Software Engineering Institute

This presentation was given at FloCon 2023, an annual conference that focuses on applying any and all collected data to defend enterprise networks.

Cloud computing has enabled development teams to rapidly develop, deploy, and iterate business-critical applications utilizing dynamic cloud infrastructure and services. This high velocity and dynamism have made it hard for security teams to monitor and protect workloads in the cloud without impeding the agility of development teams. In this talk, we explore how network data can be utilized to provide visibility and ultimately secure cloud workloads. We will discuss practical deployment approaches and scenarios for gathering and utilizing network data in cloud environments. We also will show concrete examples of how data plane visibility gained from network data can materially improve the visibility, detection, and response capabilities of security teams responsible for cloud workloads.

Attendees Will Learn:

• Data plane visibility is often overlooked, yet it provides the behavior context for different workloads. As CSP management plane security levels up and stops being the weakest link, attackers are expected to incorporate more data plane attack techniques that are invisible to CSP management plane logs/tools.
• Network data is the single biggest ONE STEP jump to situational awareness from near-total unawareness in the data plane.
• Flow logs have broad coverage, and are easier to start, but offer lower fidelity data. But full packets are more expensive to acquire and utilize but offer the ultimate data fidelity, which can power more sophisticated detection and analytics.