Two data driven solutions contributed to the Venafi Ecosystem.
Early identification of potential vulnerabilities and violations is critical. In order to do this, companies must be able to make sense of this ever-increasing volume of data and how it is connected. Building on our data engineering expertise, we developed two distinct, yet related solutions. Both solutions seek to humanise security data for Venafi’s clients by making it easier for them to acquire and use their machine identity data more intelligently. This resulted in the development and delivery of the Kafka Connector for Venafi Platform, and the data-driven Machine Identity Network Explorer Tool (MINEr).
Kafka Connector for Venafi Platform
The open source Kafka connector for the Venafi Platform provides a standard way to extract security events from the Venafi platform and make them available for further analysis and processing via Kafka. Developed as an official Confluent gold verified connector, it enables flexible intelligent real-time processing of security and machine identity data by a variety of different Kafka consumers – regardless of whether the target is a downstream SIEM, a new real-time machine learning platform or some combination thereof.
Machine Identity Network Explorer Tool (MINEr)
MINEr is a crypto-data analytics platform used to intuitively visualize and analyze the securely connected machines managed by the Venafi platform. With an initial focus on SSH based connections, the platform extracts core security information and events via the Venafi HTTP API. A representation of the network is generated and stored in the graph database Neo4j. This is then made available for visualisation as well as further advanced in-depth analysis and insight processing.
The web-based frontend provides an easy way to explore the network. It includes features to identify potential network risks within the organisation – for example, detecting SSH pivot paths and lateral movement scenarios.
MINEr goes beyond simple statistical analysis, it leverages innovative graph algorithms and other approaches from the field of network science to provide advanced insights. Developed to run in the cloud (initially targeting the Google Cloud Platform) or as a standalone installation behind a corporate firewall, it helps make sense of this complex connected data in a way human users can understand.
Technologies employed included Java, Kafka, Neo4j, NodeJS, Python and various GCP services.