blog に戻る

2023年05月16日 Brandon Borodach

Unleashing the power of community-driven cloud security

Open source CSPM

As cloud technology continues to be a cornerstone of modern businesses and organizations, securing cloud environments has become more crucial than ever. Enter cloud security posture management (CSPM), a proactive approach to ensuring the security of cloud infrastructures.

With CSPM, organizations can continuously monitor, assess, and remediate potential vulnerabilities and misconfigurations in their cloud environments. But when choosing a CSPM solution, is open source the way to go?

Let’s explore the pros and cons of open source CSPM and discuss why it's a compelling choice for organizations seeking robust cloud security. Read here for a more in-depth discussion on whether you should open source or should not. Then I’ll show you how to get started on this journey with Sumo Logic.

Key benefits of open source CSPM

One of the most compelling benefits of open source CSPM is its cost-effectiveness. Unlike proprietary tools with initial fees or licensing costs, open source CSPM tools are often free to use, making them a more budget-friendly choice for organizations of all sizes.

But the cost benefits don’t stop at zero upfront costs. Over time, organizations can also enjoy substantial savings due to lower maintenance and update costs associated with open source solutions compared to proprietary ones. This is particularly advantageous for startups and small businesses operating on limited budgets, as the cost savings allow them to allocate resources to other vital areas.

The customizability and flexibility of open source CSPM also set it apart from proprietary alternatives. The ability to tailor CSPM tools to specific business needs means that they can be customized to meet an organization's unique security requirements, ensuring a better fit for their cloud environment.

Going beyond customization, the open nature of the software also encourages experimentation and innovation. This flexibility empowers organizations to adapt and continually refine their security strategies, giving them an edge in the fast-paced world of cloud security. Additionally, open-source CSPM solutions often offer greater compatibility, which facilitates easier integration with existing infrastructure and other security tools and systems in place.

Another significant benefit of open-source CSPM is the value derived from collaborative development and rapid updates. With the contributions of the open-source community, these tools undergo continuous improvements, allowing for quicker identification and resolution of security issues. This constant evolution ensures that CSPM tools remain up-to-date with the ever-evolving cybersecurity landscape.

A testament to this is the open-source CSPM solution, CloudQuery (CQ). With an average of more than 200 commits to the repository per week, CloudQuery exemplifies the pace and intensity of collaborative development in the open-source CSPM space. This frequent updating ensures that the tool keeps pace with emerging threats and vulnerabilities, providing robust protection for cloud environments.

Key benefits of open source CSPM
Image 1 - Commits on CQ GitHub

Open source CSPM solutions offer organizations a level of independence that is rarely found with proprietary tools, particularly when it comes to vendor lock-in. The open source model enables organizations to freely choose and switch between CSPM providers with minimal disruption.

As Yevgeny Pats, the founder of CloudQuery, says, "What users soon realize is that no vendor can really support all those APIs. Each vendor is missing some API that they need, some data that they need. So the only way to get there is really to have the open source way where they can contribute back to our official integrations by writing their own integration.”

This flexibility is crucial, ensuring they can find the best solution that suits their evolving needs. Moreover, open source CSPM tools allow organizations to control their security posture without being anchored to a single vendor's product roadmap or vision. In the dynamic world of cloud security, this level of control is invaluable.

Beyond independence, the open source model also stimulates competition among CSPM providers. This competitive landscape drives the development of better tools and services, directly benefiting the end-users.

Finally, transparency and trust are two cornerstones of the open source model, and they hold true for open source CSPM tools as well. The public availability of the source code encourages peer review and scrutiny, ensuring that potential issues are identified and addressed promptly. This transparency gives organizations enhanced visibility into the inner workings of the CSPM solution. They can better understand how the tool secures their cloud environment, increasing their confidence in its efficacy.

The sense of trust extends beyond just transparency. The global community's involvement in the development and maintenance of open source CSPM tools contributes to building trust in the security and reliability of the solution. Where it stands, I believe the beauty of open source is that it's a community-driven effort. The collective wisdom of this community makes the tool more robust and secure, instilling trust among its users.

In essence, open source CSPM tools offer vendor independence, transparency, and trust that is difficult to match with proprietary solutions, making them a compelling choice for organizations seeking robust cloud security.

Challenges and limitations of open source CSPM:

While the advantages of open source CSPM are numerous, it's vital to address potential challenges. This involves navigating issues such as limited or inconsistent support and the responsibilities that come with maintaining the tools. Moreover, there can be a steeper learning curve for teams unfamiliar with the open source landscape.

Addressing these potential drawbacks requires organizations to evaluate their in-house capabilities and resources critically. This assessment allows them to gauge whether they can effectively manage the unique challenges associated with open source CSPM tools. It's not a one-size-fits-all solution, and organizations must ensure they have the right expertise to leverage these tools efficiently and effectively.

Another aspect to consider is the learning curve and the quality of documentation provided with open-source CSPM solutions. Organizations must be prepared to invest time and resources in training and onboarding their teams to ensure they can effectively use these tools. High-quality, comprehensive documentation can significantly ease this learning curve, making it quicker and easier for teams to get up to speed.

Lastly, it's important to balance the benefits and challenges. Making an informed decision about whether to adopt an open-source CSPM solution requires organizations to weigh the pros and cons against their specific needs and requirements. They should also consider the merits and potential drawbacks of proprietary CSPM solutions. If needed, organizations can consider partnering with external experts or consultants to help guide them through the decision-making process and implementation.

DIY open source CSPM with Sumo Logic

Now that we are all caught up on the key benefits and risks of open source CSPM, let's see how an organization can get this up and running in minutes! For the purposes of this article, we have opted to demonstrate open source CSPM integration with Sumo Logic using CloudQuery (CQ).

One of the advantages of utilizing CloudQuery is its ability to store all your cloud assets, configurations, and history in SQL databases or other formats, as listed here. For long-term retention, this approach benefits from the community's contributions to SQL queries and report-building capabilities for various benchmarks, streamlining and automating the reporting process while maintaining control over the data.

As more people adopt CloudQuery, an increasing number of plugins are being developed for different data destinations. One such plugin allows for the configuration data to be exported to an S3 destination. We found this feature particularly interesting as a means of examining the type of data that CloudQuery can provide. In the following examples, we use the S3 destination to synchronize data from a CloudQuery source to remote S3 storage in various formats such as CSV, JSON, and Parquet. We selected the JSON format because Sumo Logic has the capability to natively read and parse JSON-formatted logs, enabling quick comprehension and analysis.

Lab setup and process for this Article:

  1. AWS account (Note: All three major public cloud providers are supported)
  2. Local installation of CloudQuery on a Mac (All three major OS are supported)
    1. Once installed we need to create a source file for CloudQuery
    2. Once installed we need to create a source file for CloudQuery
  3. S3 Bucket Destination
    1. Once the source has been configured we need to configure our destination plugin
    2. Once the source has been configured we need to configure our destination plugin
      Note: the “path” can be completely customized to fit your needs and we would definitely recommend doing that.
  4. Ingesting CloudQuery data from the S3 bucket into Sumo Logic
    1. Ingesting CloudQuery data from the S3 bucket into Sumo Logic
  5. Building reports and dashboards within Sumo Logic
    1. Building reports and dashboards within Sumo Logic
      Here is a screenshot highlighting how the data looks when it is in Sumo, I have blanked out any critical information but the point here is to highlight all the parsing done on the left-hand side.
Here is a screenshot highlighting how the data looks when it is in Sumo

Open source CSPM offers a wealth of benefits, making it an attractive choice for organizations looking to enhance their cloud security posture. From cost-effectiveness and customizability to collaborative development and vendor independence, open source CSPM ticks all the right boxes.

We encourage you to explore open source CSPM options and join the community-driven cloud security movement. By embracing open source CSPM, organizations can unlock the full potential of cloud security and ensure that the only unauthorized access happening is when your cat jumps on your keyboard! So, let's work together to make cloud security a piece of cake (or at least a more enjoyable challenge) for everyone.

Complete visibility for DevSecOps

Reduce downtime and move from reactive to proactive monitoring.

Brandon Borodach

Brandon Borodach

Senior Solutions Engineer

Brandon started his career with cyber intelligence work at his local fusion center. After a few years in the public sector, he transitioned to the private sector to work for an MSSP. There, he learned several SIEMs, including Sumo Logic, where he built detection content.

His passions center on technology, security, and how advanced threats constantly evolve their attack vectors. Outside of work, Brandon enjoys hiking, traveling, and reading.

More posts by Brandon Borodach.

これを読んだ人も楽しんでいます