SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsAs infrastructure workloads have changed, cloud workflows have been adopted, and elastic provisioning and de-provisioning have become standard, manual processes. As a result, semi-automated infrastructure management workflows have proven insufficient. One of the most widely implemented solutions to these problems has been the adoption of declarative infrastructure as code, a philosophy and set of tools which use machine-readable files that declare the desired state of infrastructure. Unfortunately, infrastructure as code has introduced new attack surfaces and techniques that traditional network defense controls may not adequately cover or account for. This paper examines a common deployment of infrastructure as code via GitHub Enterprise and HashiCorp Terraform, explores an attack scenario, examines attacker tradecraft within the context of the MITRE ATT&CK framework, and makes recommendations for defensive controls and intrusion detection techniques.