IAM Confused: Analyzing 8 Identity Breach Incidents - Maya Levine, Sysdig скачать в хорошем качестве

IAM Confused: Analyzing 8 Identity Breach Incidents - Maya Levine, Sysdig

Don't miss out! Join us at our next Flagship Conference: KubeCon + CloudNativeCon North America in Salt Lake City from November 12 - 15, 2024. Connect with our current graduated, incubating, and sandbox projects as the community gathers to further the education and advancement of cloud native computing. Learn more at https://kubecon.io IAM Confused: Analyzing 8 Identity Breach Incidents - Maya Levine, Sysdig Almost every cloud breach in recent years has taken advantage of mismanaged permissions, secrets, and identities. This session will dissect 8 real cloud breaches where attackers exploited insecure identities, each scenario unveiling unique insights, intriguing facets, and advice to mitigate similar risks. Themes include: Ownership of identity posture b/w Dev, Ops, & Sec is often unclear, leading to mistakes that stem from going fast Automation tech, serverless functions, & cloud-native activities require authentication. Often this is poorly managed, e.g. leaving secrets/credentials exposed in S3 state files (Human/machine identity management) MFA abuse through social engineering still works well SaaS apps are huge attack surface, with credentials being left everywhere: repos, Github, AD, Slack We will specifically highlight something interesting in each scenario and provide a key takeaway that is more useful than “lock your stuff down.”