Current state and challenges with cloud investigations

Common issues in cloud investigations include: 

• Fragmented data across multiple cloud services and accounts makes it difficult to obtain a comprehensive view of security events. 

• Lack of comprehensive visibility into cloud resource interactions can hinder the ability to trace the full path of an attack or identify all affected assets. 

• Difficulty in correlating events across different cloud providers and across various cloud layers (e.g., infrastructure, platform, application) often leads to incomplete or inaccurate assessments of security incidents. 

Additional challenges: 

• Lack of Subject Matter Experts (SMEs) to keep up with alert volume: As cloud environments grow more complex, there's often a shortage of personnel with the necessary expertise to effectively investigate all alerts, leading to potential oversight of critical security events. 

• Skills gap:  Comes from the rapid evolution of cloud technologies, requiring specialized knowledge of cloud-native services, IAM configurations, and platform-specific logs. Investigations are often manual and time-consuming, as analysts must sift through vast amounts of telemetry and correlate events across dynamic, multi-cloud, and hybrid environments. This is further hindered by a shortage of cloud-security-focused talent, insufficient training, and the complexity of cloud-specific threats like misconfigurations and API abuse. Collaboration silos between security and cloud teams amplify these challenges, delaying effective response.