AWS re:Inforce 2024
Securing Cloud Innovation Lessons Learned Aps223 S

Title: AWS re:Inforce 2024 - Securing cloud innovation: Lessons learned (APS223-S)

Insights:

  • Cloud Security Importance: Organizations are increasingly moving to the cloud for digital modernization or due to board mandates, necessitating a balance between innovation and security.
  • Cloud Threat Landscape: The shift to cloud storage and services has made cloud environments a growing target for threat actors, with incidents and breaches on the rise.
  • Sophistication of Attacks: The complexity and sophistication of cloud attacks are increasing, with new tactics and techniques being observed in the wild.
  • Automation and Open Source Tools: The availability of open-source tools and automated attack methods has lowered the barrier to entry for threat actors.
  • Specific Attack Examples: Examples like the Lemonduck botnet and the Roasted Octopus group illustrate the diverse and automated nature of modern cloud attacks.
  • Targeting Developers: Threat actors are increasingly targeting developers through social engineering tactics, such as fake job interviews, to gain access to sensitive environments.
  • Cloud Misconfigurations: Misconfigurations in cloud environments remain a significant risk, with threat actors modifying and disabling cloud services to exploit vulnerabilities.
  • Complex Attack Campaigns: Modern cloud attacks often mix and match various tactics and techniques, making them more challenging to defend against.
  • Operational Challenges: There is often a misalignment in security tooling and processes, leading to inefficiencies and friction between different teams within organizations.
  • SentinelOne's Approach: SentinelOne emphasizes the need for AI-powered, machine-speed protection and offers both agent-based and agentless security solutions to address cloud security challenges.

Quotes:

  • "Every organization I work with is trying to find a balance internally of how are they going to pivot to the cloud."
  • "The nature of the sophistication in these attacks is also going up, which is something I find super interesting."
  • "There's an expansion of tradecraft, quite literally, as well as there's a lowered barrier to entry."
  • "Now people are specifically targeting these environments."
  • "We're seeing a larger focus on Linux ransomware."
  • "I think we'll see more of is AI, gen AI driven malware polymorphism."
  • "Cloud security is still a challenge for a lot of organizations, and threat actors know that they can get away with successful campaigns in this environment."
  • "I don't think the problem is too many screens because people can live with too many screens. It's how do I correlate and have all this contextualized."
  • "Security teams are sending DevOps 10 pages of CVEs, they say I don't know what package, what layer, what's public, is it exploitable, and they're not talking to each other."
  • "Agent-based security that's going to take action as you need it to at machine speed if the threat landscapes machine speed protection needs to be at machine speed."
  • "We call it verified exploit paths because we're going above an attack path and we're verifying it, we're validating it."
Securing Amazon Q Business Custom Apps with Aws Iam Identity Center Iam324Securing Generative Ai Privacy and Compliance Considerations Gai222