Hacker News new | ask | show | jobs
by walterbell 701 days ago
https://old.reddit.com/r/cybersecurity/comments/1c1s9r2/wiz_...

> Wiz combines a graph search for asset management with agentless vuln and malware scanning that clones EBS volumes and scans them on their infrastructure. That's a great combo for vuln management, but has some downsides like delays between scans and cloud costs. They have a sensor with solid detection rules, and are okay at a bunch of other stuff like cloud log threat detection and sensitive data detection. They've basically pushed what you can do without an agent to the limit.
2 comments
chatmasta 701 days ago
> clones EBS volumes and scans them on their infrastructure

Crowdstrike: “you just install a kernel module with ring zero access and we’ll make sure you’re protected”

Wiz: “hold my Red Bull…”

link
golemiprague 701 days ago
From the explanation here it sounds completely opposite concept, they download the server and check it rather than doing the checks on production environment
link
chatmasta 700 days ago
Yeah, I was thinking more about the risk of data leaks.
link
pwdisswordfishd 701 days ago
This sounds uselessly crippled, as it's not going to catch malware that doesn't drop anything to disk, or that adequately cleans up after itself if it does.
link
nshelly 701 days ago
I would assume they could also dump memory, i.e. `/dev/mem`. Agreed they would need to also do frequent memory snapshots, but lots of malware will also run in the background waiting indefinitely, and often as the same name as common Linux processes but different hashes.
link
qeternity 701 days ago
You would need an agent to do this. Cloning EBS won’t dump memory.
link
stefan_ 701 days ago
The people who have /dev/mem and run this garbage must form a complete overlapping circle.
link