《Securing The Cloud- Taking Back The Attacker's Mindset.pdf》由會員分享,可在線閱讀,更多相關《Securing The Cloud- Taking Back The Attacker's Mindset.pdf(22頁珍藏版)》請在三個皮匠報告上搜索。
1、PRESENTED BYSecuring The Cloud:Taking Back The Attackers MindsetChris HoskingCloud Security Evangelist31234AgendaAI Within the Cloud Security ChallengeCloud Threat LandscapeAI to Secure the CloudTaking Back the Attackers Mindset4Antoine de Saint Exupry“The machine does not isolate man from the great
2、 problems of nature but plunges him more deeply into them.”5AI within the Cloud Security challengeInternal AI opportunities:People,Processes&TechnologyAI-fueled External Challenges:Evolving Cloud Threat Landscape&Motivated Threat Actors(APTs)6Cloud Threats On The RiseIncrease in#of cloud breaches:Ta
3、rgeting business critical applications in cloud&the increasing amount of data stored in public cloudIncrease in cloud attack sophistication:Novel techniques continue to be seen,across more threat actors,and in new combinations Increase in AI&automation in cloud attacks:Chat&WormGPT,&bots including c
4、rypto-miners,scrapers,phishing,credential harvesting&stuffing7PassGan&PCFG CrackersAI&ML powered password crackersMalGanFeed-forward neural networks designed to evade ML detection enginesDeepLockerIBM POC with deep neural network capabilities&stays hidden until hitting pre-defined contextPrevious Ex
5、amples of AI-Powered Attacks8Cloud Attacks:The Knock On The DoorFileless attacks running in memory steadily risingWipers&Ransomware now have Linux variantsContainer specific attacks(container escape,mounting filesystems)CryptojackingOS&App level vulnerabilities found via automated tooling&exploited
6、via automated toolingAI-Malware polymorphism Black Mamba recent example9Cloud Attacks:DevOps Pipeline ThreatsTargeted Supply Chain campaigns are being observed for the first timeUse of non-standard languages for threat actors to hide in open-source packagesCode Repositories are being targeted for cr
7、edential harvesting and supply-chain threat opportunitiesCI/CD Pipelines Abuse to deploy malware,exfiltrate data,and/or execute unauthorized commands within DevOps workflowsAccount Take Over enables popular libraries to be poisonedCertain Threat Actors are targeting developers to understand business
8、 logic and weaknesses of web apps10Cloud Attacks:Cloud MisconfigurationsThreat actors often combine misconfigurations into a more complex attack chainOften targeting and involving Cloud Identity(AWS IAM&Azure AD)Additionally,threat actors are now being seen causing Cloud MisconfigurationsA new requi
9、rement to differentiate between mess and noise&what misconfigurations are compromise artifactsHow do you hunt for Cloud LoLBins?11Cloud Attacks:Where We Are NowThe Knock On The DoorDevOpsPipeline ThreatsCloudMisconfigurations12Cloud Attacks:Where We Are NowModern Cloud Attacks are combining tactics
10、and techniques across the cloud threat landscape&AI-powered defense is required to face this new reality13DecisionsCognitive WorkloadInteractionsInteractionsA Time&Place for MachinesIntuitionContextEthicsCreativityStrategyADAPTATIONHuman Interface“Real”WorldData Collection&SearchPattern MatchingSumm
11、arizationGeneralizationHypothesis TestingMachineInterfaceLEARNING14AI Engines for Cloud Runtime SecurityPre-ExecutionStatic AI/MLFile inspectionParsing file structuresEntropyOpcode histogramsML algorithms learn good from badUnsupervised doesnt require feature labelingBehavioral AIOS process monitori
12、ngEvent linkingAdds new dimension:TimeExtensive contextAI learns how programs behave(good&bad)AI improves over time(observability)Real-Time15Potential Security Uses of Generative AICreationCreates artefacts of value given a(multimodal)specificationDetection CodeIncident SummariesInteractionSupports
13、fluent,context driven dialogue(with knowledge)Step by Step GuidanceSelf-documenting WorkPredictionOffers a completion,given a sequence and constraints Attacker ActivityRemedial Action16SentinelOnes Purple AIYour AI security analyst to help you detect earlier,respond faster and stay ahead of attacks1
14、7AI&ValidationAs we increase AI-reliance within cloud defense,there will be a growing trend of validation,to ensure time isnt wasted chasing AI hallucination18Attack Paths:The correlation of publicly accessible assets with insecure cloud assets including misconfigurations and vulnerabilitiesTake bac
15、k the Attackers Mindset:Validating Attack Paths19Take back the Attackers Mindset:Offensive Security EngineFocus on what mattersEvidence based prioritization with Verified Exploit PathsOffensive Security Engine safely simulates attacker methods and captures the responseRemoves false positives by anal
16、yzing which theoretical attack paths are actually exploitablePathCloud Native Security20Achieves:What risk is real and requires focus?What would an exploit look like?What is the impact?/give me the So WhatTake back the Attackers Mindset:Verified Exploit PathsCloud Native SecurityPath21Key TakeawaysHumans+AI HolisticImmense Potential for AttackingPotentialEnhancementsSignificantly Enhances CybersecurityContinually Advance Defensive AIDefensiveCollaboration is Vital for EffectivenessCapabilities22Chris Hosking Thank You!Chris.HoskingSentinelO