basic security questions like “Where are all the Log4J libraries in my environment?” has proven far too difficult with traditional security approaches. Gathering enough context to find log4j libraries no matter if they are on a virtual machine, a container, or a serverless function, and identifying which ones are exposed to the internet and which have high permissions is also a challenge. It becomes obvious that the cloud security playbook must be reimagined.

The reality is you can’t patch everything or always ensure 100% configuration. The key question is how quickly can you fix the most critical risks? The only way to do this is by uncovering the toxic combination of risk factors that represent critical risks, which we’ve found is only possible using a graph model that is stored in Neptune.

Wiz scans the entire technology stack without agents and stores a graph of the relevant security metadata in Neptune. The Wiz risk engines traverse the graph and weave together interconnected risks factors in seconds. By capturing these interconnections in a security graph, and making it visualizable and queryable for users, Wiz helps customers identify the most critical risks in their cloud and Kubernetes environments. Through a simple graph query, customers can identify critical risks such as resources open to the AllUser predefined group, publicly exposed containers with high Kubernetes privileges, and externally exposed and unpatched VM instances with cleartext SSH private keys, allowing lateral movement to a highly privileged machine.

The graph is context, and context is king

The joint partnership between Wiz and the Neptune team has brought our customers security insights only made possible by the multi-dimensional correlationals stored in a graph. Using graphs is no longer a complex computer science and operational challenge. Neptune provides a managed graph service as a building block that makes it easy to store and query the relationships in your data.

Wiz uses Neptune and other AWS services to analyze hundreds of billions of relationships in every data center, and has built a system that supports massive scalability, ingestion at scale, and the ability to optimize queries themselves natively. The actionable context created and stored in the graph enables us to precisely answer questions to proactively enable your teams to identify, prioritize, remediate, and prevent risks to your business. The precision, speed, and explainability of finding risks to your business is simply not possible without using a graph.

Summary

Graph technology will change other industries; security is just the beginning. The world is a graph, not a table. It’s time our tooling reflected this.

To learn more about Wiz or get a demo, go to wiz.io/partners/aws.


About the authors

Ami Luttwak is Chief Technology Officer and co-founder of Wiz. He has more than 15 years of experience in information security and is an expert in cloud security, spanning infrastructure, networks, and application development. Previously, Luttwak was the CTO of Adallom, a leading Cloud Access Security Broker (CASB), prior to its acquisition by Microsoft in July 2015. At Microsoft he was the CTO of Microsoft’s Cloud Security Group and led product innovation for Microsoft Israel’s R&D group, overseeing acquisitions and incubation projects for leading products such as Azure Security Center, Azure Sentinel, and Azure Advanced Threat Protection. You can follow him @amiluttwak (Twitter).

Brad Bebee is the General Manager of Amazon Neptune at AWS. He believes that graphs are awesome and they help customers use the relationships in their data to gain insights. If you agree or want to find out, let him know @b2ebs (Twitter).