Cloud Detection and Resposne (CDR) is an evolving approach to proactively defending cloud infrastructure against cyber-attacks. Efficient CDR strategies are challenging for several reasons, including cloud complexities, insufficient expertise, and cloud misconfiguration. These challenges often lead to blindspots; some cloud attacks are undetected, leading to successful compromises. Furthermore, the ephemerality of cloud resources requires continuous assessment, validation, and configuration of CDR to align with the evolving threat landscape.

Security Chaos Engineering (SCE) addresses these challenges by empirically evaluating security controls to gain evidence about effectiveness via quick feedback loops. This talk provides practical steps based on a hybrid CDR system consisting of AWS GuardDuty, AWS Detective, and Datadog Cloud SIEM. The talk demonstrates how CDR systems can miss malicious attack patterns including those defined in the MITRE ATT&CK library.