Research on computer malware began in the 1970s, with a significant focus on developing countermeasures over the decades. Extensive studies and tools now cover every stage of an attack lifecycle, from reconnaissance to installation, privilege escalation, data recovery, and even post-attack cleanup. As cloud systems have risen in prominence, particularly since Amazon Web Services (AWS) launched in 2006, their security demands have grown. Ensuring secure cloud environments now involves a comprehensive framework including prevention and configuration, data collection, detection, forensics, and remediation. Each of these form a structured approach within an organization’s cybersecurity strategy. 

This dissertation primarily explores the role of semantic information in the stages of configuration and forensics, with further insights into data collection and detection. It introduces two projects: the first project develops a tool that extracts semantic information from low-level system events, enhancing security analysts’ understanding of seemingly less-informative data collected from end-user machines in large-scale organizations. The second project leverages semantic information to automate secure configurations in cloud-native environments. Both projects target large-scale systems, concentrating on the usage of semantics in different stages of security implementations.