Today, straight from Jack’s desk, I confess: I thought I knew CDR front to back (I didn’t). CDR? Ugh. I’d roll my eyes. “Another acronym,” I’d groan with arrogance to a friend in the industry. They would typically roll their eyes too. Maybe they were rolling their eyes at me. I live in a world where Acronyms are precious to me and when CDR dropped, I thought it was just a cute new term for a “CSPM.” I thought it analyzed public cloud configurations to highlight risks, and then analyzed a few additional signals to determine if something nefarious had happened (not real-time, to be clear). What makes this all even more embarrassing is that it’s simple. Well, let’s call it elegant. It’s one of those innovations that just makes sense. It pops. It provokes my “why didn’t I think of that,” internal monologue. I’m the Technology Evangelist at Uptycs. Before that, I had a 27-year career, and spent ten of those years in CISO/CSO roles. When my team decided to do a piece on CDR, I surveyed them to see what they thought CDR meant. I didn’t know if the claims they made were true. So I went down the research rabbit hole. I’d summarize CDR myself, but Laura, a fellow Up-Shifter, said it perfectly in her blog: The problem: Hackers scan the cloud attack surface, looking for weaknesses that are caused by cloud-configuration vulnerabilities. Some of these vulnerabilities are ephemeral, and many CSPMs don’t detect configuration changes immediately. The sans are working, and hackers are breaking in. The solution: CDRs function just like other detection and response tools. The strategies CDR use are specific to the unique architecture of the public cloud. Some of these techniques include: I was wrong about CDR. But that’s OK. I’m sure I don’t have a perfect understanding of it now. Nor will I ever. But that’s still OK. Because in this industry, this always-changing industry, not only do we get to continuously learn, we have to. It was exciting to learn about CDR in a new light. I always say, “trust, but verify.” This includes my bias and assumptions. Do you know what Uptycs has been up to? Trust, but verify your understanding about Uptycs by taking a tour of our CDR features. Threat actors are increasingly becoming cloud security experts, making it crucial for businesses to establish a strong cloud security posture. Uptycs Cloud Detection and Response (CDR) offers a comprehensive solution for organizations looking to bolster their cloud security. Uptycs CDR addresses key challenges in cloud security by detecting malicious activities within your environment, and alerting the appropriate response teams. Uptycs CDR not only alerts you to these security threats, but also provides simplified explanations and actionable steps to remediate the issues. By partnering with Uptycs, businesses can ensure a robust cloud security posture without needing in-house expertise, allowing them to focus on their core operations.What I Used to Think About CDR
What I Think about CDR Now–And Why"CDR, or Cloud Detection and Response, is a security approach designed to protect cloud applications and infrastructure by providing visibility, analytics, and threat detection capabilities within cloud environments. CDR tools integrate with various cloud service providers and their native security services to detect and respond to cloud-specific threats and vulnerabilities."
She went further, but this piece is for my fellow CISOs out there on the battlefield, being bombarded by acronyms from all sides. Short and sweet:
It Feels Good to Learn
About Uptycs CDR
Jack Roehrig
Jack has been passionate about (obsessed with) information security and privacy since he was a child. Attending 2600 meetings before reaching his teenage years, and DEF CON conferences shortly after, he quickly turned an obsession into a career. He began his first professional, full-time information-security role at...