Why IaC Scanners Alone Won’t Cut It and Welcoming Our AI Overlords

The rapid adoption of Infrastructure-as-Code (IaC) in modern DevSecOps practices has brought with it a much-needed way to secure our as-code infrastructure configurations–both from human error and misconfigurations, known vulnerabilities, and even exposures due to poor IAM and GitOps practices.

In this talk, we will run through the most popular open source IaC security scanners that every DevSecOps professional should utilize, everything from Checkov, Terrascan, through Kics among others. These scanners provide comprehensive static code analysis for platforms like Terraform, AWS CloudFormation, and Kubernetes, identifying security risks and compliance violations in IaC templates.

But what if we could supercharge these excellent tools with the help of AI to extend detection capabilities and enable more rapid remediation? We’ll wrap up with a live demo for how to leverage advanced machine learning algorithms and AI to incorporate decades of domain expertise to deliver advanced detection rules, enable the identification of novel vulnerabilities and anomalous behavior, and other potential security risks based on existing data and known patterns.

Speaker

raz-probstein

Raz Probstein

  
Raz Probstein comes with years of experience is both leadership and technology, having served not only as Young Ambassador to the state of Israel, as well as headhunted and selected as Young ...