Defending enterprise cloud infrastructure : a hacker's perspective
Workloads on cloud provide equal opportunities for hackers as much as they do for internal teams. Cloud-native companies are open to attacks from both outside forces and from within. While defenders are busy implementing complex security tooling, it's easy to forget that one trivial security lapse can lead to devastating results. The key here is to think like an attacker. In my talk, I will discuss some of the trivial attack vectors on cloud that are often overlooked and left out by enterprises but can lead to disastrous results. I will demonstrate how to defend and implement different prevention and detection mechanisms on scale. I will also cover some of the critical baseline security practices that should be implemented by enterprises to address such attacks.