Why So Cirrus?
Rick Correa
Sr. SecOps Manager
2
Why so Cirrus?
Mike SconzoRick Correa
Head of Threat Intel
Gives Rick Headaches
PM turned Threat Intel
Sr. SecOps Global Manager
Gets Headaches
Reverse Engineer turned Manager
Slide 1 of 129
Input\content from various folks at Box including Ben Walter, Kyle Bailey, Cameron Hoelscher
3
Why so Cirrus?
IaaS vs. PaaS vs. SaaS – Log all the Things!
We’ll focus on SaaS but happy to talk about other as-a-Services over 🍻….approaches are
similar
Infrastructure
• AWS, Azure
Platform
• Heroku, Google App Engine
SaaS
• Box, Concur, Gmail, Slack, o365
* Image Source: https://www.pexels.com/photo/depth-of-field-photography-of-brown-tree-logs-923167/
5
Why so Cirrus?
Case Study
OAuth 2 Introduction
Industry standard authentication method to authenticate to web
services without having to create an account by brokering access to
existing providers.
It’s also cool that OAuth2 integrations keep your data in less places
(for example Slack\Email can store data as well but you can force
data back to your online file storage solution and just transparently
pass links which make managing a lot easier! – less copies of data –
only references).
Oauth can give shady apps access to your data….