Internet Entities Security Info Kit

Internet Entities Security Info Kit proposal empowers developers to process unknown entities such as URLs, files, emails with confidence and secure their applications from being exploited by malicious actors

Motivation

Secplugs believes that a tool like Secplugs Internet Entities Info Kit will cater to two key problem statements

Security credibility of an Application

A large number of consumers of COTS apps or custom built apps are increasinging asking for security credibility of such applications. If an application is in the business of handling internet entities such as URLs, Emails, uploads/downloaded files etc, then the application is expected to ensure that it does not accept or share malware, phishing URLs or guides users to malicious sites.

An application will lose credibility fairly quickly if it is found to be compromising security of customer IT assets.

Zero Trust Security:

Zero trust security means that no one is trusted by default. So no users or machines or application interactions should be automatically trusted.

  1. Zero Trust Users:

Humans are likely the weakest link in Security strategy. Trust no users, whether in or outside the organization’s network. Limit, monitor and validate any user interactions with your application. If the application has file upload/download functionality, it is imperative to block malicious actors in the boundary to ensure your infrastructure remains secure. Attackers may want to exploit the File upload functionality and upload malicious files or Application users/customers/subscribers may unknowingly upload the malware to your infrastructure.

  1. Zero Trust Applications:

Due to supply chain attack trends like Solarwinds, A large number of interactions between cloud applications going forward are expected to be happening in a zero trust environment ie., applications not trusting the interactions from other applications or zero trust between applications.. Post solarwinds, most applications will operate on Verify then trust model of exchanging information with the other applications. One area of defence is to ensure the entities are scanned in the boundary between the applications. However, such applications may not have their own database of security information to decide whether to trust the interaction with the third party or not.

Hence there is a need for reliable third party Security scanning API/Kit that helps them make such decisions with ease.

Usage workflow

Secplugs Entity Security Information Kit is a collection of language based libraries and tools that can be used by a multitude of developers to integrate from within their applications.

  1. Integrate the Secplugs Kit into the application

Secplugs Kit can be integrated with an application. Secplugs Kits are available in various programming languages such as Python, JavaScript and in REST API format.

These Kit function calls are made as a subsequent step as and when an “entity of interest” is being processed, Some of the examples could be

  1. Upload/Download of certain types of files
  2. Submission of URLs that are displayed publicly or processed for certain steps
  3. Email attachments (Upload or download)

Secplugs documentation provides for multiple types of integration that might be available for these integrations to happen.

  1. Configure the service parameters of Secplugs Kit

For privacy and security, developers can register in Secplugs.com, login with registered username to create an API key to use as a service parameter with your integration code. This will create a new instance of the scan client with your private API key specific to the application.

  1. Call/Response

As the application containing the Secplugs Kit makes a call through the Secplugs API, inside an expected SLA, the SDK will try to provide a response to the required information about this entity. This information can be used to make the determination for the appropriate course of action by the application

Numerous Call/Response examples are provided along with the Secplugs Kit for the ease of integration and usage

  1. Application processing of response

Once the security information is received about an entity by the application, the application will take a decision on the flow to choose. It may choose to go forward on the normal course despite the adverse security information, as it may deem it to be not enough.  Secplugs Kit will provide such guidance for usage.

  1. Managing and Monitoring plugin Integration

Secplugs believes in vendor neutrality and provides an option to choose from several mainstream security SAAS providers(For ex: Crowdstrike, urlscan.io, cloudmervice. etc.,) from Secplugs Console - The integrations/plugins are managed via a central console with an option to switch to different security SAAS providers, monitor activity, generate reports and do retrospective threat analysis.