Videos

Practical experiences implementing security in critical infrastructure projects. The talk is about how to or how to not implement cloud native projects in highly regulated environments. You will get some insights into real world projects where Kubernetes is used to run the latest applications controlling critical infrastructure in Germany and Europe. The examples include container hardening and how to convince developers to deliver minimal and compliant containers, onboarding security team members to get the Sec into DevOps, running CI/CD pipelines with 3rd party vendors, air gapped cloud native architectures and running clusters with the highest availability.

Cloud Detection and Resposne (CDR) is an evolving approach to proactively defending cloud infrastructure against cyber-attacks. CDR takes a lot of approaches from traditional Threat Detection and Incident Response (TDIR) and applies these approaches to cloud-native infrastructure. This approach allows for optimized strategies specifically designed to fit the cloud-native threat landscape, given the limitations of traditional TDIR in cloud-native infrastructure.

Cloud Detection and Response (CDR) is an evolving approach to proactively defending cloud-native infrastructure against cyber-attacks. However, CDRs suffer from many challenges, mainly resulting in alert fatigue. Cloud Attack Emulation provides approaches to overcoming these challenges.

Learn how common vulnerabilities that FinTech firms face in the cloud, the latest trends in cybersecurity threats, and practical advice for companies looking to bolster their defenses, including how Mitigant can helpverify the readiness against cyberattacks with Cloud Attack Emulation.

Security Chaos Engineering (SCE) builds on proven scientific methods, the same methods that underlie chaos engineering. The basic premise is that resilience is a product of planned and organized turbulence. Without deliberate and coordinated orchestration of turbulence, defenders (e.g. security incident responders) perceive a false sense of security, and blindspots remain unnoticed. These blindspots are potential attack opportunities in the waiting. Interestingly, on the flip side, attackers easily identify such blindspots because they intentionally look for them; they employ adversarial tactics. This mindset, also known as the assume-breach mindset, is imperative for using proactive cyber-security mechanisms. Importantly, SCE allows defenders to think from attackers’ viewpoints, thus asking exciting questions about attack opportunities. This adversarial mindset allows framing various attack scenarios as hypotheses to be proved. Hypothesis proving enables the collection of evidence, thus taking away guesswork or gut feeling and positioning a fact-based analytical process. This process empowers incident response teams to exercise realistic attack scenarios and build effective incident response processes. Ultimately, these teams enhance their knowledge and skill and become more confident in tackling varying dimensions of attacks.

Due to the rapid increase of ransomware attacks in the last years, 2021 was tagged the “Golden Era of Ransomware”. Most ransomware countermeasures recommend use of backups and runbooks. However, these techniques are seldom verified to ascertain the level of technical efficiency they provide. Furthermore, the human operators who use apply these ransomware countermeasures are rarely afforded the opportunity to understand how to react to ransomware attacks. A more effective way is by leveraging security chaos engineering to overcome the aforementioned shortcomings. By conducting planned experiments, ransomware countermeasures can be crafted as a hypothesis and proven. This approach enables security incident response teams to gain confidence in their technical and organizational skills as well as practice how to operate the ransomware countermeasures.

Join the discussion on the state of cybersecurity in FinTech with panel of experts from different domains.

Minimizing the size and the attack vectors are just two sides of the same coin. As a reward, you get much faster deployment pipelines, enabling more automated testing and higher scalability. A speed up by a factor of 10 or 20 is not unusual, sometimes the size of a cointainer shrinks by a factor of 100.

In December 2021 the Log4Shell bug caused major damages nearly everywhere, and the first time the blast radius of a bug reached Mars, causing damages of several 1000 Millions. How can we prevent events like this in the future? How can we leverage the amount of 10 Mio € to the substantial sum.

Due to the rapid increase of ransomware attacks in the last year, 2021 was tagged the "Golden Era of Ransomware". Most ransomware countermeasures recommend backups and runbooks. However, these techniques are seldom verified to ascertain the level of technical efficiency they provide. Furthermore, the human operators who use these ransomware countermeasures rarely have the opportunity to understand how to react to ransomware scenarios. A more effective way is by leveraging security chaos engineering to overcome the aforementioned shortcomings. By conducting planned experiments, ransomware countermeasures can be crafted as a hypothesis and proven. This approach enables security incident response teams to gain confidence in their technical and organizational skills as well as practice how to operate the ransomware countermeasures.

The Kubernetes security awareness increases during the last years, which is very important - there were always gaps. What is the biggest security gap? And how you can achieve Kubernetes security?

Security is a vital part of any development pipeline, but as we move towards dynamic Cloud DevOps, it’s becoming left behind. With Kubernetes having worrying security flaws, we talked to Thomas Fricke to learn more about how to keep our DevOps setup secure.

Tokens are a powerful way of controlling the access to to Rest APIs. Chasing them should be hard. Unfortunately, there is a widespread habit of leaving tokens lying around allowing very powerful attack vectors. An attack demonstrates how to hack an OpenShift cluster, which is fully securty compliant to the accepted standards of NIST and CIS. Hijacking a container gives full control to the cluster, including host access. If running in the cloud, the cluster can be used for further attacks, because the host has another token to the cloud API server. With this token, arbitrary accounts and cloud resources can be controlled, including virtual machines, storage and derived accounts.

The dynamic nature of cloud-native infrastructure requires continuous security mechanisms to effectively tackle security threats. However, cloud native infrastructure is complex and still emerging hence the security threats are barely understood resulting in successful attacks due to unknown attack patterns and behavior. In this talk, the innovative notion of Security Chaos Engineering (SCE) is introduced as a viable approach for enabling proactive cloud native security mechanisms for cloud native infrastructure. Essentially, SCE applies chaos engineering principles to cyber security such that defended environments are not just secure but also resilient to cyber-attacks. A major benefit is the derivation and use of instant empirical feedback loops that aid in verifying security mechanisms (e.g. tools) and expected properties (confidentiality, integrity and availability). Through the injection of controlled security faults (crafted as security hypotheses), deployed security mechanisms are properly analyzed, security blind spots are identified and remediated, thereby resulting in increased security and resiliency. Furthermore to previous presentations, this talks demonstrates SCE benefits including compliance monitoring, incident response and threat detection.

How Security Chaos Engineering can prevent cloud breaches.

The dynamic nature of cloud-native infrastructure requires continuous security mechanisms to effectively detect security threats, especially those with unknown patterns and behavior. This talk proposes Risk-driven Fault Injection (RDFI) techniques to address these challenges.

Human errors and misconfiguration-based vulnerabilities have become a major cause of data breaches and other forms of security attacks in cloud-native infrastructure (CNI). The dynamic and complex nature of CNI and the underlying distributed systems further complicate these challenges. Hence, novel security mechanisms are imperative to overcome these challenges. Such mechanisms must be customer-centric, continuous, not focused on traditional security paradigms like intrusion detection. We tackle these security challenges via Risk-driven Fault Injection (RDFI), a novel application of cyber security to chaos engineering. Chaos engineering concepts (e.g. Netflix's Chaos Monkey) have become popular since they increase confidence in distributed systems by injecting non-malicious faults (essentially addressing availability concerns) via experimentation techniques. RDFI goes further by adopting security-focused approaches by injecting security faults that trigger security failures that impact integrity, confidentiality, and availability. Safety measures are also employed such that impacted environments can be reversed to secure states. Therefore, RDFI improves security and resilience drastically, in a continuous and efficient manner and extends the benefits of chaos engineering to cyber security. We have researched and implemented a proof-of-concept for RDFI that targets multi-cloud enterprise environments deployed on AWS and Google Cloud platform.