Rain, Hail, or Insider threat? A Risk-Based Approach to Cloud Threats

According to Verizon's Data Breach Investigations Report, 24% of breaches involve cloud assets. Many of the benefits that cloud services deliver to organizations, such as elastic scalability, and remote accessibility, act as a double-edged sword if abused. Compromised accounts, for example, can be misused, stolen admin credentials or elevated admin privileges can ultimately lead to sabotage, data loss, and exfiltration. A Forrester study shows that 25% of breaches resulted from internal incidents, and almost half of those were categorized as malicious. Insider threats have evolved, and organizations have more to consider than data leaving the organizations and privileged users. Join Oliver Rochford, Senior Director, Cybersecurity Evangelist, and Kayzad Vanskuiwalla, Director of Threat Hunting & Intelligence at Securonix, for this talk on risk-based threat monitoring in cloud environments to learn about: • The need for monitoring threats in the cloud. • How the insider threat is growing as a critical aspect to monitor. • How cloud controls can be abused, using AWS as an example. • Which real-world attacks exploited cloud controls. • How to detect cloud control misuse with UEBA, machine learning, and threat hunting. • What a cloud threat model could look like. Kayzad partners with our engineering, data science teams, and Fortune 500 customers to continuously assess and evolve our threat-detection, orchestration, and response capabilities. He brings in-depth practical experience researching cloud attack patterns and exploits to build playbooks and automate threat detection. Oliver has worked in cybersecurity for over twenty years, including as a penetration tester, consultant, researcher, and writer for Securityweek, CSO Online, and Dark Reading. As a Gartner industry analyst, he co-named the SOAR market and worked on the SIEM Magic Quadrant. At Securonix, he works with our users on security operations and threat management topics.