How I transformed my job using Monad (at Monad)
By Pasha Kravtsov, Security Engineer at Monad
Security engineers are familiar with the setbacks of using security tools that aren’t designed to work together. Here at Monad, we’re working to remediate this.
I want to take a closer look at how Monad centralizes vulnerability findings, and how using our product (as our own Customer #0) has brought value to my day-to-day job.
Monad supports a wide variety of connectors to ingest security data. Figure 1 demonstrates what I, as Customer #0, can use.
Fig. 1 — A sample screenshot of input and output connectors
Our AWS enrichment connector uses role assumption, ending the need to create and manage IAM users or AWS access keys. Adding this connector contributes valuable infrastructure information and saves time I would otherwise spend manually searching for infrastructure in AWS and identifying unscanned assets.
Fig. 2 — Monad uses the AWS enrichment connector
Fig. 3 — Adding a Jira connector
Adding a Jira connector allows us to automatically create tickets from findings ingested earlier. This provides one location to triage, assess and track security vulnerabilities. We use OAuth to authenticate with Jira, which makes the process fast and straightforward.
Fig. 4 — Sample screenshot with AWS and Jira connectors added
Anyone that has to set up security scanners such as Tenable or Rapid7’s InsightVM when trying to identify covered or scanned assets is probably familiar with their inconveniences. Our AWS enrichment connector pulls all EC2 instances and compares them with scanned instances in Tenable. Those instances without coverage are then shown in the UI which has personally saved me time when dealing with multiple AWS sub-accounts.
Fig. 5 — The AWS enrichment connector identifies AWS assets without coverage
Where the rubber meets the road
Before using the Monad UI, my workday would start by logging into each security reporting tool, reviewing vulnerabilities and then triaging them. I would have Jira open in another browser tab, filing tickets for my work. After creating such tickets and manually triaging vulnerabilities for a specific security tool, I’d have to restart the process with the next tool. I lacked clear insight across all my security tools. As a result, I spent needless hours on manual work that should have been streamlined and efficient.
With Monad, I start my workday with one place to assess, triage and track vulnerabilities across our whole organization. I no longer need to login to each security tool or keep track of my Jira tabs. Monad does it all for me.
Fig. 6 — Monad’s unified view of security findings by status
The real value lies in the ability to aggregate all different types of vulnerabilities — whether they are code-based vulnerabilities such as a SQL injection or a CVE — into one place. With all the information shown to me in one unified view, I can triage all vulnerabilities from a single tool and prioritize vulnerabilities. Previously, creating reports was difficult as they’d be split between the different tools the vulnerabilities originated from.
Another valuable key feature is that the UI tracks the finding state by the Jira state. Creating a new Jira ticket automatically puts any findings associated with that Jira in the In Progress view. Once I’ve resolved those vulnerabilities, I can change the ticket from In Progress to Done and all the findings in the UI move to the Closed view.
Additionally, if there is concern about a severe vulnerability, I now have one place in which to search for the CVE across all my security tools! This saves valuable time, particularly when someone may be actively exploiting that CVE across the internet:
Fig. 7 — Monad displays recently active CVEs for quick resolution
With Monad I have gone from a workflow of manual, repetitive tasks with dubious tracking efforts to an efficient and straightforward workflow. This frees my time to work on other security initiatives that emphasize proactive work rather than reactive work. Without Monad, I’d spend too much time trying to get a handle on all existing vulnerabilities, rather than looking towards the future.
To find out more, read about us here.