Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Enhancing Cloud Detection & Response with Secur...

Kennedy Torkura
June 29, 2023
Technology
0
49

Enhancing Cloud Detection & Response with Security Chaos Engineering

💥 Your Cloud Detection & Response might be misleading you 💥

Effective Cloud Detection & Response (CDR) capabilities are vital in promptly identifying and responding to security incidents. The absence of alerts does not imply all is well, and neither does the abundance of alerts imply effectiveness (alert fatigue is REAL).

The elephant in the room -> How do you strike a balance and avoid a false sense of security? You VERIFY CDR effectiveness using empirical methods that present hard, undeniable, reliable evidence.

That is what security chaos engineering does for you. CDR approaches struggle to distinguish signal from noise; the cloud attack surface is large. Smart approaches are imperative to overcome this challenge.

• Defend from inside out & assume breach !
• Identity your high-value targets (HVT)
• Enhance CDR specifically for your HVT using SCE
• Move backwards, apply the same to non-HVTs
• Rinse & Repeat
• Become cyber-resilient

Some example SCE experiments are presented in the shared document, e.g., abusing the AWS S3 replication service. How to intelligently detect such malicious events and enhance incident response.

Check out Mitigant Cloud Immunity product. It offers seamless SCE experiments that automatically roll back your environment post-experiment and provide contextual recommendations and detailed cyber-resilience reporting.

Kennedy Torkura

June 29, 2023
Tweet

More Decks by Kennedy Torkura

See All by Kennedy Torkura
The Cyber Resilience Chasm
ktorkura
0
25
Outcome vs Output Security Approaches
ktorkura
0
190
Cloud Attack Emulation for Mere Mortals
ktorkura
0
90
Fast-tracking DevSecOps Maturity With Security Chaos Engineering
ktorkura
0
300
CERT Resilience Management Model
ktorkura
0
80
Security Experimentation Builds Resilience
ktorkura
0
27
Security Chaos Engineering for Fun & Profit
ktorkura
0
43
Risk Driven Fault Injection
ktorkura
0
87
Chaos_Engineering_for_Cloud_Native_Security.pdf
ktorkura
0
92

Other Decks in Technology

See All in Technology
スプリントゴールにチームの状態も設定する背景とその効果 / Team state in sprint goals why and impact
kakehashi
2
100
新R25、乃木坂46 Mobileなどのファンビジネスを支えるマルチテナンシーなプラットフォームの全体像 / cam-multi-cloud
cyberagentdevelopers
PRO
1
130
Amazon_CloudWatch_ログ異常検出_導入ガイド
tsujiba
4
1.6k
20241031_AWS_生成AIハッカソン_GenMuck
tsumita
0
110
プロダクトチームへのSystem Risk Records導入・運用事例の紹介/Introduction and Case Studies on Implementing and Operating System Risk Records for Product Teams
taddy_919
1
170
AWS CDKでデータリストアの運用、どのように設計する?~Aurora・EFSの実践事例を紹介~/aws-cdk-data-restore-aurora-efs
mhrtech
4
650
とあるユーザー企業におけるリスクベースで考えるセキュリティ業務のお話し
4su_para
3
320
Aurora_BlueGreenDeploymentsやってみた
tsukasa_ishimaru
1
120
大規模データ基盤チームのオンプレTiDB運用への挑戦 / dpu-tidb
cyberagentdevelopers
PRO
1
110
フルカイテン株式会社 採用資料
fullkaiten
0
36k
グローバル展開を見据えたサービスにおける機械翻訳プラクティス / dp-ai-translating
cyberagentdevelopers
PRO
1
150
顧客が本当に必要だったもの - パフォーマンス改善編 / Make what is needed
soudai
24
6.8k

Featured

See All Featured
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
42
9.2k
Fashionably flexible responsive web design (full day workshop)
malarkey
404
65k
The Straight Up "How To Draw Better" Workshop
denniskardys
232
140k
Bash Introduction
62gerente
608
210k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
92
16k
Code Reviewing Like a Champion
maltzj
519
39k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
167
49k
Designing for humans not robots
tammielis
249
25k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
246
1.3M
Building Your Own Lightsaber
phodgson
102
6k
Teambox: Starting and Learning
jrom
132
8.7k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
107
49k

Transcript

  1. How Hopeful Effective Is Your Cloud Detection & Response Capability

    ? Hope is NOT a strategy ! @run2obtain

  2. Effective Cloud Detection & Response (CDR) capabilities play a vital

    role in promptly identifying and responding to security incidents. @run2obtain

  3. • Cost savings – post breach investigations, fines from regulatory

    institutions .. • Quick & reliable incident response • Safeguard enterprise reputation • Confidence in your capabilities • Happy customers • ….. The ROI of early attack detection & swift response is HUGE ! @run2obtain

  4. CDR mechanisms are challenged by the rapid evolution of cloud

    infrastructure and fast- paced threat landscape. @run2obtain The absence of alerts does not imply all is well ... neither does the abundance of alerts imply effectiveness (alert fatigue is REAL).

  5. Since HOPE is NOT a strategy, assumptions about CDR effectiveness

    should be practically and continuously evaluated. Security chaos engineering enables continuous verification of CDR ! @run2obtain Security Chaos Engineering 101: The Mind Map & Feedback Loop (mitigant.io)

  6. How does Security Chaos Engineering enhance CDR effectiveness? Quick, simple

    example. How do you know if AWS Cloudtrail is disabled by a malicious attacker ? We run this basic example in the Mitigant Security Chaos Engineering platform. @run2obtain

  7. Luckily, we have our CDR set up quite well. (DataDog

    Cloud SIEM) We can see the Cloudtrail stopped event. This is a trigger for an appropriate response. One lesson though ! The MTTD was roughly 6 minutes … can be improved ! What if the CDR set up was broken ? How do you know ? Happens all the time -> misconfigured S3 bucket, broken lambda forwarder … @run2obtain

  8. We run a couple more SCE experiments. This time the

    dreaded bucket replication attack which abuses the S3 replication service. Our CDR captures some interesting events. Some teams might miss this out, notice the MITRE ATTACK Tactics & Techniques -> exfiltration, persistence and account manipulation. Does it ring a bell ? Crafting a detection rule for these pattern of events would makes sense. @run2obtain Abusing the Replicator: Silently Exfiltrating Data with the AWS S3 Replication Service by Kat Traxler (vectra.ai)

  9. So, verify the effectiveness of your CDR rather than hoping

    for effectiveness ! How do you start ? • Defend from inside out & assume breach ! • Identity your high-value targets (HVT) • Enhance CDR specifically for your HVT using SCE • Move backwards, apply same to non-HVTs • Rinse & Repeat • Become cyber-resilient • ….. @run2obtain Demystifying Security Chaos Engineering - Part II (mitigant.io)

  10. Hope root for the effectiveness of your CDR. Cloud Immunity

    | Mitigant https://mitigant.io Leverage The Mitigant Security Chaos Engineering Platform @run2obtain