top of page

Gem Security Sponsors SANS Webinar on Lessons from a Real-World Multi-Cloud Attack

Educational Webinar Describes the Anatomy of a Sophisticated Cloud Attack, Plus Best Practices for Rapidly Detecting and Responding to Similar Attacks

NEW YORK, Nov. 14, 2023 -- Gem Security, the cloud detection and response (CDR) company, today announced that it is sponsoring a live SANS webinar to help security operations and incident response teams understand how to rapidly detect, investigate, and contain multi-cloud attacks

The webinar will describe a real-world example of how adversaries target multi-cloud infrastructures to disrupt operations, exfiltrate sensitive data, and steal funds. To accomplish this while evading detection, they often adapt traditional Living-off-the-Land (LOTL) tactics to the specific API-driven characteristics of the cloud.

How? Instead of leveraging native Windows tools like PowerShell and WMI to escalate privileges and move laterally across corporate networks, they're now compromising native cloud platforms (AWS, Azure, GCP) and identity provider platforms (Okta, Azure AD, Google Workspace) to gain admin privileges and move laterally from one cloud environment to another.

Most cloud platforms do not natively detect these types of activities. This approach also enables attackers to reuse the same playbooks over and over, across different organizations, because most organizations using the same cloud providers have similarly managed architectures.

In this educational webinar, we'll:

  • Dissect a real-world Living-Off-The-Cloud (LOTC) attack that traversed multiple cloud provider platforms and enabled the attackers to disrupt and demand a ransom payment from the victim organization.

  • Discuss how the attack could have been detected, investigated, and contained at each phase of the kill chain.

  • Provide practical and actionable lessons to strengthen cloud detection and response capabilities including making sure you're collecting the right logs across the entire cloud attack surface including control, identity, compute, data, networking, and serverless.

WHAT: SANS webinar featuring Yotam Meitar and Phil Neray.

WHEN: November 15, 2023, at 3:30 PM EDT

REGISTER: SANS website (you must create a free account to register – register even if you can't attend and SANS will send you a link to the recording after the event)

About the Presenter

Yotam Meitar is the Director of Cloud Incident Response at Gem Security.

With 10 years of experience in cyber security, he previously worked at Sygnia, a global cyber consulting and incident response services company with world-class expertise in forensic investigations, Red and Purple Teaming, vulnerability research, and offensive tool development. As Sygnia's Director of Incident Response, he worked on some of the most sophisticated cloud attacks in the world. Prior to Sygnia, Yotam was a Cyber Analyst with Unit 8200 of the IDF.

About Gem Security Recognized by Gartner as a Cool Vendor™ for the Modern Security Operations Center, Gem's agentless Cloud Detection & Response (CDR) platform significantly shortens the time to detect, investigate, and contain multi-stage cloud attacks across your entire cloud estate (AWS, Azure, GCP) and identity providers (Okta, Azure AD, Google Workspace).

Founded by SecOps experts with years of experience performing incident response for some of the most sophisticated cloud attacks in the world, Gem is funded by GGV Capital, Silicon Valley CISO Investments (SVCI), and Team8, with strategic investments by Cisco Investments and IBM Ventures. For more information, visit


bottom of page