[Note:  These are AI generated notes.  They can be wildly inaccurate, sometimes in hilarious ways.  I keep in the way AI generated it just to keep it interesting.  Plus, I'm lazy]

Meeting Summary for Cloud Security Office Hours Weekly

Aug 09, 2024 06:41 AM Pacific Time (US and Canada) ID: 943 8269 2964

Quick recap

The team discussed recent vulnerabilities in AWS, the need for improved security policies, and strategies to limit cloud storage sprawl. They also explored the challenges and evolving strategies in cloud detection and response, the potential use of automated forensics, and the integration of AI into infrastructure. Lastly, they delved into the recent issues with Boeing, the potential of low code/no code automation platforms, and shared personal experiences and plans.

Next steps

Neil to share more details about the 20% of AI security threats that aren't related to traditional vulnerabilities and sensitive data.

Steve to explore further with Neil about the 20% of AI security threats that aren't vulnerability-intensive data.

Mario to create a rough outline for a future presentation on AI security and anonymization techniques.

Mario to send his LinkedIn and email to the group for follow-up on AI security topics.

Shawn to coordinate with Mario for a future presentation on AI security and anonymization.

Matt to share more details about his company's AI Slack bot implementation with the group.

Summary

Recent Activities and New Members Discussed

Chris, Shawn, Neil, David, and others gathered, discussing their recent activities and introducing new members. Shawn asked if anyone attended Black Hat, and Neil mentioned Patrick Maddox and Carley's attendance. Chris brought up a LinkedIn profile thread about critical AWS vulnerabilities, which Neil admitted he hadn't seen yet. New members Brian, Walid, and Stacy introduced themselves, sharing their backgrounds and interests in the group. Lastly, Chris mentioned his upcoming trip to Singapore.

AWS Vulnerabilities and Bucket Security

Chris, Neil, Ross, and Shawn discussed the recent vulnerabilities found in AWS. Neil explained that the vulnerabilities, discovered by Aqua, could make it easier for attackers to access S3 buckets, which could lead to sensitive data being exposed. The team agreed that bucket names should be unique and not easily discoverable to prevent unauthorized access. They also discussed the need for a policy to ensure developers write their code correctly and the potential benefits of making bucket names a variable.

AWS S3 Bucket Naming and Repository Branches

Jay, Neil, Chris, and Justin discussed the issue of unique names causing unintended charges on AWS S3 buckets, referencing a previous incident where a naming conflict resulted in a $1,300 charge. The group also debated the necessity and management of branches within a repository, with Neil emphasizing the potential for human error and the need for automation and security policy enforcement. The team agreed on the importance of preventing developer errors and the need for an improvement process before any changes are implemented.

Advanced Malware, Attackers, and Cybersecurity Approaches

Neil disagreed with Kyle's concerns about the prevalence of advanced malware, stating it is rare and fragile. Jay discussed attackers targeting weaknesses. Josef shared an anecdote contrasting theoretical and practical cybersecurity approaches. The discussion also touched on malware detection techniques and the open nature of their conversations.

Addressing Cloud Storage Sprawl and Security

Carley initiated a discussion about strategies to limit Cloud storage sprawl in their organization. The team shared their experiences and concerns, with David suggesting that enterprise architecture forums could help control unauthorized applications. Carley highlighted the issue of third-party collaboration tools, like Box.com, leading to unmanaged storage and potential vulnerabilities. In response, Ross proposed considering data classifications to prevent unauthorized sharing, which Carley agreed was a step towards better oversight.

Cloud Detection and Response Strategies

frederick, a cloud detection engineer, discussed the challenges and evolving strategies in cloud detection and response. He highlighted the shift in focus from traditional prevention methods to detecting and responding to incidents in modern, cloud-native environments. Shawn and Neil further emphasized the complexity of cloud environments and the need for proactive planning and understanding of available logging and telemetry. They stressed the importance of being prepared for incidents before they occur, as responding after the fact can lead to a lack of useful data.

Automated Forensics and Extreme Security

Kyle proposed the use of automated forensics, specifically Crowdstrike, to help solve security problems. Neil responded that while such tools could be useful, they would not solve the problem entirely and would require significant resources. He mentioned a startup launched by Neil's former CEO that uses AI to correlate data and identify incidents. frederick suggested focusing on extreme security observability and forensics through logs, considering the shift towards cloud-native tooling. Neil emphasized the importance of building detection and response capabilities, as vulnerabilities will always exist.

AI Speaker Slots and Security Concerns

Shawn invited anyone interested in speaking to come forward and offer a slot for the upcoming weeks. Neil then shared about the Orca's research team's new AI tool for training and research purposes, which he offered to arrange for Shear and Ophir to speak about in the future. Matt discussed the potential security risks of integrating AI into infrastructure, highlighting the need for careful data management. The team also engaged in a discussion about the potential misuse of AI for resume evaluation.

Boeing Issues, Space Exploration, and Job Openings

The team discussed the recent issues with Boeing, particularly their failed attempt to join the space race with Spacex and Blue Origin. They also delved into the challenges and advantages of private versus government-funded space exploration, referencing books like "How to Astronaut" and "The Cognitive Style of PowerPoint." Additionally, Neil announced a new job opening, while Chris speculated about his own qualifications. The team also shared their personal plans and discussed the weather and a potential weekend Ducati outing.

Weather Experiences and Tradeout I/O

The team discussed weather conditions in their respective locations and shared personal experiences. The conversation then shifted to work-related matters, with Matt introducing a low code/no code automation platform called Tradeout I/O, which anonymizes data before passing it to other models. Mario expressed interest in discussing his work and suggested creating a rough agenda for a future meeting. Matt emphasized the importance of data security and the need for accountability when using such platforms.