Building Effective Attack Detection in the Cloud

Explore cloud-native attack detection strategies in this 30-minute conference talk by Alfie Champion and Nick Jones from F-Security Consulting. Discover how the cloud has transformed the detection landscape, learn about key data sources, and understand how to plan and prioritize cloud detection use cases. Gain insights into validating detection capabilities, including a demonstration of Leonidas, an open-source framework for automated cloud detection validation. Delve into topics such as cloud telemetry, threat modeling, detection as code, and creating a single source of truth for detection cases. Understand the challenges of separating malicious activities from benign ones in cloud-native environments and learn how to leverage first-hand experience in attacking and defending large enterprises to improve your cloud security posture.

Intro
Similarities
Telemetry
Cloud telemetry
Context
Interconnectivity
Data Sources
What is an attacker likely to do well
Source code management continuous delivery
Threat model
Detection as code
Leonidas
Working with definitions
Detection cases
Creating a single source of truth
Demo
Conclusions