JumpCloud launched at TechCrunch Disrupt San Francisco today with a new way to secure the deep vulnerabilities that come with cloud servers, in particular Amazon Web Services (AWS).
The service, in private beta until today’s launch, represents a new way to analyze machine data to provide notifications and alerts about a customer’s cloud deployments.
The security vulnerability of AWS servers in large part comes from old-school processes that are quite similar to the username and password model used by social networks. Attacks are frequent and can wreak havoc for the users of the service.
The JumpCloud service combines user management with performance checks and alerting. It protects users through its management platform, which stores the cloud server keys for the administrator. The platform abstracts the password process, preventing attacks by dropping a small piece of software on the customer’s cloud server. It is an agent-based approach similar to the way companies such as New Relic provide application performance management. The agent records the data from the server, monitoring it for unusual spikes in network loads and other unusual events.
“What New Relic does for performance monitoring, we do for security,” said CEO David Campbell.
The service is also similar to Loggly, which aggregates and analyzes data from servers, network routers and other machines so an administrator can get a view of how the infrastructure is running. JumpCloud provides value-added analytics on top of the log management to find the signals in the noise. For example, a huge new network load on the server is a sure sign of trouble that JumpCloud can detect.
“We crunch all this data in the cloud and prvie you jsut actionable alarms,” Campbell said on stage.
JumpCloud can be integrated with Puppet or Chef so servers can be added automatically to its SaaS data security network. This means that every image a company launches has security built in from the beginning.
AWS is the most heavily used cloud service in the world, opening a large market for JumpCloud. But the SaaS provider has challenges. The industry is notoriously anti-security, though trend is likely fading in today’s world of NSA-snooping and near-constant attacks.
Part of the problem lies with administrators and the way they manage sensitive passwords. On AWS an administrator creates a key-pair that serves as a public and private set of credentials. AWS gets the public key and the enterprise gets the private one. Campbell said nine tines out ten the customer does not change the password for the private key, often leaving it on the system, easily discoverable to the attackers.
To see the extent of the problem, Campbell and his team started doing client side attacks by mining social platforms, targeting administrators with links that if clicked would send them to a site that Campbell and his crew controlled. Once they gained access to the victim’s credentials, Campbell’s team would get access to the customer’s site and find the keys, proving the extent of the problem.
Administrators often use open-source tools or create their own home-grown solutions to the problem. Campbell said DevOps professionals, want a more comprehensive approach that does not get in the way of their work and the user experience.
The JumpCloud approach embraces the DevOps anti-security culture. Campbell said they strive to make it as easy as possible to secure AWS instances without losing the freedoms that are so important for the free-flow of data and speed that developers demand.
The company will offer a freemium SaaS model, giving away basic user management, performance monitoring and security alerting for free. It will up-sell users on realtime alerting, automatic remediation and advanced correlation features.