Emerging Threats Against Cloud Application Identities and What You Should Do About It

Explore emerging threats against cloud application identities and learn effective defense strategies in this comprehensive conference talk. Discover how to detect, recover from, and protect against attacks on application identities, including compromised administrators, credentials-in-code, and malicious applications masquerading as legitimate ones. Gain insights into the similarities and differences between defending user accounts and application identities. Understand why adversaries are shifting their focus to application identities as user account security improves. Learn about risky behaviors associated with application identities and how to implement robust protection measures. Delve into topics such as the principle of least privilege, service-to-service interactions, nonhuman identities, and recent cyberattacks like Solargate and consent phishing. Explore practical strategies for containment, remediation, and proactive security measures. Conclude with a demonstration on managing permissions effectively to enhance your cloud application security posture.