Abuse Operations is detection of and response to unwanted activity when everything is working "as designed". Classical security is interested in prevention, governance, and compliance, while abuse operations look at the wider picture of misuse, abuse, malice and crime. At any moment in time, multiple actors are bypassing detection and response systems masquerading as customers in order to take unfair advantage of your systems and services. Different from the full compromise scenarios we know and love, abuse is a slow simmering burn, where our customers can become a problem, and worse, your problem.
We will present how the Abuse Operations team uses collections of indicators to identify and track adversaries on one of the largest pure-play, remote-code-execution-as-as service platforms on the Internet: Heroku. We can detect when they change tactics, we can spot the number of people involved, and we can misdirect them to the point that they become even easier to track!
During our Black Hat webcast, we discussed the desire for a wider conversation about abuse across the Internet. We're interested to share more and learn from others that have similar challenges. Please join us on October 1st to have this conversation.