Cloud infrastructure today is complex. It’s the relationship between hosts, containers, managed cloud services, and of course cloud resources like blob storage, users and roles, and the cloud control plane. To effectively secure cloud infrastructure it’s critical to correlate information from a variety of sources. In particular, information about the state of resources, coupled with detection of suspicious and anomalous activity within those resources.

In this workshop, you will wear the hat of an engineer investigating an actual cloud-native attack against a real AWS environment. The attack will make use of techniques leveraged by attackers in the real world. After familiarizing yourself with the infrastructure - that you’ll have a chance to experiment with - you will identify, investigate, assess the full extent, and actively remediate the attack, leveraging Datadog CSPM and CWS to capture the entire attacker lifecycle. You will also experience how valuable observability is when investigating security incidents!