In this episode of Defender for Cloud in the Field, Ariel Brukman joins Yuri Diogenes to talk about the DevOps Threat Matrix.
Ariel talks about the process of creating a new threat matrix for a very complex domain such as DevOps, what it was found during the research process and how the research evolved to create this threat matrix.
Ariel also talks about how to use the threat matrix to improve your DevOps defenses, and he gives examples of some common attacks against DevOps environments.
02:49 – The research leading to DevOps Matrix publication
05:35 – Threats in the execution phase
08:50 – Privilege escalation phase
13:00 – Common patterns of attack
13:42 – Recommendations to build better defenses