Although AWS has been around for over 15 years, cloud threat hunting remains a relatively nascent discipline. While opportunistic threats like cryptocurrency mining are well-known, large-scale, cascading attacks targeting cloud-native infrastructure are less frequently discussed.

Over the past 18 months, we’ve significantly expanded our cloud threat hunting operations using vendor-agnostic strategies to better understand these emerging threats. This talk will outline our unique approach, which combines hypothesis-driven investigations, TTP-based hunts, and anomaly detection to proactively uncover threats at scale. We’ll also highlight our experiments with broader, cross-functional hunt operations that extend beyond our core team.

Attendees will gain insights from our large-scale cloud attack surface analysis and walk away with a deeper understanding of the evolving cloud-native threat landscape.