Kennedy Torkura
Co-Founder/CTO, Mitigant
Berlin, Germany
Actions
Kennedy is the CTO/Co-Founder at Mitigant, an innovative cloud security startup based in Germany. Kennedy has spent over 12 years in cybersecurity and passionately explores the intersection of security chaos engineering, cyber resilience, incident response, and risk analysis for cloud security. Kennedy has published over 20 academic papers about several cloud security domains and contributed to the first O'Reilly book on Security Chaos Engineering. He is also a fifth-time member of the AWS Community Builder Program. He has spoken at several international conferences, including InfoQ DevSummit, AWS Community Day DACH, KubeCon (Cloud Native Security Day), NDC {Security}, ChaosCarnival, and BSides Berlin.
Links
Area of Expertise
Topics
Optimizing Cloud Detection & Response With Security Chaos Engineering
Cloud Detection and Resposne (CDR) is an evolving approach to proactively defending cloud infrastructure against cyber-attacks. CDR takes a lot of approaches from traditional Threat Detection and Incident Response (TDIR) and applies these approaches to cloud-native infrastructure. This approach allows for optimized strategies specifically designed to fit the cloud-native threat landscape, given the limitations of traditional TDIR in cloud-native infrastructure.
CDR strategies combine cloud threat detection and incident response by employing several techniques, including active monitoring, log analytics, threat intelligence, incident response, forensic analysis, and threat analysis. This is advantageous since security teams are enabled to be agile and more productive; hence CDRs are rapidly becoming essential tools for security teams focused on protecting cloud-native infrastructure, including detection engineers, cloud security engineers, cloud incident responders, and SOC teams.
However, enabling efficient CDR strategies is challenging for several reasons, including cloud complexities, insufficient expertise, and cloud misconfiguration. These challenges often lead to blindspots; some cloud attacks are not detected, leading to successful compromises. Furthermore, the ephemerality of cloud resources requires continuous assessment, validation, and configuration of CDR to align with the evolving threat landscape. This level of security validation is challenging for most teams, and there are hardly solutions that can be easily leveraged.
Security Chaos Engineering (SCE) is an evolving approach to cyber security that employs empirical evaluation of security controls to proactively gain evidence about their effectiveness via quick feedback loops. These feedback loops, a core of system thinking, allow for quick analysis and adaption of security systems to stay ahead of cyber attacks. SCE is aligned with cloud-native infrastructure, given its roots are chaos engineering, a discipline Netflix formulated as part of its digital transformation process over a decade ago. Consequently, SCE empowers cloud security teams to quickly and continuously evaluate CDR efficiently in a variety of ways.
This talk provides practical steps and examples based on a hybrid CDR system consisting of AWS GuardDuty, AWS Detective, and Datadog Cloud SIEM. Security chaos engineering experiments are conducted using the Mitigant Cloud Immunity platform, which is the first of its kind. Using the examples, we are able to demonstrate how CDR systems can miss malicious patterns, including those defined in the MITRE ATT&CK library. The talk provides recommendations on how to remediate these blindspots to enhance CDR systems' efficiency.
Bringing the Cyber Resilience Revolution to the Cloud With Security Chaos Engineering
Thwarting cyber attacks in the current rapidly evolving threat landscape requires cyber resilience strategies. However, cyber resilience is hugely conceptual and theoretical; the industry is far behind in demonstrating cyber resilience capabilities. These capabilities have the potential to frustrate, degrade, and ultimately stop attacks while ensuring minimum impact on business operations. Enabling cyber resilience is even more critical in cloud-native infrastructure; however, there are several bottlenecks that hinder adoption, including the role of cloud service providers and the need to adopt an engineering-focused approach. In this talk, I will discuss these bottlenecks, provide practical approaches, and highlight how security chaos engineering allows enterprises to overcome these challenges.
Security Chaos Engineering for Fun & Profit
The dynamic nature of cloud-native infrastructure requires continuous security mechanisms to effectively tackle security threats. However, cloud native infrastructure is complex and still emerging hence the security threats are barely understood resulting in successful attacks due to unknown attack patterns and behavior. In this talk, the innovative notion of Security Chaos Engineering (SCE) is introduced as a viable approach for enabling proactive cloud native security mechanisms for cloud native infrastructure. Essentially, SCE applies chaos engineering principles to cyber security such that defended environments are not just secure but also resilient to cyber-attacks. A major benefit is the derivation and use of instant empirical feedback loops that aid in verifying security mechanisms (e.g. tools) and expected properties (confidentiality, integrity and availability). Through the injection of controlled security faults (crafted as security hypotheses), deployed security mechanisms are properly analyzed, security blind spots are identified and remediated, thereby resulting in increased security and resiliency
Enabling Cloud Cyber-Resiliency With Security Chaos Engineering
Cyber-attacks against cloud infrastructure are increasing in frequency and sophistication. Cloud security mechanisms are overwhelmed with the rapid pace of technological developments and unfolding complexity of modern architectures, e.g. cloud-native infrastructure. On the flip side, cyber-criminals are taking advantage of these developments to launch successful cloud attacks. Accordingly, overcoming modern attacks requires implementing cyber-resilient techniques, i.e. the ability to resist attacks. Security Chaos Engineering (SCE) has emerged as an approach that allows the application of chaos engineering principles to cyber security. This allows for the proactive detection and mitigation of security blind spots before they are identified and exploited.
Defeating Ransomware Attacks With Security Chaos Engineering
Due to the rapid increase of ransomware attacks in the last years, 2021 was tagged the “Golden Era of Ransomware”. Most ransomware countermeasures recommend use of backups and runbooks. However, these techniques are seldom verified to ascertain the level of technical efficiency they provide. Furthermore, the human operators who use apply these ransomware countermeasures are rarely afforded the opportunity to understand how to react to ransomware attacks. A more effective way is by leveraging security chaos engineering to overcome the aforementioned shortcomings. By conducting planned experiments, ransomware countermeasures can be crafted as a hypothesis and proven. This approach enables security incident response teams to gain confidence in their technical and organizational skills as well as practice how to operate the ransomware countermeasures.
Kennedy Torkura
Co-Founder/CTO, Mitigant
Berlin, Germany
Links
Actions
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top