Sandia National Laboratories Expert Explains Toolset to Detect Cloud Breaches

Wellington Lee, a cybersecurity expert at Sandia National Laboratories, said the Untitled Goose Tool was developed to gather and analyze cyber intrusion data independently of a cloud environment’s capabilities.

Untitled Goose Tool is a free suite of programs built to spot malicious activity on Microsoft Azure environments for organizations, ranging from small businesses to large government agencies. The Cybersecurity and Infrastructure Security Agency debuted the product in March and maintains it on GitHub.

Recently, CISA listed it as one of five tools businesses can use to support security efforts while transitioning to the cloud.

Lee, a contributor to Untitled Goose Tool’s development, noted that the toolset is designed to function regardless of an organization’s cloud subscription tier. He explained that an agnostic approach would help efforts to collect breach data from environments with large numbers of users.

According to Lee, one use for the toolset is flagging impersonation attempts by identifying suspicious uses of authentication tokens, SNL said Friday.