Anthony Randazzo

Anthony Randazzo leads the detection engineering function at Datadog on their cloud security platform. He has nearly 20 years of experience in security operations roles across SecOps management, detection engineering, incident response, and threat intelligence. He’s been particularly focused on cloud-native threat management across these newer attack surfaces the past 6 years.


What is your LinkedIn?:

https://www.linkedin.com/in/amrandazz/

What is your X (Twitter)?:

https://x.com/amrandazz


Session

06-30
16:40
20min
Patience brings prey: lessons learned from a year of threat hunting in the cloud
Greg Foss, Anthony Randazzo

Although AWS has been around for over 15 years, cloud threat hunting remains a relatively nascent discipline. While opportunistic threats like cryptocurrency mining are well-known, large-scale, cascading attacks targeting cloud-native infrastructure are less frequently discussed.

Over the past 18 months, we’ve significantly expanded our cloud threat hunting operations using vendor-agnostic strategies to better understand these emerging threats. This talk will outline our unique approach, which combines hypothesis-driven investigations, TTP-based hunts, and anomaly detection to proactively uncover threats at scale. We’ll also highlight our experiments with broader, cross-functional hunt operations that extend beyond our core team.

Attendees will gain insights from our large-scale cloud attack surface analysis and walk away with a deeper understanding of the evolving cloud-native threat landscape.

Surveying the wilderness: attacks and vulnerabilities, defensive practices
Track 1 - Crystal