AWS re:Invent 2023
Speed Scale Stealth Securing against Ato Events Sec233

Title

AWS re:Invent 2023 - Speed, scale & stealth: Securing against ATO events (SEC233)

Summary

  • Frank Walsh, field CTO for Human, discusses the importance of securing applications against Account Takeover (ATO) events.
  • Attackers are increasingly targeting applications for financial gain, using sophisticated methods to monetize different stages of the attack lifecycle.
  • Common attack vectors include credential stuffing, exploiting password reset interfaces, and leveraging stolen credentials.
  • The underground marketplace for cybercrime is highly sophisticated, with attackers supporting each other's efforts.
  • Security events are increasing in speed and scale, leading to alert fatigue and ineffective "whack-a-mole" strategies.
  • Attackers use automation and distribute their activities across numerous IPs and accounts to evade detection.
  • The key to defeating attackers is to increase the speed and scale of responses, using automation to counteract their tactics.
  • Attackers utilize legitimate tools like Selenium or PhantomJS for malicious purposes, and even monetize attack toolkits.
  • Human's defense platform aims to activate defenses that operate continuously, self-improve, and confirm the human identity and intent behind interactions.
  • Human offers integration with AWS services like CloudFront and Lambda to help customers prevent ATO and reduce the time spent on managing security events.
  • The company was founded by individuals with deep roots in the cybersecurity community and is present at AWS re:Invent to assist with application defense strategies.

Insights

  • The presentation emphasizes the evolving nature of cyber threats, particularly the sophistication and organization of attackers who operate like businesses.
  • The underground economy of cybercrime is a significant driver of ATO events, with attackers finding new ways to profit from every stage of an attack.
  • The traditional reactive security measures are no longer sufficient; proactive and automated defenses are necessary to keep up with the speed and stealth of modern cyber attacks.
  • The use of legitimate development and testing tools by attackers highlights the dual-use nature of technology and the need for robust security measures that go beyond simple pattern recognition.
  • The integration of security solutions with cloud services like AWS is crucial for a seamless defense strategy that does not impede the core functionality and user experience of applications.
  • Human's approach to security focuses on verifying the humanity and intent of users, suggesting a shift towards behavioral analysis and continuous authentication to distinguish between legitimate users and attackers.
  • The mention of Human's roots in the cybersecurity community and DEF CON underscores the importance of expertise and a deep understanding of both defensive and offensive tactics in developing effective security solutions.
Sp Globals Enterprise Network Exchange Powered by Alkiras Naas Net103Splunk Edge Hub for Otiiot Data Collection and Edge Computing Aim230