Looker

L
Written By Threat NG Staff

Looker is a business intelligence (BI) and data analytics platform from Google Cloud. It allows organizations to explore, visualize, and analyze data from various sources to gain insights and inform business decisions. Looker offers features like:

  • Data visualization: Creating dashboards and reports to present data in an easy-to-understand format.

  • Data exploration: Drilling down into data to identify trends and patterns.

  • Customizable dashboards: Creating dashboards tailored to specific user needs and roles.

  • Data integration: Connecting to various data sources, including databases, cloud applications, and data warehouses.

Many organizations use Looker internally to analyze their data. However, cybersecurity must know all externally identifiable Looker implementations connected to your operations. This includes:

  • Public Looker Instances: Some organizations might have Looker instances accessible through the public internet for specific use cases, potentially exposing sensitive data.

  • Subsidiaries and Affiliates: Separate Looker instances could be created for different branches or connected companies, making data sharing points.

  • Third-Party Vendors and Suppliers: Many vendors might use Looker to analyze their data, potentially containing information relevant to your collaboration or transactions.

  • Shadow IT: Employees might use unauthorized personal Looker instances to analyze work-related data, introducing security risks.

Understanding the entire Looker ecosystem is critical for cybersecurity reasons:

  • Attack Surface Expansion: Every connected Looker instance represents a potential entry point for attackers. Vulnerabilities in a third-party's Looker setup could be exploited to gain access to your organization's data within Looker, potentially exposing sensitive financial information, customer data, or internal metrics.

  • Data Breaches: Looker instances often store sensitive business data. A compromised instance can lead to data breaches and unauthorized access to this critical information.

  • Misconfigured Access Controls: Improper access controls within Looker can grant unauthorized users access to sensitive data or the ability to manipulate dashboards with misleading information.

  • Compliance Issues: Regulations like GDPR and HIPAA have strict data security requirements. Organizations must know where their data resides and how it flows through connected Looker instances to ensure compliance.

By comprehensively mapping their Looker ecosystem, organizations can proactively manage security risks and protect their data from unauthorized access within their network and their partners.

ThreatNG fortifying your Looker Ecosystem

ThreatNG, with its combined EASM, DRP, and security ratings capabilities, can be valuable in securing your organization's third-party and supply chain ecosystem, particularly concerning Looker implementations. Here's how:

1. External Looker Identification:

  • ThreatNG can scan the public internet to identify all externally facing Looker instances connected to the organization, its subsidiaries, and its known vendors (third-party connections).

  • This includes uncovering shadow IT situations where suppliers or employees might use unauthorized personal Looker instances.

2. Risk Assessment of Looker Instances:

  • ThreatNG can analyze the security posture of identified Looker instances. It includes looking for:

    • Publicly Accessible Instances: Instances accessible through the Internet pose a significant security risk.

    • Misconfigured Access Controls: Improper access controls granting unauthorized users access to sensitive data or the ability to manipulate dashboards.

    • Outdated Software: Outdated versions of Looker may contain known vulnerabilities.

3. Continuous Monitoring:

  • ThreatNG can continuously monitor the external attack surface for changes, including new Looker instances or newly discovered vulnerabilities in existing ones.

4. Integration with Security solutions:

  • ThreatNG integrates with various security solutions to create a holistic security posture:

    • GRC (Governance, Risk, and Compliance): Identified risks are fed into the GRC platform, triggering pre-defined workflows for third-party risk management.

    • Risk Management Platforms: ThreatNG shares risk data to help prioritize remediation efforts based on the criticality of the data stored and potential impact.

    • SaaS Security Posture Management (SSPM) solutions: ThreatNG can share details about the Looker instance with the SSPM solution, assessing the supplier's overall security posture.

Workflow Example:

  1. ThreatNG identifies a public Looker instance: The organization receives an alert from ThreatNG about a publicly accessible Looker instance used by a marketing agency that contains dashboards with sales figures and customer data.

  2. Risk Management & GRC Integration: The risk is fed into the risk management platform and triggers a high-priority workflow in the GRC system for third-party risk management.

  3. Communication and Remediation: The organization's security team immediately contacts the marketing agency, notifying them of the critical security risk and requesting immediate action to secure the instance.

  4. SSPM Integration: ThreatNG can share details about the instance with the SSPM solution. The security team can then use the SSPM solution to assess the agency's overall security posture and identify any other potential vulnerabilities in their SaaS applications.

Desired Business Outcomes:

  • Reduced Third-Party Risk: Organizations can hold suppliers accountable for maintaining secure data analysis practices by proactively identifying and assessing external Looker instances.

  • Improved Security Posture: Continuous monitoring aids in detecting and remedying vulnerabilities before their exploitation, averting data breaches and unauthorized access to private data.

  • Streamlined Workflow: Integration with existing security solutions allows for a centralized view of security risks, facilitates a more efficient response process, and avoids siloed information.

  • Enhanced Compliance: Improved visibility into third-party security posture helps organizations meet compliance requirements related to data protection and secure data analysis practices.

ThreatNG is the initial line of defense, uncovering external Looker instances and potential security risks. It then integrates with existing security solutions to streamline the risk management process and achieve a more secure third-party and supply chain ecosystem, specifically with Looker business intelligence implementations.

Threat NG Staff
Previous

Local File Inclusion
Next

Machine Identity