SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsAdversaries are increasingly targeting multi-cloud infrastructures to disrupt operations and demand ransomware, exfiltrate sensitive data, and steal funds. To accomplish this while evading detection, they often adapt traditional Living-off-the-Land (LOTL) tactics to the specific API-driven characteristics of the cloud.
How? Instead of leveraging native Windows tools like PowerShell and WMI to escalate privileges and move laterally across corporate networks, they’re now compromising native cloud platform and identity management tools to gain administrative privileges and move laterally from one cloud environment to another.
In addition to enabling automated cloud attacks, the benefits of this approach are that (1) it is stealthy, because most cloud platforms do not natively detect these types of activities, and (2) it enables attackers to reuse the same playbooks over and over, across different organizations, because most organizations using the same cloud providers (AWS, Azure, GCP) have similarly managed architectures.
Yotam has spent the last ten years managing and responding to some of the most sophisticated global cyber operations. He’s worked with technical teams and executives to defeat attacks and leverage cyber as a competitive advantage across incident response, purple teaming, posture enhancements, and executive wargames.
Learn morePhil is VP of Cyber Defense Strategy at Gem Security, the Cloud Detection & Response (CDR) company.
Learn more