
AT&T Cybersecurity36



















Q5: How do you monitor cloud activity / usage / appropriateness?

Garrett Gross
One way is to look at it form a user level. i.e. "Why is my new helpdesk employee cloning databases and creating new users??"

Javvad Malik v2.0
By checking the monthly usage bills... :)

Javvad Malik v2.0
Although some provides are better at alerting than others.

Javvad Malik v2.0
It's not a consistent experience.

Garrett Gross
@J4vv4D You're right - Usage is actually a great indicator of compromise. Hijacked machines are usually used for high volume/quick return attacks (bitcoin mining, hosting 2nd stage malware, etc)

Martin Hepworth
push it down to the business heads. But then I work for a tech company...also work with finance to monitor the billls

SPCoulson
unusual admin access at unusual times of the day - but its identifying that : "what does unusual look like"

Javvad Malik v2.0
Yep - Rich Mogul wrote a good piece on his experience when he accidentally left AWS access keys on github https://securosis.co...

Javvad Malik v2.0
@maxsec A fortunate position indeed!

Javvad Malik v2.0
@SPCoulson Baselining behvaiour has never been easy. But a good way to find statistical outliers

Garrett Gross
@SPCoulson Which leaves a lot of folks scratching their heads. While they may be security pros, they aren't necessarily cloud experts.

SPCoulson
@garretthgross exactly - masters of none.

Javvad Malik v2.0
@SPCoulson If they have tech, they lack skills or resources... unfortunately.

Garrett Gross
@SPCoulson I think the number is irrelevant. Percentage-wise? Thats the operative figure IMO

Martin Hepworth
tech isn;t the be-all and end-all, Just a tool that helps

Javvad Malik v2.0
@maxsec And a fool with a tool ... is still a fool!

Martin Hepworth
yes jav-mate, but policy ;-)

John Furrier
software using unstructured data is huge; Spark in memory has implications here

Garrett Gross
@J4vv4D I thought I told you to not call me that in public? ;)

Javvad Malik v2.0
@maxsec haha - please don't undo my years of therapy! :)