Deconstructing Control Plane Compromise Attacks

While the details vary, every major cloud breach follows the same pattern, with control plane compromise playing a central role. In the cloud, the API surface is the attack surface. Attackers use automation to find vulnerabilities to gain initial access to an environment. Once in, they’re after API keys that enable them to operate against the cloud control plane in order to discover knowledge about the environment, move laterally, and extract data without detection. In this session, Josh Stella, Chief Architect at Snyk, will deconstruct how control plane compromise attacks go down in the cloud, and how to spot the kinds of architectural design flaws that they’re exploiting. You’ll walk away from this session with an understanding of: How cloud hackers think and operate against the cloud control plane Identifying control plane compromise risk in your environment Why inherently secure cloud design looks like

Brighttalk Conference on Cyber Threats Prevention-How Hackers Compromise the Cloud Cloud Control Plane

In this session, Josh Stella, Chief Architect at Snyk, will walk through the ways control plane compromise attacks happen, and why you need to go beyond traditional cloud security posture management in order to spot the deeper design flaws in your environment that make these attacks possible. Attendees will gain an understanding of: What the cloud control plane is and why attackers need access to it How to identify control plane compromise risks in your environment Why cloud security hinges with secure design, and where to start