Overview
Explore a comprehensive conference talk on synergizing threat-informed defense in cloud-native environments. Delve into the challenges of cybersecurity's low signal-to-noise ratio and learn about three key pillars: defensive measures, cyber threat intelligence, and testing & evaluation. Discover the importance of adversary emulation, its workflow, and specific applications in cloud attack scenarios. Gain insights into detection engineering, including the development lifecycle and practical examples of validating detections. Examine real-world cases of emulating cloud attacks, analyzing CloudTrail records, and addressing undetected threats. Benefit from a live demonstration and access valuable resources to enhance your cloud-native security strategies.
Syllabus
intro
preamble
about me
agenda
cybersecurity: low signals to noise ratio
pillar 01: defensive measures
pillar 02: cyber threat intelligence
pillar 03: testing & evaluation
why adversary emulation?
adversary emulation workflow
cloud attack emulation
detection engineering
detection development lifecycle
example - validating detections
emulating the cloud attack
cloudtrail record
undetected threats!
resources
demo
thank you for your attention
Taught by
Conf42