LF Live Webinar: Deconstructing Control Plane Compromise Attacks HD

Sponsored by Fugue, a part of Snyk It’s widely understood that cloud misconfigurations are the primary cloud vulnerability, but unless you broaden your definition of cloud misconfiguration to include architectural design flaws that attackers can exploit, chances are you’re overlooking them in your environment. While the details vary, every major cloud breach follows the same pattern, with control plane compromise playing a central role. In the cloud, the API surface is the attack surface. Attackers use automation to find vulnerabilities to gain initial access to an environment. Once in, they’re after API keys that enable them to operate against the cloud control plane in order to discover knowledge about the environment, move laterally, and extract data without detection. In this session, Josh Stella, Chief Architect at Snyk, will deconstruct how control plane compromise attacks go down in the cloud, and how to spot the kinds of architectural design flaws that they’re exploiting. You’ll walk away from this session with an understanding of: - How cloud hackers think and operate against the cloud control plane - Identifying control plane compromise risk in your environment - Why inherently secure cloud design looks like