Use Cases
Kindo is an enterprise platform that professionals in DevOps, SecOps, and ITOps use to create autonomous infrastructure: infrastructure that helps to manage and secure itself per instructions given to it in natural language. Kindo’s agents are typically deployed to solve challenges in three sets of use cases:
Incident Response
Incident Response refers to use cases where Kindo’s agents are serving as first responders to a change in the security, reliability, or uptime of infrastructure.
Security Incident Response
For Enterprise Security teams, Security Incident Response use cases typically fall under the auspices of Managed Incident Response (MDR) or Incident Detection and Response (IDR). Often encoded in runbooks or playbooks these procedures involve qualifying whether a pattern of access was evidence of malicious activity, whether a breach had occurred within a certain period of time, or if a known cyberattack or breach is known to occur understanding more about the adversary and the exposure to the defender’s data or infrastructure.
Examples of Kindo agents performing Security Incident Response use cases include:
Given an alert for a number of failed login attempt in a SIEM, analyzing threat intelligence feeds to see if data about the accessor has been reported as part of attacker C2 infrastructure.
For a given breach, querying through logging infrastructure to see how credentials known to have been used by an adversary have created exposure for users and secrets across databases and secrets management infrastructure.
For a service outage, reviewing of potential Indicators of Compromise from the outage with threat intelligence and cross-referencing that review with root cause analysis of the event from pertinent logs to determine if there’s evidence of malicious activity.
DevOps/Platform Engineering Incident Response
For DevOps and Platform Engineering teams, Incident Response typically takes the form of performing Root Cause Analysis (or RCA) of outages, service interruptions, or changes in Quality of Service (QoS). These procedures are typically encoded for humans in devops and platform engineering playbooks.
Examples of Kindo agents performing DevOps/Platform Engineering Incident Response use cases include:
For a given outage, analyze all pertinent logging infrastructure and observability suites for activity within a certain interval of time prior to the event. Using this data and RAG of context from system configs, perform Root Cause Analysis.
For a change in network performance/network QoS, analyze config data for firewalls, load balancers, and routing logs to perform Root Cause Analysis.
Couple with the previous two additional calls to outage maps for TelCos and cloud providers to determine if there are macro system failures contributing to outages.
Vulnerability and Compliance Enforcement Automation
Kindo’s agents also work to ensure that an enterprise avoids incidents in the first place. Kindo’s agents are often deployed in use cases where their automation works to proactively review systems for faults, vulnerabilities, and review change management practices to confirm that a potential security, reliability, or legal compliance issue does not arise during changes to infrastructure.
Security Vulnerability and Compliance Enforcement Automation
For Enterprise Security teams, Vulnerability and Compliance Enforcement Automation typically involves continually reviewing changes to systems and Identity and Access Management (IAM) infrastructure for vulnerabilities that could be exploited by an adversary. This can also take the form of reviewing changes to IAM infrastructure for potential violations of compliance policies which are delineated in natural language documents linked to an agent.
Examples of Kindo agents performing Vulnerability and Compliance Enforcement Automation use cases include:
Given IAM policies for a specific set of infrastructure as code principles, review and cross-reference with GDPR guidelines to determine if least privilege is being maintained per GRC.
Routinely scan public-facing infrastructure for an organization with a tool like NMAP, then cross reference versions of exposed services and systems with known CVEs. If those CVEs are critical, create a Proof of Concept of a malicious exploitation of one of those services to gain access to that infrastructure (i.e.: execute a Red Team exercise).
DevOps/Platform Engineering Vulnerability and Compliance Enforcement Automation
For DevOps and Platform Engineering teams, Vulnerability and Compliance Enforcement Automation typically involves continually reviewing change management procedures for the potential of accidentally introducing faults that may compromise system reliability, integrity, or performance. Additionally, DevOps and Platform Engineering professionals typically use Kindo to review changes to their infrastructure in the context of natural-language descriptions
Examples of Kindo agents performing DevOps/Platform Engineering Incident Response use cases include:
Given a change to a system or an IAM profile, review and determine if that change may cause system instability or issues. Place the result of this analysis in a response email.
Review an upcoming Infrastructure as Code change and cross-reference with a PCI-DSS security document to confirm that this infrastructure does not violate an enterprise’s compliance with their enclave.
ITOPs Automation
Kindo’s ultimate goal is to support SecOps, DevOps/Platform Enginmeering, and ITOps professionals becoming more strategic in their time and commitments. As such, there are frequently times where these professionals may have to deploy services or host operations for other functional areas from the infrastructure they secure and maintain.
ITOps Automation use cases focus on removing time consuming and/or onerous services offering tasks from ITOps professionals to other groups within their organization. Examples of Kindo agents performing these tasks include the following:
Providing a helpdesk chatbot for answering questions about IT policies and how to file tickets to perform actions.
From the creation of a ticket in a ticketing system calling APIs to provision a development environment for a new user.