DESCRIPTION

With the surge in adoption of cloud by businesses globally, adversaries are increasingly targeting public cloud environments. And since public cloud is essentially someone else’s software, as customers we have significantly less control when it comes to logging coverage and verbosity as compared to on-prem solutions.

Without proper log collection and alerting, it becomes easy for an attacker to get a foothold in cloud environments. Where traditional defenses like SOC suffer with high false positive rate and increased operational costs, cyber deception is much cheaper and yet highly effective since it results in high fidelity detections with minimal logging requirements.

In this talk, we will focus on how organizations can build in-house deception programs from scratch by utilizing different types of deception and decoy cloud lures - users, roles, credentials, virtual machines etc on public cloud environments. We will demonstrate how easy it is to quickly spin up decoy resources on cloud environments and configure proper detection and alerting on the same. We will deep dive into comprehensive case studies examining multiple attack paths on cloud and strategically identifying opportunities to integrate deception.

WHY THE COMMITTEE CHOSE THIS TALK

With all those mighty cloud configuration settings in an ever changing setup you may well miss the signs of an attack. Putting some decoys in place may help.

SPEAKER

Soumyadeep Basu