CSNF birthday-cake

What is the purpose/what are we trying to convey

Let’s demonstrate how the CSNF can be used to standardize and decorate alerts from multiple clouds to accelerate SOC decision making through automation, eliminating false positives and enabling the SOC to focus attention on what is most important in terms of risk, leading to improved security outcomes for the long haul

Assuming an adversary is able to access a Cloud account, how would we prevent them from moving laterally in the cloud and pivoting and attempting to access more high value assets?

What you will see in this demonstration is one way that the CSNF canonical model and decorator can be implemented to address the key challenge creating a scalable and unified alerting pipeline that can be used to send alerts from any cloud source to the SOC.

Once the SOC receives the alert they will need to use automation to determine how to respond to the alert. That’s where the CSNF decorator comes in.

Finally we need to be ready to take action according to our playbook. What will we do to protect the organization?