Title: AWS re:Inforce 2024 - Evolving from patch management to risk mitigation (TDR229-S)

Insights:

• Speaker Background: The speaker, Sanaz, CEO of Zafran, has extensive experience in cybersecurity, having worked on both offensive and defensive sides, including roles at Mandiant and the Israeli NSA.
• Tectonic Changes in Cybersecurity: Over the past two years, there have been significant shifts in the cybersecurity landscape:
  • Cloud Intrusion Attempts: These have tripled since 2021, involving not just advanced persistent threats (APTs) but also cybercrime groups exploiting cloud vulnerabilities.
  • AI-Based Attacks: AI is being used to enhance phishing, create fake sites, and develop exploit kits, with a notable success rate of 53% for zero-day exploits.
  • Vulnerability Exploitation: The speed and volume of vulnerability exploitation have increased dramatically, with some vulnerabilities being exploited within hours.
• Ransomware Costs: The cost of ransomware attacks reached a record $1.1 billion last year, primarily due to the exploitation of known vulnerabilities that were not patched in time.
• Human Factor in Attacks: A recent attack on Microsoft highlighted the risks associated with test environments lacking proper security controls, leading to significant breaches.
• Attackers' Strategy: Attackers often target less monitored areas of an organization, avoiding environments with comprehensive security measures.
• Zafran's Approach: Zafran focuses on identifying and mitigating control gaps by integrating with existing security tools and automating configurations to enhance security posture.
• Mitigation Over Patching: Emphasizing the importance of using existing security controls to mitigate risks rather than relying solely on patching vulnerabilities.
• Exploitation Window: The average time from vulnerability detection to remediation is 67 days, while attackers can exploit vulnerabilities within days.
• Network Device Mitigations: Network devices can be used to block vulnerabilities across multiple assets, providing a quick and effective mitigation strategy.
• Comprehensive Risk Assessment: Zafran uses a detailed process to assess and prioritize risks, considering factors like asset exposure, threat intelligence, and control effectiveness.

Quotes:

• "The landscape for cloud and non-cloud as well so fortunately or unfortunately I had the chance to be in both sides as an attacker and architect of hacking but also as an incident sponsor and threat intel person."
• "The first is the cloud intrusion attempts. I remember 2021, I was in Mandiant, I was trying to find some ways that the hackers getting in the cloud and there was not that much. They tripled themselves from 2021 to now."
• "Today, we are witnessing simple attacks, but more efficient ones. The ones that AI is used by doing better phishings and better fake sites and advanced operations."
• "Congratulations to all of us. We broke a record last year. $1.1 billion cost of ransomware."
• "The biggest weakness here, what is it? It's a test environment, right? It's a test environment, and I see that a lot more in attack scenarios, that the test environment doesn't have the right compensative controls that the other environment has."
• "Attackers are looking for easy hacks. That means they are not going to attack when all the light on them."
• "67 days, this is the average time of exploitation window. From the time a vulnerability detected until it's exploited, until it's remediated, it's getting more than two months."
• "One change in the network device can mitigate that block the vulnerabilities for thousands of assets."
• "We start with threat prioritization. We check an asset with the vulnerability and what is the CVSS of the vulnerability."
• "I'm sick of seeing CISOs getting victimized by these threat actors when they knew there is a zero day and they knew the threat Intel and it was not there at the same time."