Understanding the DevOps Threat Matrix

Episode description: In this episode of Defender for Cloud in the Field, Ariel Brukman joins Yuri Diogenes to talk about the DevOps Threat Matrix. Ariel talks about the process of creating a new threat matrix for a very complex domain such as DevOps, what it was found during the research process and how the research evolved to create this threat matrix. Ariel also talks about how to use the threat matrix to improve your DevOps defenses, and gives examples of some common attacks against DevOps environments.

  • 02:49 - The research leading to DevOps Matrix publication
  • 05:35 - Threats in the execution phase
  • 08:50 - Privilege escalation phase
  • 13:00 - Common patterns of attack
  • 13:42 - Recommendations to build better defenses

Next steps