Continuing our series on Cloud Forensics & Incident Response, we’ve now posted the second video in our series.
It’s titled “Cloud Security Fundamentals for Forensics & Incident Response” and you can watch it in YouTube now:
We’ve built a platform to perform incident response and forensics in AWS/Azure/GCP — you can grab a free trial here. You can also download a free playbook we’ve written on how to respond to security incidents in AWS.
What is IaaS vs…? Hows is IR different?
What is Shared Responsibility? What happens in IR?
What is Shared Fate?
What is Identity and Access Management (IAM)?
How does it impact IR? Access, Logs, Attacker Access…
What is Virtual Private Cloud (VPC)? How can an attacker move?
What are Common Attacks in the Cloud?
- Stolen Credentials — Where do you find them?
- Phishing — Recent examples
- Poisoned Gold Image or Library
How else might you know you have a problem?
- An email from AWS…
- Weird IAM
- Sudden increase in billing
- High CPU Usage…
Is DFIR in the Cloud just logging?
What logging is in AWS? Where do you look?
What logging is in Azure? Where do you look?
What logging is in GCP? Where do you look?
- Log Explorer
- Security Command Center
What alerting do the cloud providers provide?
Why is responding to incidents in the cloud hard?
Graphic from “Cloud Security: Defense in Detail if Not in Depth” by SANS