Threat Hunting Season is here - CSA Colorado March 2023 Meeting

Threat Hunting Season has started --> Join the Cloud Security Alliance - Colorado Chapter on 3/21 at 6 pm. We will be at SecureSet in downtown Denver and then going next door for happy hour after at the Cherry Cricket Ballpark.

Speaker:
Mike Lopez - Cloud Security Architect

Title: “New Threats means New Tools, this isn’t your Dad's cloud anymore?"

As companies move into the cloud and adopt 2020’s tech, threat actors are way ahead of the curve. As we all know, cloud has changed business practices, pushing more rapid deployments, automating tasks, and each part of IT is now heavily invested in cloud technologies and we are seeing the traditional silos begin to disappear. As organizations embrace DevOps and DevSecOPs, we see microservices rapidly advancing shifting away from the old compute model. Cost and time to market have been reduced, as agile methodologies rule our world now. Threats evolved faster, bad actors saw the cloud as a goldmine for well, literally mining. Crypto mining was a common use case for bad actors, as most organizations failed to know how to monitor their environments in a fashion that allowed rapid response time, much less cost factor.

Today’s bad actors know how to evade the modified tools previously used on-prem and shifted to the cloud. Traditional tools have been modified to secure IAAS, but today we see the adoption of K8, Serverless, and just about everything is now “X as a service”. What about your tools? How can you secure your microservices environment and PAAS with traditional tools? You can’t, at least not well enough to stay ahead of the bad actors. New tools exist and new methodologies are here to stay.

Threat hunting in the cloud is not the same, building a compute instance that spins up and destroys itself when the function ends, you could have an agent-based solution, but what happens when each of these side loads and temporary workloads join the monitoring or security tool? Who notices the up and down of each? Ephemeral instances are common, is that actionable intelligence? I don’t think so. So let’s look at the new functions, tools, and ways to secure the cloud.