Cloud Native Workload ATT&CK Matrix – ATT&CKcon 4.0 Day 2
ATT&CKcon 4.0 Day 2
Cloud native computing has fundamentally changed traditional security methodologies and attack surfaces. This new architectural approach combines new operational tools and services like continuous integration, container engines, and orchestrators. Some organizations struggle to identify and respond to threats they specifically face when running cloud native workloads.
Perimeter-centric security evangelizes defense-in-depth or the onion model to implement different layers of defense. Cloud native security hyper-focuses on four unique layers: Cloud, Clusters, Containers, and Code.
Today’s defenders have to look across several existing ATT&CK matrices including Linux Enterprise, Containers, Kubernetes, and IaaS to holistically evaluate and model threats or attack paths across the four distinct layers of cloud native workloads.
In conclusion, we will discuss some of the challenges facing threat modeling cloud native workloads, including showing how to leverage several different ATT&CK matrices to create a distinct Cloud Native Workload ATT&CK matrix. The creation of this matrix will help defenders take the guesswork out of identifying what tactics serve as potential threats against a cloud native workload in order to enhance their defensive baseline and detection coverage
by mitrecorp
linux foundation
