Top 3 Cloud Data Security Adversarial Tactics and How to Fight Them

Presented by

Abhinav Singh, Lead Security Researcher, Normalyze

About this talk

Through interoperable cloud services, attackers defeat native security tools and move laterally through the cloud infrastructure. In this webinar, Abhinav highlights the real cloud data risk chains that lead to account takeover and exposure of sensitive data and shows what can be done to prevent these attacks. Examples of adversarial tactics include but are not limited to * Abusing the account organization’s setup to onboard an external account and making it a trusted entity to avoid detection and perform data exfiltration. *Attacker abuses the cross-account trust relation to move laterally between different accounts leading to a fan-out effect while remaining completely hidden from defense tools like Guardduty. * An identity-based attack that chains multiple IAM permissions to build an ROP-like privilege escalation scenario and compromise the entire cloud infrastructure.
Related topics:

More from this channel

Upcoming talks (1)
On-demand talks (26)
Subscribers (4629)
We discuss how to understand the full range of risks present against your cloud, on-prem and hybrid data, and eliminate the risks that matter the most. Let's put data security at the center of information security--where it belongs.