Threat hunting in the cloud
2019-05-16, 16:45–17:45, Conf 2

There are limited built-in capabilities for detecting attacks and post-exploitation of cloud services. This talk will cover methods of identifying threat actors via cloud and endpoint signals.

An endpoint security strategy can incorporate many layers of technology and security controls. Solution components such as Endpoint protection platform (EPP), Endpoint detection and response (EDR), Application whitelisting and more are utilized to provide protection and response to specific threats that affect endpoints. When dealing with endpoints that reside in cloud infrastructure new risks are introduced that cannot be adequately monitored with traditional endpoint solutions alone.

This presentation will go over general best practices for securing a cloud environment (AWS/Azure) including the use of EDR on instances as well as methods that can be employed to conduct threat hunting exercises against collected data. We will also discuss what additional investigative details and context can be gained through correlation of endpoint and cloud events.

Jacob is a Security Strategist at eSentire, a Cambridge, Ontario based Managed Detection and Response services company.

Jacob has worked within the MDR space for over 8 years in various roles from SOC Analyst, Operations, and Professional Services. Mainly focused on security as it relates to networking, cloud services, and automation.

We help architect and deploy solutions to prevent, detect and respond to security incidents. I work on the Field CTO Team at eSentire Inc.