Workload Protection Engine

[varunjain99]

Workload Protection Planning

Broad overview of the proposed engine

1. Visibility: Determine running compute and the corresponding volumes to be snapshotted
   1. Much of this is done through cartography?
   2. TODO: Figure out what needs to be snapshotted for container/serverless based compute
2. Snapshot block storage for analysis
   1. Snapshots should be deleted when they are no longer needed
3. Mount snapshots onto an EC2 to do analysis
   1. Different file systems may need to be dealt with differently
   2. Container file systems may need to be reconstructed
   3. TODO: Figure out which filesystems and how you mount different filesystems
   4. TODO: Figure out for container/serverless how you reconstruct their filesystems
4. Workload analysis
   1. Many possible types of analysis
      1. Vulnerability scanning
      2. App configuration analysis
      3. Malware analysis
      4. Secrets / Access key / password analysis
      5. Sensitive data analysis
   2. Probably should do vuln analysis and / or secret analysis first?
   3. TODO: Which open source scanning tools should we use?
   4. TODO: Should we pickup container networking in this step? Or is that separate?
5. Add workload analysis findings to Neo4j db
6. Delete any ec2 / snapshots that were created