WEBVTT 1 00:00:00.160 --> 00:00:04.400 Welcome to this deep dive into threat hunting in the cloud. 2 00:00:05.200 --> 00:00:07.559 We know you're interested in how to handle threats across 3 00:00:07.679 --> 00:00:09.000 multiple cloud providers. 4 00:00:09.119 --> 00:00:10.320 Yeah, it can be a real challenge. 5 00:00:10.400 --> 00:00:13.160 It's like securing a fortress with walls that are constantly 6 00:00:13.279 --> 00:00:14.359 shifting and changing. 7 00:00:14.480 --> 00:00:15.480 That's a good analogy. 8 00:00:15.679 --> 00:00:18.120 We've got excerpts from a book called Threat Hunting in 9 00:00:18.160 --> 00:00:22.160 the Cloud Defending Aws, Azure and other cloud platforms against 10 00:00:22.199 --> 00:00:24.120 cyber attacks to help us out. 11 00:00:24.440 --> 00:00:26.800 Yeah, this book is a great resource. It really dives 12 00:00:26.839 --> 00:00:30.719 into the assumed breach mentality, which is so important for 13 00:00:30.760 --> 00:00:31.359 threat hunting. 14 00:00:31.440 --> 00:00:33.679 So it's not about just waiting for alarms to go off. 15 00:00:33.719 --> 00:00:36.439 You're actively searching for those subtle signs exactly. 16 00:00:36.479 --> 00:00:39.439 It's about assuming that the attackers are already in your 17 00:00:39.560 --> 00:00:42.759 environment and looking for evidence of their presence. 18 00:00:43.240 --> 00:00:45.880 So let's pee a picture for our listener. Imagine a 19 00:00:45.880 --> 00:00:50.039 company using both Aws and Azure, so juggling data across 20 00:00:50.079 --> 00:00:54.280 both platforms. What makes threat hunting particularly tricky in that 21 00:00:54.399 --> 00:00:55.719 multi cloud scenario. 22 00:00:55.920 --> 00:00:59.280 Well, you've got different security tools, different interfaces, even different 23 00:00:59.320 --> 00:00:59.920 logging format. 24 00:01:00.159 --> 00:01:02.840 So it's not just different clouds you're dealing with entirely 25 00:01:02.880 --> 00:01:05.159 different security ecosystems. 26 00:01:04.719 --> 00:01:07.120 Right, and that can make it really difficult to get 27 00:01:07.120 --> 00:01:09.560 a unified view of your security posture. 28 00:01:10.200 --> 00:01:13.480 So how do you even begin to approach threat hunting 29 00:01:13.599 --> 00:01:14.760 in that kind of environment. 30 00:01:15.280 --> 00:01:18.040 Well, one thing that can help is a framework like 31 00:01:18.239 --> 00:01:20.040 MI I, T R, A T T and CK. 32 00:01:20.280 --> 00:01:21.439 Oh yeah, I've heard of that. 33 00:01:21.560 --> 00:01:24.840 It basically maps out all the different tactics and techniques 34 00:01:24.840 --> 00:01:25.719 that attackers use. 35 00:01:25.799 --> 00:01:29.359 So it's like a playbook for understanding cyber attacks exactly. 36 00:01:29.680 --> 00:01:31.879 And it can be really helpful for threat hunters because 37 00:01:31.879 --> 00:01:34.519 it gives them a common language to describe attacks and 38 00:01:34.560 --> 00:01:37.000 it helps them to develop hypotheses. 39 00:01:36.359 --> 00:01:37.079 For their hunts. 40 00:01:37.319 --> 00:01:40.200 Okay, that makes sense, but let's not forget the human 41 00:01:40.319 --> 00:01:43.120 element here. Who are these threat hunters and what kind 42 00:01:43.159 --> 00:01:44.319 of skills do they need? 43 00:01:44.519 --> 00:01:46.799 Well, thread hunters are kind of a special breed, you know. 44 00:01:46.840 --> 00:01:50.519 They need to have a deep understanding of security concepts. 45 00:01:50.680 --> 00:01:53.359 They need to be good at data analysis, and of 46 00:01:53.359 --> 00:01:56.400 course they need to be comfortable with programming languages. 47 00:01:55.959 --> 00:01:59.040 Because they're sifting through mountains of log data exactly. 48 00:01:59.760 --> 00:02:03.079 But perhaps even more importantly, they need critical thinking skills 49 00:02:03.120 --> 00:02:04.799 and a healthy dose of paranoia. 50 00:02:04.799 --> 00:02:07.959 They have to constantly be thinking like an attacker exactly. 51 00:02:08.759 --> 00:02:11.680 They have to be asking themselves what if the attackers 52 00:02:11.680 --> 00:02:14.319 were already in where would they hide? 53 00:02:15.000 --> 00:02:16.520 What would their footprints look like. 54 00:02:16.719 --> 00:02:19.599 It's like being a digital detective, constantly searching. 55 00:02:19.280 --> 00:02:20.879 For clues, exactly. 56 00:02:21.039 --> 00:02:23.719 But this book also highlights the sheer scale of the 57 00:02:23.759 --> 00:02:26.680 threat we're facing these days. It's not just about loan 58 00:02:26.759 --> 00:02:28.680 hackers and basements anymore, is it. 59 00:02:29.039 --> 00:02:33.199 No, definitely not. Cybercrime is a multi trillion dollar industry now, 60 00:02:33.879 --> 00:02:37.479 and the bad guys are getting more organized and sophisticated 61 00:02:37.840 --> 00:02:38.400 all the time. 62 00:02:38.520 --> 00:02:41.919 So we've got everything from opportunistic cyber criminals to highly 63 00:02:42.039 --> 00:02:43.400 organized criminal gangs. 64 00:02:43.599 --> 00:02:45.719 Right, and then you've got the nation state. 65 00:02:45.479 --> 00:02:49.120 Actors, the real pros with deep pockets and long term agendas. 66 00:02:49.199 --> 00:02:50.919 Yeah, those are the ones that can really keep you 67 00:02:51.000 --> 00:02:51.479 up at night. 68 00:02:51.759 --> 00:02:55.080 The book uses the Solar Winds attack as an example. 69 00:02:54.919 --> 00:02:57.439 Right, and that was a really sophisticated attack. They were 70 00:02:57.439 --> 00:02:59.120 able to go undetected for months. 71 00:02:59.240 --> 00:03:01.120 One of the things they did was they compromise the 72 00:03:01.240 --> 00:03:01.919 supply chain. 73 00:03:02.000 --> 00:03:05.520 Yeah, they inserted malicious code into a trusted software update, 74 00:03:05.599 --> 00:03:08.120 which is then distributed to thousands of organizations. 75 00:03:08.319 --> 00:03:10.960 So it's not just about defending your own perimeter anymore. 76 00:03:11.039 --> 00:03:15.240 It's about understanding and securing your entire digital supply chain exact. 77 00:03:15.319 --> 00:03:17.719 So that adds a whole other layer of complexity to 78 00:03:17.759 --> 00:03:21.199 threat hunting. It definitely does, and it highlights why traditional 79 00:03:21.240 --> 00:03:25.960 security measures like firewalls and anti virus software aren't enough anymore. 80 00:03:26.039 --> 00:03:29.280 You need that proactive threat hunting approach to uncover the 81 00:03:29.360 --> 00:03:31.479 attacks that slip past your initial defenses. 82 00:03:31.919 --> 00:03:34.599 So let's dive into some of the specific attack vectors 83 00:03:34.599 --> 00:03:36.840 that the book highlights. We know that phishing is still 84 00:03:36.879 --> 00:03:41.319 a huge problem, even in sophisticated cloud environments. What makes 85 00:03:41.360 --> 00:03:43.479 it so difficult to combat well. 86 00:03:43.400 --> 00:03:46.680 Phishing attacks have gotten incredibly targeted and convincing. 87 00:03:46.719 --> 00:03:47.280 These days. 88 00:03:47.639 --> 00:03:52.280 We're way past those poorly written emails with obvious typos. 89 00:03:51.840 --> 00:03:53.120 So they're not easy to spot. 90 00:03:53.680 --> 00:03:53.879 Right. 91 00:03:54.360 --> 00:03:57.439 Attackers can craft personalized emails that look like they come 92 00:03:57.479 --> 00:04:01.199 from your CEO, your bank, or even your trusted cloud provider. 93 00:04:01.319 --> 00:04:04.960 So they're doing their research and they're exploiting our trust exactly. 94 00:04:05.199 --> 00:04:07.400 And it's not just about clicking on a link anymore. 95 00:04:07.479 --> 00:04:10.479 Phishing attacks can be used to deliver a variety of payloads, 96 00:04:10.520 --> 00:04:14.120 from malware to ransomware to credential stealing. 97 00:04:14.159 --> 00:04:17.000 Tools, and once those payloads are in your cloud environment, 98 00:04:17.360 --> 00:04:19.720 they can spread rapidly and cause serious damage. 99 00:04:19.959 --> 00:04:21.600 Yeah, it can be really tough to contain. 100 00:04:21.920 --> 00:04:24.319 Okay, so we've got phishing, which is still the most 101 00:04:24.399 --> 00:04:27.959 common attack vector. But the book also talks about ransomware, 102 00:04:28.000 --> 00:04:31.600 which seems to be evolving at an alarming rate. What 103 00:04:31.600 --> 00:04:33.279 are some of the new trends you're seeing there? 104 00:04:33.560 --> 00:04:36.319 Well, one trend is that ransomware attacks are becoming more 105 00:04:36.319 --> 00:04:40.160 sophisticated and more targeted in what way? Well, for example, 106 00:04:40.519 --> 00:04:42.839 attackers are using techniques like double extortion. 107 00:04:43.319 --> 00:04:43.680 What's that. 108 00:04:43.959 --> 00:04:46.160 It's where they not only encrypt your data, but they 109 00:04:46.199 --> 00:04:49.000 also steal it and threaten to release it publicly if 110 00:04:49.000 --> 00:04:50.120 you don't pay the ransom. 111 00:04:50.600 --> 00:04:52.279 So they're really turning up the pressure. 112 00:04:52.439 --> 00:04:54.920 Yeah, and the speed of these attacks is also terrifying. 113 00:04:55.480 --> 00:04:58.480 Some ransomware attacks can spread through an entire network in 114 00:04:58.560 --> 00:04:59.800 less than forty five minutes. 115 00:05:00.000 --> 00:05:01.399 It's barely enough time to grab a coffee. 116 00:05:01.439 --> 00:05:02.279 Ah, you know, it's crazy. 117 00:05:02.600 --> 00:05:05.519 So backups are essential, but even those might not be 118 00:05:05.639 --> 00:05:09.079 enough if the attackers have already exultrated your sensitive data. 119 00:05:09.160 --> 00:05:11.199 And I imagine this rapid spread is even more of 120 00:05:11.199 --> 00:05:13.600 a challenge in a multi cloud environment where you've got 121 00:05:13.720 --> 00:05:15.680 data scattered across different platforms. 122 00:05:15.720 --> 00:05:16.639 Absolutely yeah. 123 00:05:16.680 --> 00:05:19.319 If you don't have a unified view of your security 124 00:05:19.319 --> 00:05:24.319 posture across all your cloud environments, it's incredibly difficult to 125 00:05:24.439 --> 00:05:27.519 detect and contain a ransomware attack quickly. 126 00:05:28.040 --> 00:05:29.839 So you need to have the right tools and processes 127 00:05:29.879 --> 00:05:31.199 in place, exactly, and. 128 00:05:31.160 --> 00:05:33.560 You need to be able to respond quickly and decisively. 129 00:05:33.720 --> 00:05:36.319 So we're really starting to see how the complexity of 130 00:05:36.360 --> 00:05:39.600 the multi cloud environment amplifies the challenges of thread hunting. 131 00:05:39.879 --> 00:05:42.759 It's not just about understanding the individual threats, it's about 132 00:05:42.800 --> 00:05:46.560 understanding how they can exploit the unique vulnerabilities of this 133 00:05:46.639 --> 00:05:48.560 interconnected landscape exactly. 134 00:05:48.720 --> 00:05:52.560 And that's why building a strong thread hunting program, especially 135 00:05:52.600 --> 00:05:56.240 in a multi cloud world, requires a multifaceted approach. 136 00:05:56.360 --> 00:05:58.759 You need the right people, the right processes, and the 137 00:05:58.839 --> 00:06:01.079 right technology exactly. 138 00:06:00.920 --> 00:06:03.639 And you need to be constantly adapting and evolving your 139 00:06:03.639 --> 00:06:06.000 approach as the threat landscape changes. 140 00:06:06.279 --> 00:06:09.240 So we've established that threat hunting in the multi cloud 141 00:06:09.279 --> 00:06:13.639 world it's complex. But this book it doesn't just stay 142 00:06:13.680 --> 00:06:16.399 in the present. It looks ahead too, the future of 143 00:06:16.480 --> 00:06:19.000 threat hunting, and some of what it talks about it's 144 00:06:19.000 --> 00:06:20.560 like something out of a sci fi movie. 145 00:06:20.600 --> 00:06:21.160 It's true. 146 00:06:21.319 --> 00:06:24.639 The threat landscape is constantly evolving, yeah, and so are 147 00:06:24.680 --> 00:06:27.240 the ways we defend ourselves. One of the most interesting 148 00:06:27.279 --> 00:06:31.800 developments is AI, Artificial intelligence in cybersecurity. 149 00:06:32.000 --> 00:06:34.279 AI it seems like it's everywhere these days, but how 150 00:06:34.319 --> 00:06:36.279 is it used in threat hunting? Sometimes it feels like 151 00:06:36.360 --> 00:06:37.120 just a buzzword. 152 00:06:37.240 --> 00:06:40.560 It's definitely not just type AI and machine learning. They're 153 00:06:40.600 --> 00:06:43.160 already playing a big role in threat hunting, and they're 154 00:06:43.199 --> 00:06:44.120 only going to get bigger. 155 00:06:44.360 --> 00:06:44.959 Think about it. 156 00:06:45.040 --> 00:06:47.560 Threat hunters are always going through tons of data looking 157 00:06:47.600 --> 00:06:50.560 for those tiny signs of an attack. AI can automate 158 00:06:50.600 --> 00:06:55.000 that process, analyzing data way faster than humans ever could. 159 00:06:54.800 --> 00:06:58.399 So AI it's not replacing human threat hunters. It's more 160 00:06:58.480 --> 00:07:01.439 like a really powerful assistant helping them do their job better. 161 00:07:01.639 --> 00:07:02.680 That's a great way to put it. 162 00:07:02.879 --> 00:07:06.399 AI can help with things like anomaly detection, finding patterns 163 00:07:06.439 --> 00:07:08.639 that are out of the ordinary and that could mean 164 00:07:08.680 --> 00:07:12.759 malicious activity. It can also help with threat intelligence, connecting 165 00:07:12.839 --> 00:07:16.720 data from different sources to spot new threats and even 166 00:07:16.759 --> 00:07:18.680 predict what attackers might do next. 167 00:07:18.959 --> 00:07:22.920 That sounds incredibly powerful, but I've also heard some concerns 168 00:07:22.920 --> 00:07:26.199 about relying too much on AI. Couldn't attackers use AI 169 00:07:26.319 --> 00:07:29.199 against us, turning our own defenses against us. 170 00:07:29.319 --> 00:07:32.879 It's a valid concern and something security researchers are working on. 171 00:07:33.439 --> 00:07:36.079 AI could be used for good or bad. The key 172 00:07:36.120 --> 00:07:39.319 is to make strong AI models, models that can't be 173 00:07:39.399 --> 00:07:42.279 easily manipulated, and use them as just one part of 174 00:07:42.279 --> 00:07:44.399 your security strategy, not the whole thing. 175 00:07:44.639 --> 00:07:47.399 So AI is a powerful tool, but you can't replace 176 00:07:47.480 --> 00:07:50.240 human expertise. You still need those thread hunters who can 177 00:07:50.319 --> 00:07:53.600 understand the nuances of attacks and make informed decisions. 178 00:07:53.879 --> 00:07:57.920 Absolutely, humans are still crucial on cybersecurity. AI helps us 179 00:07:57.959 --> 00:08:00.720 see the big picture, but it's who make sense to 180 00:08:00.759 --> 00:08:03.759 the data, connect the dots, and decide how to react. 181 00:08:03.920 --> 00:08:06.759 In speaking of big changes, the book mentioned something even 182 00:08:06.800 --> 00:08:11.079 more futuristic, quantum computing. I have to admit I don't 183 00:08:11.120 --> 00:08:12.959 really get that one. Can you break it down? 184 00:08:13.240 --> 00:08:15.959 Quantum computing it's a whole different way of thinking. It 185 00:08:16.040 --> 00:08:19.600 uses quantum mechanics to do calculations at speeds you can't 186 00:08:19.639 --> 00:08:22.839 even imagine with regular computers. It's still early days, but 187 00:08:22.920 --> 00:08:25.360 it could change everything, including cybersecurity. 188 00:08:25.519 --> 00:08:27.920 Okay, so it's really fast computing but how does that 189 00:08:27.959 --> 00:08:29.160 affect threat hunting? 190 00:08:29.439 --> 00:08:32.039 Well, think about this. A lot of our digital world 191 00:08:32.120 --> 00:08:36.720 relies on encryption algorithms. They're practically unbreakable with today's computers, 192 00:08:37.159 --> 00:08:40.360 but a strong enough quantum computer, it could crack those 193 00:08:40.399 --> 00:08:44.279 algorithms wide open. Our current security measures would be useless. 194 00:08:44.600 --> 00:08:47.320 So quantum computing is a double edged sword. It could 195 00:08:47.399 --> 00:08:50.200 lead to great advancements, but it could also give attackers 196 00:08:50.240 --> 00:08:54.200 a huge advantage, letting them break through our defenses exactly, And. 197 00:08:54.159 --> 00:08:57.480 That's why researchers are working on new encryption algorithms, yeah, 198 00:08:57.639 --> 00:09:01.360 and security protocols ones that can with stand quantum attacks. 199 00:09:01.960 --> 00:09:04.799 It's a race against time, a race we can't afford 200 00:09:04.840 --> 00:09:05.279 to lose. 201 00:09:05.639 --> 00:09:08.759 So AI's on the rise, quantum computing's on the horizon. 202 00:09:09.480 --> 00:09:12.120 The future of threat hunting sounds like a wild ride. 203 00:09:12.200 --> 00:09:15.399 But let's talk about something that's happening now. Threat hunting 204 00:09:15.440 --> 00:09:18.639 as a service. What is that and why are companies 205 00:09:18.679 --> 00:09:19.360 turning to it? 206 00:09:19.679 --> 00:09:23.159 Threat hunting is a service we call it ties. It's 207 00:09:23.200 --> 00:09:27.320 basically outsourcing your threat hunting. You get a specialized provider 208 00:09:27.399 --> 00:09:29.960 to do it for you. It's becoming really popular, especially 209 00:09:29.960 --> 00:09:33.639 for organizations that don't have the resources or the expertise 210 00:09:33.960 --> 00:09:35.759 to build their own threat hunting program. 211 00:09:35.799 --> 00:09:39.320 So instead of building a team of cybersecurity ninjas from scratch, 212 00:09:39.600 --> 00:09:41.799 you hire a team that's already out there fighting the 213 00:09:41.840 --> 00:09:42.960 bad guys on the front lines. 214 00:09:43.039 --> 00:09:45.320 That's a great way to put it. TOSS providers have 215 00:09:45.440 --> 00:09:49.799 the experience, the tools, the threat intelligence to help organizations 216 00:09:49.799 --> 00:09:52.600 of all sizes. They can monitor your systems twenty four 217 00:09:52.639 --> 00:09:56.360 to seven hundred, analyze logs for a suspicious activity, even 218 00:09:56.399 --> 00:09:57.679 help you respond to incidents. 219 00:09:57.840 --> 00:10:00.279 It sounds like a great option for companies just charting 220 00:10:00.320 --> 00:10:03.000 out with threat hunting or those who feel overwhelmed by 221 00:10:03.000 --> 00:10:05.519 the multi cloud world. But what about companies that have 222 00:10:05.600 --> 00:10:08.759 already invested in their own security. Do they still need 223 00:10:08.799 --> 00:10:09.679 TOSS They. 224 00:10:09.600 --> 00:10:13.879 Can still benefit even companies with mature security programs. They 225 00:10:13.879 --> 00:10:17.399 can get specialized expertise from TOAs providers. Think of it 226 00:10:17.440 --> 00:10:20.120 like calling in a special forces team when you need 227 00:10:20.360 --> 00:10:24.440 extra firepower. TOS providers can work with your existing team, 228 00:10:25.159 --> 00:10:29.759 bring a fresh perspective, advanced threat intelligence, even specialized tools you. 229 00:10:29.799 --> 00:10:30.360 Might not have. 230 00:10:30.559 --> 00:10:33.600 So TOAs can be a good addition to any security program, 231 00:10:33.639 --> 00:10:36.799 whether you're just starting out or you're already a pro exactly. 232 00:10:36.879 --> 00:10:39.960 And as the threats keep evolving, I think we'll see 233 00:10:40.000 --> 00:10:42.519 more companies using tos to stay ahead. 234 00:10:42.279 --> 00:10:42.720 Of the game. 235 00:10:42.879 --> 00:10:45.360 Okay, so we've talked about the people on the processes. 236 00:10:45.559 --> 00:10:48.240 What about the technology. The book mentions Azure Sentinel and 237 00:10:48.279 --> 00:10:52.559 Amazon Guard Duty. But technology changes so fast. What's next 238 00:10:52.600 --> 00:10:53.840 for threat hunting tools? 239 00:10:54.120 --> 00:10:57.639 The evolution of threat hunting tools is fascinating. One big 240 00:10:57.679 --> 00:11:01.440 trend is integration. Right now, a lot of security teams 241 00:11:01.480 --> 00:11:03.519 are dealing with tools sprawl. They've got a bunch of 242 00:11:03.559 --> 00:11:06.120 different tools and they don't work well together. 243 00:11:06.320 --> 00:11:09.480 So it's like trying to fight a war with soldiers 244 00:11:09.480 --> 00:11:12.000 from different countries who can't understand each other. 245 00:11:12.279 --> 00:11:15.440 That's a great analogy. But things are changing. We're seeing 246 00:11:15.440 --> 00:11:19.039 more integrated platforms that can take data from lots of sources, 247 00:11:19.679 --> 00:11:22.879 correlate events, and give you a more complete view of 248 00:11:22.879 --> 00:11:23.600 your security. 249 00:11:24.240 --> 00:11:26.639 So instead of having a bunch of separate tools, you 250 00:11:26.720 --> 00:11:30.039 have one central command center where you can see everything 251 00:11:30.080 --> 00:11:31.039 that's happening exactly. 252 00:11:31.120 --> 00:11:34.159 And this is crucial for multi cloud environments where you're 253 00:11:34.200 --> 00:11:37.320 dealing with data from different providers. Another trend to watch 254 00:11:37.360 --> 00:11:40.519 for is XDR Extended Detection and Response. 255 00:11:40.720 --> 00:11:43.159 Okay, what's XDR. How is it different from the other tools. 256 00:11:43.279 --> 00:11:46.559 Think of XDR as the next step from EDR Endpoint 257 00:11:46.600 --> 00:11:51.279 Detection and Response EDER focuses on individual devices like laptops 258 00:11:51.320 --> 00:11:56.039 and servers. XDR expands that to include cloud workloads, email, 259 00:11:56.080 --> 00:11:59.159 identity and more. It's like having a security camera that 260 00:11:59.200 --> 00:12:00.080 can see everything else. 261 00:12:00.480 --> 00:12:03.159 So it connects the dots between different security data sources 262 00:12:03.200 --> 00:12:05.000 to get a complete picture of the attack. 263 00:12:04.840 --> 00:12:07.840 Exactly, and that visibility is key for threat hunting. The 264 00:12:07.879 --> 00:12:10.240 more data you have, the more likely you are to 265 00:12:10.240 --> 00:12:11.799 find those subtle signs of an attack. 266 00:12:12.000 --> 00:12:14.480 And I bet AI and machine learning play a big 267 00:12:14.519 --> 00:12:16.919 part in XDR helping make sense of all that data. 268 00:12:17.240 --> 00:12:21.360 Absolutely, AI and machine learning are essential to analyze huge 269 00:12:21.399 --> 00:12:24.559 amounts of data and find those needles in the haystack, 270 00:12:24.600 --> 00:12:26.720 the events that really signal a threat. 271 00:12:26.879 --> 00:12:30.600 So threat hunting tools in the future they'll be more integrated, 272 00:12:30.639 --> 00:12:33.360 more intelligent, more powerful. That's a huge change, it. 273 00:12:33.360 --> 00:12:36.080 Really is, and these changes will be crucial as we 274 00:12:36.159 --> 00:12:38.120 face more sophisticated cyber threats. 275 00:12:38.240 --> 00:12:39.960 We've covered a lot, but before we move on, what 276 00:12:40.000 --> 00:12:42.840 about regulations? Are there any specific ones for threat hunting 277 00:12:42.879 --> 00:12:43.440 in the cloud? 278 00:12:43.639 --> 00:12:46.919 That's important The rules around cloud security are always changing, 279 00:12:47.200 --> 00:12:49.399 but there are a few frameworks you should know. One 280 00:12:49.519 --> 00:12:52.720 is the NIST Cybersecurity Framework the CSF. 281 00:12:53.000 --> 00:12:56.399 We talked about miter ATT and CK for understanding attack 282 00:12:56.480 --> 00:12:59.159 or tactics. What's NIST CSF. 283 00:12:58.679 --> 00:13:03.159 About is a set of guidelines best practices for managing 284 00:13:03.200 --> 00:13:06.639 cybersecurity risk. It's not just about threat hunting, but it 285 00:13:06.679 --> 00:13:11.759 does recommend things like identifying threats, detecting events, responding to incidents. 286 00:13:11.840 --> 00:13:15.559 So it's a broader framework for a good cybersecurity program, 287 00:13:15.759 --> 00:13:18.000 and threat hunting is part of that exactly. 288 00:13:18.080 --> 00:13:20.960 It's widely recognized and used, so it's good to align 289 00:13:21.039 --> 00:13:23.799 with it, even if it's not required. Then there are 290 00:13:23.879 --> 00:13:30.080 industry specific regulations like HIPPA for healthcare, PCIDSS for payment cards, 291 00:13:31.320 --> 00:13:34.240 GDPR for data protection in Europe, So if. 292 00:13:34.120 --> 00:13:37.720 You're in a regulated industry, you need to know these 293 00:13:37.840 --> 00:13:41.519 rules and make sure your threat hunting program follows them absolutely. 294 00:13:41.559 --> 00:13:44.879 And the cloud adds new complexities to compliance. You need 295 00:13:44.879 --> 00:13:48.559 to understand the shared responsibility model. The cloud provider secures 296 00:13:48.600 --> 00:13:52.240 the cloud itself, but you're responsible for securing what's in 297 00:13:52.240 --> 00:13:55.879 the cloud, so you need to configure your cloud environments correctly. 298 00:13:56.399 --> 00:13:59.960 Put in the right security controls and monitor for threats. 299 00:14:00.000 --> 00:14:03.679 What's a shared responsibility. But ultimately, you're responsible for your 300 00:14:03.759 --> 00:14:04.440 data in the. 301 00:14:04.360 --> 00:14:06.840 Cloud right and threat hunting can help you show that 302 00:14:06.840 --> 00:14:09.440 that you're taking steps to protect your data and meet 303 00:14:09.480 --> 00:14:10.759 your compliance obligations. 304 00:14:10.840 --> 00:14:13.799 It sounds like threat hunting. It's really important for any 305 00:14:13.919 --> 00:14:17.720 organization's cloud security, especially when you're dealing with multiple clouds 306 00:14:17.720 --> 00:14:19.720 and all these evolving threats and regulations. 307 00:14:19.799 --> 00:14:24.360 I completely agree. It's not just something extra, it's becoming essential. 308 00:14:25.159 --> 00:14:27.279 If you want to particut your data and your reputation, 309 00:14:28.080 --> 00:14:28.600 you have. 310 00:14:28.519 --> 00:14:28.960 To do it. 311 00:14:29.399 --> 00:14:32.679 We've covered so much in this deep dive. We started 312 00:14:32.679 --> 00:14:35.240 with the basics of threat hunting, then we explored AI 313 00:14:35.360 --> 00:14:38.840 and quantum computing. It's been a fascinating journey. But before 314 00:14:38.879 --> 00:14:41.200 we wrap up, let's bring it back to our listener. 315 00:14:41.480 --> 00:14:43.399 What are some things they can do right now to 316 00:14:43.519 --> 00:14:46.360 improve their organization's threat hunting capabilities. 317 00:14:46.519 --> 00:14:49.000 That's a great question, and you don't need a huge 318 00:14:49.000 --> 00:14:51.799 budget or a team of experts to get started. The 319 00:14:51.840 --> 00:14:54.840 first step is to just assess your current security. What 320 00:14:54.919 --> 00:14:57.360 tools are you using, what data are you collecting, what 321 00:14:57.440 --> 00:14:59.679 processes do you have from monitoring your systems? 322 00:15:00.120 --> 00:15:02.679 So take inventory of your defenses, figure out where you're 323 00:15:02.759 --> 00:15:03.919 vulnerable exactly. 324 00:15:04.320 --> 00:15:07.240 Once you understand your strengths and weaknesses, you can start 325 00:15:07.279 --> 00:15:09.720 developing a threat hunting strategy, and remember you don't have 326 00:15:09.759 --> 00:15:12.159 to do everything at once. Start by focusing on the 327 00:15:12.159 --> 00:15:15.799 most common attacks, fishing and ransomware. Those are the easiest 328 00:15:15.799 --> 00:15:18.399 ways in for attackers, so they're a good place to start. 329 00:15:18.679 --> 00:15:21.519 And we talked about mitre ATT and CK. Can that 330 00:15:21.600 --> 00:15:24.480 help with understanding those attacks and developing detection rules. 331 00:15:24.759 --> 00:15:28.200 Absolutely, it's like a playbook for attackers. It shows you 332 00:15:28.240 --> 00:15:30.679 their most common moves. You can use that to build 333 00:15:30.720 --> 00:15:34.240 your defenses and hunt for those tactics in your environment. 334 00:15:35.240 --> 00:15:38.399 You've mentioned threat intelligence a few times. Where can people 335 00:15:38.480 --> 00:15:41.399 go to stay updated on the latest threats and techniques. 336 00:15:41.519 --> 00:15:44.519 There's so many great resources out there, some are free, 337 00:15:44.799 --> 00:15:49.080 some are paid. Follow security researchers and organizations on social media, 338 00:15:49.200 --> 00:15:53.159 Subscribe to blogs and newsletters, go to industry conferences and webinars. 339 00:15:53.799 --> 00:15:56.600 So knowledge is power. The more you know, the better 340 00:15:56.639 --> 00:15:57.399 you can defend. 341 00:15:57.120 --> 00:16:00.480 Yourself exactly, and don't be afraid to try to and things. 342 00:16:00.639 --> 00:16:03.360 There's no one right way to do threat hunting, so 343 00:16:03.440 --> 00:16:06.159 find what works best. For you, and if you're feeling overwhelmed, 344 00:16:06.519 --> 00:16:09.080 there are managed security service providers they can help. 345 00:16:09.279 --> 00:16:11.399 That's a good point. They can provide the expertise and 346 00:16:11.480 --> 00:16:15.159 support that many organizations need, especially in the complex world 347 00:16:15.159 --> 00:16:16.679 of multi cloud security. 348 00:16:16.840 --> 00:16:17.360 Exactly. 349 00:16:17.600 --> 00:16:20.519 They can help you navigate the challenges, implement the right tools, 350 00:16:20.960 --> 00:16:23.320 and build a thread hunting program that fits your needs. 351 00:16:23.840 --> 00:16:26.840 So, for anyone who's feeling intimidated by threat hunting, what's 352 00:16:26.879 --> 00:16:28.480 the one thing you want them to remember? 353 00:16:28.759 --> 00:16:29.600 Be proactive. 354 00:16:30.120 --> 00:16:32.559 Don't wait for the attackers to come to you, go 355 00:16:32.600 --> 00:16:36.399 out there and find them. Threat hunting is an ongoing process. 356 00:16:36.559 --> 00:16:41.720 It never stops. It's about constantly learning, adapting, staying ahead 357 00:16:41.720 --> 00:16:42.440 of the bad guys. 358 00:16:42.559 --> 00:16:44.639 That's a great way to put it. Threat hunting is 359 00:16:44.639 --> 00:16:48.080 a journey, not a destination, and it's a journey every 360 00:16:48.200 --> 00:16:50.879 organization needs to take if they want to stay safe. 361 00:16:50.960 --> 00:16:55.879 Well said, and remember you're not alone. There are resources, tools, 362 00:16:56.000 --> 00:16:58.279 experts out there to help you every step. 363 00:16:58.039 --> 00:16:58.440 Of the way. 364 00:16:58.960 --> 00:17:01.480 This has been an amazing deep dive into threat hunting 365 00:17:01.480 --> 00:17:03.480 in the cloud. Thank you so much for sharing your 366 00:17:03.519 --> 00:17:05.039 expertise with us and our listener. 367 00:17:05.119 --> 00:17:05.960 It's been my pleasure. 368 00:17:05.960 --> 00:17:08.240 Thanks for having me and to our listener, thank you 369 00:17:08.240 --> 00:17:09.880 for joining us. We hope you learned a lot and 370 00:17:09.920 --> 00:17:12.119 that you'll be able to use this information to improve 371 00:17:12.119 --> 00:17:16.640 your organization's security. Remember, stay vigilant, stay informed, and stay 372 00:17:16.640 --> 00:17:19.759 ahead of the game. This concludes your deep dive into 373 00:17:19.759 --> 00:17:22.599 threat hunting in the Cloud. We hope you enjoyed the 374 00:17:22.640 --> 00:17:23.960 episode and found it helpful.