The Ermetic Research Team has three sessions on the schedule and we'd love for you to join us there!
We're looking forward to attending fwd:cloudsec again this year in Anaheim, CA on June 12 and 13. The Ermetic Research Team has three sessions on the schedule and we'd love for you to join us there.
IMDS: The Gatekeeper to Your Cloud Castles (And How to Keep the Dragons Out)
by Liv Matan and Lior Zatlavi
June 12th at 9:50am
During this talk we’ll take a deep dive into the protections offered by different cloud service providers for the IMDS used by computing instances, and how they have evolved over time. We’ll demonstrate how these mechanisms could mean the difference between a critical and non-critical vulnerability, through the story of a real-life vulnerability we found in a leading cloud provider. We’ll talk about the customer’s part of the shared responsibility model in this context - and how that must evolve as well.
We’ll demonstrate how vulnerable software may be leveraged by an attacker to gain access to credentials and talk about the kind of compensating controls which may be used to mitigate this risk. Read more>>
A Year of NO: Building Organizational IAM Guardrail Policies That Work
by Noam Dahan
June 12th at 1:00pm
Organizational policies are a key part of every organization’s cloud IAM strategy. They supplement least-privilege best practices by establishing guardrails that protect the organization from unknown threats, and limit the extent of damage that can potentially be caused by compromised identities, workloads or credentials. In this talk, we will explore how to build, test, and deploy effective organizational policies. We will do so by being mindful of the real threats and TTPs we’re trying to protect ourselves from, along with the crown jewels we need to protect, the vulnerable points in our environment, and the data perimeter. We will also dive into the implementation of organizational IAM policies in each cloud provider, their different behaviors in edge cases, and how we should adjust our strategy to accommodate these differences. Lastly, we will discuss strategies for building, testing, and deploying organizational policies, and recommend a process for creating and evaluating them (including how to build detection mechanisms in case of violations). Read more>>
Threat Intelligence in the Age of Cloud
by Noam Dahan and Igal Gofman
June 12th at 5:30pm
Threat Intelligence is one of the most important inputs when investigating breaches, and enables faster, better informed security decisions. However, implementing a successful threat intelligence strategy heavily depends on the feed quality and how data is cross-referenced with other intel sources. This talk highlights the challenges of building good threat intel in a cloud-based world and offers a way forward for better threat intel through collaboration. In the discussion we will present a model for evaluating cloud threat intelligence feeds, map the units of threat intelligence that are uniquely relevant to the cloud, discuss channels for sharing intel, and strategize regarding how to encourage transparency from cloud providers. We believe this session can kick off a wider conversation to improve cloud threat intelligence. Read more>>