How to Improve Threat Detection and Hunting in the AWS Cloud Using the MITRE ATT&CK Matrix

Overview Understanding adversary tactics and techniques based on real-world observations are critical to building more effective threat detection and hunting capabilities. The context provided by data sources is what enables us to make actionable decisions. Still, it is limited to what raw data inputs we consume, as well as consuming enough of the right data to be able to mitigate, remediate and prevent future adversary activity. However, detecting malicious events is not the final solution to thwarting adversaries. Actions need to be taken, whether they are operational (e.g., stopping a malicious process) or strategic (e.g., securing an environment to prevent the execution of malicious processes). In this webinar, SANS and AWS Marketplace will discuss the exercise of applying the MITRE ATT&CK Matrix to the AWS Cloud. They will also explore how to enhance threat detection and hunting in an AWS environment to maintain a strong security posture. Attendees will learn how to: Apply the MITRE ATT&CK Matrix to classify and understand cloud-based techniques Create an effective detection strategy and uncover what data sources are required Break down and recognize detections by security product capabilities and data sources Leverage threat intel for improved detection Use AWS services and third-party solutions to support their threat detection and hunting strategy Register today to be among the first to receive the associated whitepaper written by SANS senior instructor and cloud security expert Dave Shackleford. Speaker Bios Dave Shackleford Dave Shackleford is the owner and principal consultant of Voodoo Security and faculty at IANS Research. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering, and is a VMware vExpert with extensive experience designing and configuring secure virtualized infrastructures. Dave is a SANS Analyst, the author of and an instructor for SANS SEC504: Hacker Tools, Techniques, and Incident Handling, serves on the Board of Directors at the SANS Technology Institute, and helps lead the Atlanta chapter of the Cloud Security Alliance. He was also been a chair for the SANS Cloud Security Summit and DevOps Summits since SANS began them years ago. Ross Warren Based in Northern Virginia, Ross Warren is a specialist solution architect at AWS with a focus on security. Prior to his work at AWS, Ross’ areas of expertise included cyber threat hunting and security operations. Ross has worked at a handful of startups and has enjoyed the transition to AWS because he can build solutions for customers with the breadth and depth of services offered by AWS.