Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Learn how to revolutionize cloud detection engineering by constructing empirical knowledge layers through autonomous attack simulation in this 25-minute conference talk. Discover Cloudots, a research system that addresses the challenges of poor telemetry documentation and static log-to-MITRE mappings by deploying AI agents to simulate real adversarial scenarios across AWS, Azure, and GCP environments. Explore how these autonomous agents break down high-level objectives like data exfiltration and IAM persistence abuse into detailed API call graphs through goal-oriented planning and domain-specific introspection. Understand the system's approach to executing simulations in sandbox cloud accounts using actual APIs to gather comprehensive telemetry, timing behavior, and resource transitions. Examine how the resulting structured, queryable knowledgebase maps specific log entries from CloudTrail, VPC Flow Logs, and GCP Audit Logs to MITRE tactics and techniques with contextual information on signal fidelity, timing, and trigger conditions. Learn about the natural language chat interface built on top of this knowledgebase that enables analysts to ask cloud security questions and receive relevant, evidence-backed responses. Gain insights into architecture lessons, failure modes, cross-platform signal analysis, and practical applications including coverage validation and detection prioritization, while exploring how AI can be leveraged to empower cloud defenders in an era where attackers are increasingly using these technologies to their advantage.
