Threat hunting in the cloud

Back to the list of Speakers and Sessions

There are limited built-in capabilities for detecting attacks and post-exploitation of cloud services. This talk will cover methods of identifying threat actors via cloud and endpoint signals.

An endpoint security strategy can incorporate many layers of technology and security controls. Solution components such as Endpoint protection platform (EPP), Endpoint detection and response (EDR), Application whitelisting and more are utilized to provide protection and response to specific threats that affect endpoints. When dealing with endpoints that reside in cloud infrastructure new risks are introduced that cannot be adequately monitored with traditional endpoint solutions alone.

This presentation will go over general best practices for securing a cloud environment (AWS/Azure) including the use of EDR on instances as well as methods that can be employed to conduct threat hunting exercises against collected data. We will also discuss what additional investigative details and context can be gained through correlation of endpoint and cloud events.


Jacob Grant Security Strategist, eSentire

Jacob is a Security Strategist at eSentire, a Cambridge, Ontario based Managed Detection and Response services company.

Jacob has worked within the MDR space for over 8 years in various roles from SOC Analyst, Operations, and Professional Services. Mainly focused on security as it relates to networking, cloud services, and automation.

Kurtis Armour Senior Security Strategist, eSentire

We help architect and deploy solutions to prevent, detect and respond to security incidents. I work on the Field CTO Team at eSentire Inc.