Cloud Security Fundamentals for Forensics & Incident Response
Continuing our series on Cloud Forensics & Incident Response, we’ve now posted the second video in our series.
It’s titled “Cloud Security Fundamentals for Forensics & Incident Response” and you can watch it in YouTube now:
What is IaaS vs…? Hows is IR different?
What is Shared Responsibility? What happens in IR?
What is Shared Fate?
What is Identity and Access Management (IAM)?
How does it impact IR? Access, Logs, Attacker Access…
What is Virtual Private Cloud (VPC)? How can an attacker move?
What are Common Attacks in the Cloud?
- Stolen Credentials — Where do you find them?
- Phishing — Recent examples
- Poisoned Gold Image or Library
How else might you know you have a problem?
- An email from AWS…
- Weird IAM
- Sudden increase in billing
- High CPU Usage…
Is DFIR in the Cloud just logging?
What logging is in AWS? Where do you look?
What logging is in Azure? Where do you look?
What logging is in GCP? Where do you look?
- Log Explorer
- Security Command Center
What alerting do the cloud providers provide?
Why is responding to incidents in the cloud hard?
Graphic from “Cloud Security: Defense in Detail if Not in Depth” by SANS
Free 14-day trial
Receive unlimited access to the Cado Platform for 14 days.