The ability to model our cloud, identity, and vulnerability resource metadata using graph database technologies can be a security team superpower for identifying actual risks via attack paths in our running environments. But why are we only able to realize this value after they are deployed? What fundamental assumptions and limitations are holding us back from being able to address truly risky infrastructure changes before they are applied?

Let’s have fun together rethinking some of those limitations and exploring the possibilities where they no longer exist. We'll leverage Caizen, a new open source project that models a real GCP environment in a graph database in near-time with automatically calculated attack paths. We’ll then demo its companion tool in a CI pipeline, Psychiac, that can cleverly capture proposed infrastructure changes and analyze them using Caizen’s graph to understand which attack paths were introduced and address them–all before we apply. Finally, we’ll discuss the benefits of a future state of cloud security with precognition and what’s left to make it a true reality.