SANS 2023 Threat Hunting in the Cloud Solutions Forum

The cloud is considered the new frontier of technology, but it is no longer novel. The COVID-19 pandemic led companies to the cloud at a breakneck pace. Different organizations during this same period evolved from single-cloud organizations to multi-cloud organizations. The various cloud providers offer a wide variety of services that fit organizations' needs on a case-by-case basis. The multi-cloud environment introduces a new problem for Threat Hunters that have grown their skill sets within on-premise and single-cloud environments: noisy data. For every cloud environment, an organization operates, there is more threat intelligence to collect, more logs to ingest, and more threat surfaces to cover.

It is more important than ever that organizations take advantage of automation and machine learning to advance and accelerate their existing threat-hunting programs. Operating without a Security Information and Event Management (SIEM) is no longer feasible. The SIEMs that the cloud providers offer are expensive, and all organizations do not have the skill sets to build and maintain their custom solutions to address the needs covered by a SIEM.

Security practitioners widely acknowledge that threat hunting programs are an essential requirement. The problem is that the security alerts and data noise are increasing exponentially in multi-cloud environments, which prevents the establishment of a multi-cloud threat hunting program.

Getting a handle on the amounts of the data generated from threat intelligence feeds, inventory data, and log sources are critical to an effective multi-cloud threat hunting program. Join us for the 2023 Threat Hunting in the Cloud Forum and hear talks on:

• Understanding your cloud environments and services in use
• Essential cloud log sources- Normalizing and enriching data based on threat intelligence
• Automating threat hunting tasks with cloud-based solutions
• Building systematic Threat Models