Do you fear your ability to detect and purge attackers from your infrastructure?
Are your Engineers, DevOps, and Incident Response staff burnt out and now you are losing your talent to high turnover?
Do you wonder if the Penetration Test you are spending your limited budget on is actually being performed and is not just a simple network scan made into a pretty Pdf?
Do you always feel like the infosec super villian in meetings because you say "no" so much?
Is your team tired and suffering alert fatigue as they crave actionable high fidelity signals?
Yes? Us too!
We suffered in the same way so we built Kushtaka to solve these problems and more!
Remember the game Minesweeper? Where your goal was to find a hidden flag by clicking on tiles?
What would happen if you went too fast? Correct! You'd likely lose the game by detonating a mine!
Now imagine that your hybrid network, both on premise and in the cloud, was like a game of Minesweeper for cyber attackers. Attackers would probe your infrastructure for vulnerabilities and misconfigurations trying to find the flag.
What if the attackers could click on any tile with no negative consquence?
What would be the result if you placed no mines?
Exactly! The attackers would find the flag and win. There would be nothing to slow them down. No mines to blow them up. No sensors to detect their presence.
So if sensors on your network are similar to mines on a Minesweeper gameboard, helping to slow down and detect attackers, why isn't everyone deploying them?
It is simple! Blame complexity!
If you have been a SysAdmin, DBA, or work in DevOps, you'll understand the pain of being tasked with spinning up and maintaining yet another service.
And this is often the case with sensors.
Where someone inside the organization realizes the value of sensors and how they can shape shift and appear to be legitamate services, with the goal of alerting your team to cyber attacks.
Effort is then expended by the motivated admin to implement a solution. They run pages of commands to install and configure unique sensors. Proxying services and setting static email addresses or variables to detect bad actors. But then the only person who understands how it all works is a singleton. And when that person gets busy or gets a new job leaving the organization, what then?
As we have all seen, a project like that gets left behind as the organzation moves forward.
Kushtaka aims to simplify this process with the goal of sustainable sensor implementations. It does this by using Go's single binary paradigm and baking into the application all that is required to spin up a dashboard that acts as an aggregator and configuration orchestrator. The same executable can then be copied easily (curl, wget, rysnc, scp, sftp, etc) and used as a sensor to start implementing sensors.
The shapshifting sensors can be deployed on Linux and Windows hosts and as of now, simulate services like Telnet, SSH, HTTP, FTP, and a few others.
The goal isn't to create sensors with byte for byte emulation of services. As the reality is that a simple best effort is good enough for most threat models and teams.
And Kushtaka is built around both teams and simplicity with the understanding that people come and go and that single points of failure result in wasted effort and sidelined intitiatives. So Kushtaka does the heavy lifting which allows teams to implement and reap the benefits of sensors while strengthening their organization's long term security position by making the stack maintainable by many.