A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Approaching Parity: Considerations for adapting enterprise monitoring and incident response (IR) capabilities for efficacy in cloud environments, and how to operationalize these capabilities with a playbook. - Matt Heinze BSidesRDU 2018 (Hacking Illustrated Series InfoSec Tutorial Videos)

Approaching Parity: Considerations for adapting enterprise monitoring and incident response (IR) capabilities for efficacy in cloud environments, and how to operationalize these capabilities with a playbook.
Matt Heinze
BSidesRDU 2018

There is no denying the ubiquity of cloud computing, and for most organizations, Infrastructure as a Service (IaaS) in particular as the new norm. The model for cloud security is typically a shared responsibility between the provider and the consumer, which really means the consumer is ultimately responsible. Whether your infrastructure is completely hosted, is partly hosted, or is soon-to-be hosted in the cloud, your security posture must adapt appropriately if your monitoring and Incident response capabilities are to remain effective. Developing an accurate view of nefarious activity in cloud environments still requires the multi-layered approach it did in the enterprise; however, it must adapt to include sources such as Amazon Web Services (AWS) CloudTrail IaaS logs, VPC Flow logs, endpoint logs, and more. This data must be captured and arranged in a manner to make it actionable, requiring you to have a plan for the IR lifecycle even though you might not own the mitigation process. Approaching Parity is a talk about adapting your security posture for monitoring and IR in IaaS environments, through native capabilities, third-party products, via workaround, or any combination of the three, and then operationalizing this telemetry with the CSIRT playbook. Though this talk provides AWS IaaS examples, the topics presented are applicable to other IaaS providers too.

As an information security practitioner with 20 years of IT experience, Matt helps protect Cisco’s network and assets as a first responder on the Computer Security Incident Response Team (CSIRT). Matt shares his monitoring and incident response expertise with the InfoSec community by participating in groups such as the Defense Security Information Exchange (DSIE) and the North Carolina InfraGard. Matt’s hobbies include making his own sauerkraut and competitive rifle shooting, both activities that have absolutely nothing to do with information security.

@realmattheinze

Back to Derbycon 2018 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast