A Tacky Graph and Listless Defenders: Looking Beneath the Attack Surface

Presented by

Jasmine Henry, Field Security Director, JupiterOne and George Tang, Principal Solutions Architect, JupiterOne

About this talk

John Lambert is well known for his quote, "Defenders think in lists. Attackers think in graphs. As long as this is true, attackers win." But is this always true? Based on new research leveraging data across 1,300 organizations, we discovered areas where it is appropriate to continue using lists and other areas where graphs are more helpful to defenders. This presentation will examine various types of attack surfaces and attack paths to determine the type of techniques (e.g., lists vs graphs) and controls (e.g., bounded vs unbounded) that are potentially most useful for defenders. We will also examine how different architectural designs might affect these attack surfaces and paths and how the principles of the D.I.E. Triad (distributed, immutable, ephemeral) influence the size of the attack surfaces and the depths of the paths that are underneath that surface.
Related topics:

More from this channel

Upcoming talks (7)
On-demand talks (902)
Subscribers (66179)
CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. Learn more at cloudsecurityalliance.org. Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa