When we hear the term “Credential Access” our detection engineer thoughts typically turn to the Windows LSASS Process and tools like Mimikatz. Recently, however, researchers have drawn our attention to Microsoft Office processes. These processes also store credential material, in the form of access tokens.

When delivering customer experiences from the cloud, defending the app includes the data it houses and the business it represents. The DevSecOps mindset, “You build it, you run it, you secure it” helps, but only when all teams are empowered with the info they need to see a threat, regardless of where it is.

During our sixth-annual user conference, Illuminate, Dave Frampton, General Manager of the security business at Sumo Logic, hosted a panel discussion with Yaron Levi, CISO of Dolby, and Tyson Martin, member of the CISO group at AWS, about the challenges and opportunities of securing modern applications. These are the key takeaways from that conversation..