IAM Confused: Analyzing 8 Identity Breach Incidents

Dive into a comprehensive analysis of eight real-world cloud breaches in this 35-minute conference talk by Maya Levine from Sysdig. Explore how attackers exploited insecure identities and mismanaged permissions in recent years. Gain unique insights into each scenario, uncovering intriguing facets and practical advice for mitigating similar risks. Learn about the challenges of identity posture ownership among Dev, Ops, and Security teams, and the potential pitfalls of rapid development. Discover the authentication risks associated with automation technologies, serverless functions, and cloud-native activities, including the dangers of exposed secrets in S3 state files. Examine the effectiveness of social engineering in bypassing multi-factor authentication and the significant attack surface presented by SaaS applications. Walk away with key takeaways for each scenario, offering more valuable insights than simply "lock your stuff down."