back to agenda

on this page

Cloud Adversarial Tactics and How to Find Them

  • 15:10
  • Wed
  • 16 Nov
Track:
Technical Focus
Topic:
Stage:
Briefing Stage 1
Format:
Session

Presenter:

Cloud adoption has been one of the most significant IT transformations in recent years. It has brought additional challenges to the security landscape in terms of visibility, monitoring and response. This talk focuses on the lifecycle of adversarial tactics in the cloud, which involves chaining multiple gaps, building privilege maps, and even leveraging the innocent-looking default configurations in any cloud environment. 

This talk contains lessons learned from responding to real-time cloud attacks leading to complete account takeover as well as production service disruption. It will cover actual incident response scenarios involving Abuse of cloud-based API service, insider threat, datastore hostage(ransom), and identity-based privilege escalation.
These examples will demonstrate the blurred thin line between misconfigurations and the shared responsibility model. Furthermore, the examples will demonstrate that despite organizations following the security guidelines and best practices, cybercriminals can still find ways to attack cloud-hosted IT infrastructures. 

The talk will conclude by discussing a data, identity, vulnerability, and misconfiguration-based incident detection and response approach that can be built on top of the existing threat detection tools and technologies to improve the cloud security posture. This talk aims to show how cloud threats are evolving and the traditional defense methodology defined through best practices and shared-responsibility models is simply not enough.

Presenter: