SlideShare a Scribd company logo

Cloud Breach – Preparation and Response

Priyanka Aash
Priyanka Aash

Your next breach or insider attack will most likely have you digging for evidence in the cloud. Are you prepared? The old styles of imaging disks and tapping networks won't work! It won’t scale! This session will discuss response scenarios for cloud-enabled and cloud-dependent enterprises, a model for preparing for cloud response, and will show examples of cloud breach investigations. (Source: RSA USA 2016-San Francisco)

Technology
1 of 36
Download to read offline
SESSION ID: #RSAC Monzy Merza Cloud Incident Response CSV-F01 Director of Cyber Research Chief Security Evangelist Splunk, Inc @monzymerza #splunk 1
#RSAC Agenda Cloud dependency and use Challenges and opportunities in the cloud A model for cloud IR Capabilities required for cloud IR IR scenarios Takeaways and call to action
#RSAC What if… ● Visibility was reduced ● Sensors disappeared ● Authorization was transferrable ● Trust exploitation became vector #1
#RSAC What if… ● Visibility was reduced ● Sensors disappeared ● Authorization was transferrable ● Trust exploitation became vector #1 That world is now!
#RSAC Cloud Service are Mission Critical ● Business Applications: ● Sharing and Collaboration: ● Storage Applications: ● Infrastructure Platforms:
#RSAC Framework for Cloud IR
#RSAC NIST 800-61r2
#RSAC Cloud: A Behavioral Model Identity Interactions Resources
#RSAC Challenges to IP Stewardship User Autonomy Technical flexibility Users create/modify/move/s hare data in<-> out and across services Ubiquitous access - geo and device diversity Encrypted Communication
#RSAC Identities Human Machine 10
#RSAC Examples of Interactions Create an account Start a machine instance Share a resource Synchronize files Manage a process Approve a transaction
#RSAC Examples of Resources File sharing services Transaction services Customer relations management (CRM) Compute services Applications services
#RSAC Why Do These Challenges Exist? Local Users and Cloud Services Local Users and Local Services Remote Users and Cloud Services Remote Users and Local Services
#RSAC Cloud IR: A Simple Model Identity Used Resources Accessed by Identity Interactions with resource
#RSAC Applying the Simple Model
#RSAC Cloud Opportunities APIs for operation and management Centralized authentication and management Near real-time impact of changes Logging capabilities
#RSAC Preparing: Resources Accessed Identify the cloud resources Web logs Next generation firewall application logs Determine the methods of collection Log files API calls Requirements for automation Configuration changes Special API keys, licenses
#RSAC Preparing: Identity Used Log User Access On-prem resources Cloud resources Enrich User Information Current CMDB for Users HR Business Applications Integrate Management Configuration and rollback Notification
#RSAC Preparing: Interactions w/ Resources Log User Activity Applications Infrastructure Log API Activity Cloud services On-prem services Integrate host acquisition Memory Disk
#RSAC Preparing: Additional Considerations Storage Logs Disk/Memory Special Access Elasticity API licenses Analytics tools Data Analysis Sharing and Collaboration
#RSAC Preparing for Cloud IR Collect streaming events - log data, API results Collect batch data - log data, disk, memory images Execute ad hoc collection via APIs - automated or human mediated Search and investigate the collections Enrich data with third party information - asset/identity, HR, threat intel Automate collection/analysis/sharing tasks
#RSAC Operationalizing the model
#RSAC Capabilities needed for Cloud Incident Response Logs: Infrastructure, Instance, Service Memory Forensics Disk Forensics Versioning, Snapshots APIs for Configuration Changes APIs for Status Gathering
#RSAC Operational Considerations for Collection Logs Streaming or batched Structured or unstructured Binary data Memory dumps are unstructured Disk forensics require storage Analytics Out of the box vs Custom Collaboration requires integration Automation Test and Rollback Human mediation
#RSAC Cloud IR: Tools Selection Criteria Hybrid Cloud + Onprem Automation/API friendly Collaboration and sharing ready
#RSAC Attack and IR Scenarios
#RSAC Linkin' Joe: Insider File Sharing Joe creates a shared link on a cloud storage folder and emails it to an accomplice. Over the course of a month, Joe posts company proprietary data to the folder. And over the course of the month, Joe's accomplice makes copies of the data.
#RSAC IR: Linkin’ Joe Identity • Log data: cloud storage, on-prem auth • Enrich with: DLP or watch listed files, HR watch list, local file access Resources • Search for unauthenticated access to a folder Interactions • Search for large number of files moving to a specific folder • Make a list of file names uploaded/downloaded to folder
#RSAC Pickpocket: Compromised Cloud Keys Stolen cloud infrastructure keys are used to instantiate new instances and access existing instances
#RSAC IR: Pickpocket Identity • Identify the keys that were stolen • Enrich log data: threat intel, IP, domains, file names, service names Resources • Log data: cloud infrastructure, cloud instance, threat intel • Host data: memory dump, cloud instance snapshot • Search other cloud instances for discovered indicators Interactions • Search log data for: use of keys, number of instances, durations of sessions • Search memory: installed services, open ports, files names Contain • API: Disable keys • API: Modify security zones for instances spawned by infected key use
#RSAC N’synch - synch folder propagator Malware propagates by copying itself to auto synch folders for cloud storage service
#RSAC N’synch IR Identity •Identify owner of infected file Resources •Cloud storage, email •Search storage logs for file operations Interactions •Search host logs for reg keys, services, files, sockets Contain •API: remove propagating file •API: change permissions on infected folders
#RSAC Takeaways and Call to Action
#RSAC Call to Action for Cloud IR Demand APIs from Security Vendors Collect Data from Anywhere Search Based on New Criteria Enrich from internal, external sources on demand Automation, Workflows, Sharing
#RSAC Cloud IR: A Simple Model Identity Used Resources Accessed by Identity Interactions with resource
#RSAC Thank You @monzymerza mmerza@splunk.com monzymerza@gmail.com #splunk

Recommended

Take It to the Cloud: The Evolution of Security Architecture
Take It to the Cloud: The Evolution of Security ArchitectureTake It to the Cloud: The Evolution of Security Architecture
Take It to the Cloud: The Evolution of Security ArchitecturePriyanka Aash
 
Designing Virtual Network Security Architectures
Designing Virtual Network Security ArchitecturesDesigning Virtual Network Security Architectures
Designing Virtual Network Security ArchitecturesPriyanka Aash
 
Aspirin as a Service: Using the Cloud to Cure Security Headaches
Aspirin as a Service: Using the Cloud to Cure Security HeadachesAspirin as a Service: Using the Cloud to Cure Security Headaches
Aspirin as a Service: Using the Cloud to Cure Security HeadachesPriyanka Aash
 
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & RecoveryCLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & RecoveryPriyanka Aash
 
Security Program Development for the Hipster Company
Security Program Development for the Hipster CompanySecurity Program Development for the Hipster Company
Security Program Development for the Hipster CompanyPriyanka Aash
 
Crypto 101: Encryption, Codebreaking, SSL and Bitcoin
Crypto 101: Encryption, Codebreaking, SSL and BitcoinCrypto 101: Encryption, Codebreaking, SSL and Bitcoin
Crypto 101: Encryption, Codebreaking, SSL and BitcoinPriyanka Aash
 
Smart Megalopolises. How Safe and Reliable Is Your Data?
Smart Megalopolises. How Safe and Reliable Is Your Data?Smart Megalopolises. How Safe and Reliable Is Your Data?
Smart Megalopolises. How Safe and Reliable Is Your Data?Priyanka Aash
 
Identity-Based Security and Privacy for the Internet of Things
Identity-Based Security and Privacy for the Internet of ThingsIdentity-Based Security and Privacy for the Internet of Things
Identity-Based Security and Privacy for the Internet of ThingsPriyanka Aash
 

Recommended

Take It to the Cloud: The Evolution of Security Architecture
Take It to the Cloud: The Evolution of Security ArchitectureTake It to the Cloud: The Evolution of Security Architecture
Take It to the Cloud: The Evolution of Security ArchitecturePriyanka Aash
 
Designing Virtual Network Security Architectures
Designing Virtual Network Security ArchitecturesDesigning Virtual Network Security Architectures
Designing Virtual Network Security ArchitecturesPriyanka Aash
 
Aspirin as a Service: Using the Cloud to Cure Security Headaches
Aspirin as a Service: Using the Cloud to Cure Security HeadachesAspirin as a Service: Using the Cloud to Cure Security Headaches
Aspirin as a Service: Using the Cloud to Cure Security HeadachesPriyanka Aash
 
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & RecoveryCLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & RecoveryPriyanka Aash
 
Security Program Development for the Hipster Company
Security Program Development for the Hipster CompanySecurity Program Development for the Hipster Company
Security Program Development for the Hipster CompanyPriyanka Aash
 
Crypto 101: Encryption, Codebreaking, SSL and Bitcoin
Crypto 101: Encryption, Codebreaking, SSL and BitcoinCrypto 101: Encryption, Codebreaking, SSL and Bitcoin
Crypto 101: Encryption, Codebreaking, SSL and BitcoinPriyanka Aash
 
Smart Megalopolises. How Safe and Reliable Is Your Data?
Smart Megalopolises. How Safe and Reliable Is Your Data?Smart Megalopolises. How Safe and Reliable Is Your Data?
Smart Megalopolises. How Safe and Reliable Is Your Data?Priyanka Aash
 
Identity-Based Security and Privacy for the Internet of Things
Identity-Based Security and Privacy for the Internet of ThingsIdentity-Based Security and Privacy for the Internet of Things
Identity-Based Security and Privacy for the Internet of ThingsPriyanka Aash
 
Stop Translating, Start Defending: Common Language for Managing Cyber-Risk
Stop Translating, Start Defending: Common Language for Managing Cyber-RiskStop Translating, Start Defending: Common Language for Managing Cyber-Risk
Stop Translating, Start Defending: Common Language for Managing Cyber-RiskPriyanka Aash
 
Attacks on Critical Infrastructure: Insights from the “Big Board”
Attacks on Critical Infrastructure: Insights from the “Big Board”Attacks on Critical Infrastructure: Insights from the “Big Board”
Attacks on Critical Infrastructure: Insights from the “Big Board”Priyanka Aash
 
DON'T Use Two-Factor Authentication...Unless You Need It!
DON'T Use Two-Factor Authentication...Unless You Need It!DON'T Use Two-Factor Authentication...Unless You Need It!
DON'T Use Two-Factor Authentication...Unless You Need It!Priyanka Aash
 
SDN and Security: A Marriage Made in Heaven. Or Not.
SDN and Security: A Marriage Made in Heaven. Or Not.SDN and Security: A Marriage Made in Heaven. Or Not.
SDN and Security: A Marriage Made in Heaven. Or Not.Priyanka Aash
 
How Google Protects Its Corporate Security Perimeter without Firewalls
How Google Protects Its Corporate Security Perimeter without FirewallsHow Google Protects Its Corporate Security Perimeter without Firewalls
How Google Protects Its Corporate Security Perimeter without FirewallsPriyanka Aash
 
A New Security Paradigm for IoT (Internet of Threats)
A New Security Paradigm for IoT (Internet of Threats)A New Security Paradigm for IoT (Internet of Threats)
A New Security Paradigm for IoT (Internet of Threats)Priyanka Aash
 
How to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network SecurityHow to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network SecurityCryptzone
 
Rise of the Hacking Machines
Rise of the Hacking MachinesRise of the Hacking Machines
Rise of the Hacking MachinesPriyanka Aash
 
Pulling our-socs-up
Pulling our-socs-upPulling our-socs-up
Pulling our-socs-upPriyanka Aash
 
Cryptzone AppGate Technical Architecture
Cryptzone AppGate Technical ArchitectureCryptzone AppGate Technical Architecture
Cryptzone AppGate Technical ArchitectureCryptzone
 
Operational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentOperational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentCryptzone
 
CSA SV Threat detection and prediction
CSA SV Threat detection and predictionCSA SV Threat detection and prediction
CSA SV Threat detection and predictionVishwas Manral
 
The Software-Defined Perimeter: Securing Network Access for the Modern Workforce
The Software-Defined Perimeter: Securing Network Access for the Modern WorkforceThe Software-Defined Perimeter: Securing Network Access for the Modern Workforce
The Software-Defined Perimeter: Securing Network Access for the Modern WorkforcePerimeter 81
 
Beyond the mcse red teaming active directory
Beyond the mcse red teaming active directoryBeyond the mcse red teaming active directory
Beyond the mcse red teaming active directoryPriyanka Aash
 
AppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudAppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudCryptzone
 
BeyondCorp - Google Security for Everyone Else
BeyondCorp - Google Security for Everyone ElseBeyondCorp - Google Security for Everyone Else
BeyondCorp - Google Security for Everyone ElseIvan Dwyer
 
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Alert Logic
 
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...Priyanka Aash
 
Managed Threat Detection and Response
Managed Threat Detection and ResponseManaged Threat Detection and Response
Managed Threat Detection and ResponseAlert Logic
 
The Good, the Bad and the Ugly of the Ultrasonic Communications Ecosystem
The Good, the Bad and the Ugly of the Ultrasonic Communications EcosystemThe Good, the Bad and the Ugly of the Ultrasonic Communications Ecosystem
The Good, the Bad and the Ugly of the Ultrasonic Communications EcosystemPriyanka Aash
 
Trece lineas para_vivir
Trece lineas para_vivirTrece lineas para_vivir
Trece lineas para_vivirCarlos Moyetones
 
Results based-management
Results based-managementResults based-management
Results based-managementkarim lkhal
 

More Related Content

What's hot

Stop Translating, Start Defending: Common Language for Managing Cyber-Risk
Stop Translating, Start Defending: Common Language for Managing Cyber-RiskStop Translating, Start Defending: Common Language for Managing Cyber-Risk
Stop Translating, Start Defending: Common Language for Managing Cyber-RiskPriyanka Aash
 
Attacks on Critical Infrastructure: Insights from the “Big Board”
Attacks on Critical Infrastructure: Insights from the “Big Board”Attacks on Critical Infrastructure: Insights from the “Big Board”
Attacks on Critical Infrastructure: Insights from the “Big Board”Priyanka Aash
 
DON'T Use Two-Factor Authentication...Unless You Need It!
DON'T Use Two-Factor Authentication...Unless You Need It!DON'T Use Two-Factor Authentication...Unless You Need It!
DON'T Use Two-Factor Authentication...Unless You Need It!Priyanka Aash
 
SDN and Security: A Marriage Made in Heaven. Or Not.
SDN and Security: A Marriage Made in Heaven. Or Not.SDN and Security: A Marriage Made in Heaven. Or Not.
SDN and Security: A Marriage Made in Heaven. Or Not.Priyanka Aash
 
How Google Protects Its Corporate Security Perimeter without Firewalls
How Google Protects Its Corporate Security Perimeter without FirewallsHow Google Protects Its Corporate Security Perimeter without Firewalls
How Google Protects Its Corporate Security Perimeter without FirewallsPriyanka Aash
 
A New Security Paradigm for IoT (Internet of Threats)
A New Security Paradigm for IoT (Internet of Threats)A New Security Paradigm for IoT (Internet of Threats)
A New Security Paradigm for IoT (Internet of Threats)Priyanka Aash
 
How to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network SecurityHow to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network SecurityCryptzone
 
Rise of the Hacking Machines
Rise of the Hacking MachinesRise of the Hacking Machines
Rise of the Hacking MachinesPriyanka Aash
 
Cryptzone AppGate Technical Architecture
Cryptzone AppGate Technical ArchitectureCryptzone AppGate Technical Architecture
Cryptzone AppGate Technical ArchitectureCryptzone
 
Operational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentOperational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentCryptzone
 
CSA SV Threat detection and prediction
CSA SV Threat detection and predictionCSA SV Threat detection and prediction
CSA SV Threat detection and predictionVishwas Manral
 
The Software-Defined Perimeter: Securing Network Access for the Modern Workforce
The Software-Defined Perimeter: Securing Network Access for the Modern WorkforceThe Software-Defined Perimeter: Securing Network Access for the Modern Workforce
The Software-Defined Perimeter: Securing Network Access for the Modern WorkforcePerimeter 81
 
Beyond the mcse red teaming active directory
Beyond the mcse red teaming active directoryBeyond the mcse red teaming active directory
Beyond the mcse red teaming active directoryPriyanka Aash
 
AppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudAppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudCryptzone
 
BeyondCorp - Google Security for Everyone Else
BeyondCorp - Google Security for Everyone ElseBeyondCorp - Google Security for Everyone Else
BeyondCorp - Google Security for Everyone ElseIvan Dwyer
 
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Alert Logic
 
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...Priyanka Aash
 
Managed Threat Detection and Response
Managed Threat Detection and ResponseManaged Threat Detection and Response
Managed Threat Detection and ResponseAlert Logic
 
The Good, the Bad and the Ugly of the Ultrasonic Communications Ecosystem
The Good, the Bad and the Ugly of the Ultrasonic Communications EcosystemThe Good, the Bad and the Ugly of the Ultrasonic Communications Ecosystem
The Good, the Bad and the Ugly of the Ultrasonic Communications EcosystemPriyanka Aash
 

What's hot (20)

Stop Translating, Start Defending: Common Language for Managing Cyber-Risk
Stop Translating, Start Defending: Common Language for Managing Cyber-RiskStop Translating, Start Defending: Common Language for Managing Cyber-Risk
Stop Translating, Start Defending: Common Language for Managing Cyber-Risk
 
Attacks on Critical Infrastructure: Insights from the “Big Board”
Attacks on Critical Infrastructure: Insights from the “Big Board”Attacks on Critical Infrastructure: Insights from the “Big Board”
Attacks on Critical Infrastructure: Insights from the “Big Board”
 
DON'T Use Two-Factor Authentication...Unless You Need It!
DON'T Use Two-Factor Authentication...Unless You Need It!DON'T Use Two-Factor Authentication...Unless You Need It!
DON'T Use Two-Factor Authentication...Unless You Need It!
 
SDN and Security: A Marriage Made in Heaven. Or Not.
SDN and Security: A Marriage Made in Heaven. Or Not.SDN and Security: A Marriage Made in Heaven. Or Not.
SDN and Security: A Marriage Made in Heaven. Or Not.
 
How Google Protects Its Corporate Security Perimeter without Firewalls
How Google Protects Its Corporate Security Perimeter without FirewallsHow Google Protects Its Corporate Security Perimeter without Firewalls
How Google Protects Its Corporate Security Perimeter without Firewalls
 
A New Security Paradigm for IoT (Internet of Threats)
A New Security Paradigm for IoT (Internet of Threats)A New Security Paradigm for IoT (Internet of Threats)
A New Security Paradigm for IoT (Internet of Threats)
 
How to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network SecurityHow to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network Security
 
Rise of the Hacking Machines
Rise of the Hacking MachinesRise of the Hacking Machines
Rise of the Hacking Machines
 
Pulling our-socs-up
Pulling our-socs-upPulling our-socs-up
Pulling our-socs-up
 
Cryptzone AppGate Technical Architecture
Cryptzone AppGate Technical ArchitectureCryptzone AppGate Technical Architecture
Cryptzone AppGate Technical Architecture
 
Operational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentOperational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS Environment
 
CSA SV Threat detection and prediction
CSA SV Threat detection and predictionCSA SV Threat detection and prediction
CSA SV Threat detection and prediction
 
The Software-Defined Perimeter: Securing Network Access for the Modern Workforce
The Software-Defined Perimeter: Securing Network Access for the Modern WorkforceThe Software-Defined Perimeter: Securing Network Access for the Modern Workforce
The Software-Defined Perimeter: Securing Network Access for the Modern Workforce
 
Beyond the mcse red teaming active directory
Beyond the mcse red teaming active directoryBeyond the mcse red teaming active directory
Beyond the mcse red teaming active directory
 
AppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudAppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the Cloud
 
BeyondCorp - Google Security for Everyone Else
BeyondCorp - Google Security for Everyone ElseBeyondCorp - Google Security for Everyone Else
BeyondCorp - Google Security for Everyone Else
 
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials
 
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
 
Managed Threat Detection and Response
Managed Threat Detection and ResponseManaged Threat Detection and Response
Managed Threat Detection and Response
 
The Good, the Bad and the Ugly of the Ultrasonic Communications Ecosystem
The Good, the Bad and the Ugly of the Ultrasonic Communications EcosystemThe Good, the Bad and the Ugly of the Ultrasonic Communications Ecosystem
The Good, the Bad and the Ugly of the Ultrasonic Communications Ecosystem
 

Viewers also liked

Results based-management
Results based-managementResults based-management
Results based-managementkarim lkhal
 
Gdt PACAP-SVMFiC #SVMFiC16 2016 actualizacion
Gdt PACAP-SVMFiC #SVMFiC16 2016 actualizacionGdt PACAP-SVMFiC #SVMFiC16 2016 actualizacion
Gdt PACAP-SVMFiC #SVMFiC16 2016 actualizacionJavier Blanquer
 
Leyes Basicas para un Sistema
Leyes Basicas para un SistemaLeyes Basicas para un Sistema
Leyes Basicas para un SistemaMariaRivasH
 
Gd GdT-ITySI #SVMFiC16 Consulta NoPresencial 2016
Gd GdT-ITySI #SVMFiC16 Consulta NoPresencial 2016Gd GdT-ITySI #SVMFiC16 Consulta NoPresencial 2016
Gd GdT-ITySI #SVMFiC16 Consulta NoPresencial 2016Javier Blanquer
 
La méthode des couts partiels mac (controle de gestion par activité)
La méthode des couts partiels mac (controle de gestion par activité)La méthode des couts partiels mac (controle de gestion par activité)
La méthode des couts partiels mac (controle de gestion par activité)karim lkhal
 

Viewers also liked (12)

Trece lineas para_vivir
Trece lineas para_vivirTrece lineas para_vivir
Trece lineas para_vivir
 
Results based-management
Results based-managementResults based-management
Results based-management
 
Presentación1
Presentación1Presentación1
Presentación1
 
Gdt PACAP-SVMFiC #SVMFiC16 2016 actualizacion
Gdt PACAP-SVMFiC #SVMFiC16 2016 actualizacionGdt PACAP-SVMFiC #SVMFiC16 2016 actualizacion
Gdt PACAP-SVMFiC #SVMFiC16 2016 actualizacion
 
FINAL Q4 Office
FINAL Q4 OfficeFINAL Q4 Office
FINAL Q4 Office
 
Leyes Basicas para un Sistema
Leyes Basicas para un SistemaLeyes Basicas para un Sistema
Leyes Basicas para un Sistema
 
WethePeoples
WethePeoplesWethePeoples
WethePeoples
 
Практична 5
Практична 5Практична 5
Практична 5
 
Frood - Framing food
Frood - Framing foodFrood - Framing food
Frood - Framing food
 
крок вересень 2016
крок вересень 2016крок вересень 2016
крок вересень 2016
 
Gd GdT-ITySI #SVMFiC16 Consulta NoPresencial 2016
Gd GdT-ITySI #SVMFiC16 Consulta NoPresencial 2016Gd GdT-ITySI #SVMFiC16 Consulta NoPresencial 2016
Gd GdT-ITySI #SVMFiC16 Consulta NoPresencial 2016
 
La méthode des couts partiels mac (controle de gestion par activité)
La méthode des couts partiels mac (controle de gestion par activité)La méthode des couts partiels mac (controle de gestion par activité)
La méthode des couts partiels mac (controle de gestion par activité)
 

Similar to Cloud Breach – Preparation and Response

Incident response-in-the-cloud
Incident response-in-the-cloudIncident response-in-the-cloud
Incident response-in-the-cloudPriyanka Aash
 
Collabnix Online Webinar: Integrated Log Analytics & Monitoring using Docker ...
Collabnix Online Webinar: Integrated Log Analytics & Monitoring using Docker ...Collabnix Online Webinar: Integrated Log Analytics & Monitoring using Docker ...
Collabnix Online Webinar: Integrated Log Analytics & Monitoring using Docker ...Ajeet Singh Raina
 
Get Your Head in the Cloud: A Practical Model for Enterprise Cloud Security
Get Your Head in the Cloud: A Practical Model for Enterprise Cloud SecurityGet Your Head in the Cloud: A Practical Model for Enterprise Cloud Security
Get Your Head in the Cloud: A Practical Model for Enterprise Cloud SecuritySymantec
 
Cloud Security Essentials 2.0 at RSA
Cloud Security Essentials 2.0 at RSACloud Security Essentials 2.0 at RSA
Cloud Security Essentials 2.0 at RSAShannon Lietz
 
AWS November meetup Slides
AWS November meetup SlidesAWS November meetup Slides
AWS November meetup SlidesJacksonMorgan9
 
Maturing Your Organization from DevOps to DevSecOps
Maturing Your Organization from DevOps to DevSecOpsMaturing Your Organization from DevOps to DevSecOps
Maturing Your Organization from DevOps to DevSecOpsAmazon Web Services
 
Maturing your organization from DevOps to DevSecOps
Maturing your organization from DevOps to DevSecOpsMaturing your organization from DevOps to DevSecOps
Maturing your organization from DevOps to DevSecOpsAmazon Web Services
 
Continuous Automated Red Teaming (CART) - Bikash Barai
Continuous Automated Red Teaming (CART) - Bikash BaraiContinuous Automated Red Teaming (CART) - Bikash Barai
Continuous Automated Red Teaming (CART) - Bikash BaraiAllanGray11
 
A Fully Automated SOC: Fact or Fiction
A Fully Automated SOC: Fact or FictionA Fully Automated SOC: Fact or Fiction
A Fully Automated SOC: Fact or FictionPriyanka Aash
 
SANS Cloud Security Summit 2018: Forensics as a Service
SANS Cloud Security Summit 2018: Forensics as a ServiceSANS Cloud Security Summit 2018: Forensics as a Service
SANS Cloud Security Summit 2018: Forensics as a ServiceToni de la Fuente
 
OWASP Atlanta 2018: Forensics as a Service
OWASP Atlanta 2018: Forensics as a ServiceOWASP Atlanta 2018: Forensics as a Service
OWASP Atlanta 2018: Forensics as a ServiceToni de la Fuente
 
FIM and System Call Auditing at Scale in a Large Container Deployment
FIM and System Call Auditing at Scale in a Large Container DeploymentFIM and System Call Auditing at Scale in a Large Container Deployment
FIM and System Call Auditing at Scale in a Large Container DeploymentPriyanka Aash
 
Cloud security : Automate or die
Cloud security : Automate or dieCloud security : Automate or die
Cloud security : Automate or diePriyanka Aash
 
Telco analytics at scale
Telco analytics at scaleTelco analytics at scale
Telco analytics at scaledatamantra
 
A Vision for Shared, Central Intelligence to Ebb a Growing Flood of Alerts
A Vision for Shared, Central Intelligence to Ebb a Growing Flood of AlertsA Vision for Shared, Central Intelligence to Ebb a Growing Flood of Alerts
A Vision for Shared, Central Intelligence to Ebb a Growing Flood of AlertsPriyanka Aash
 

Similar to Cloud Breach – Preparation and Response (20)

Cloud Breach - Forensics Audit Planning
Cloud Breach - Forensics Audit PlanningCloud Breach - Forensics Audit Planning
Cloud Breach - Forensics Audit Planning
 
Incident response-in-the-cloud
Incident response-in-the-cloudIncident response-in-the-cloud
Incident response-in-the-cloud
 
Collabnix Online Webinar: Integrated Log Analytics & Monitoring using Docker ...
Collabnix Online Webinar: Integrated Log Analytics & Monitoring using Docker ...Collabnix Online Webinar: Integrated Log Analytics & Monitoring using Docker ...
Collabnix Online Webinar: Integrated Log Analytics & Monitoring using Docker ...
 
Using Data Lakes
Using Data LakesUsing Data Lakes
Using Data Lakes
 
Using Data Lakes
Using Data LakesUsing Data Lakes
Using Data Lakes
 
Using Data Lakes
Using Data LakesUsing Data Lakes
Using Data Lakes
 
Get Your Head in the Cloud: A Practical Model for Enterprise Cloud Security
Get Your Head in the Cloud: A Practical Model for Enterprise Cloud SecurityGet Your Head in the Cloud: A Practical Model for Enterprise Cloud Security
Get Your Head in the Cloud: A Practical Model for Enterprise Cloud Security
 
Cloud Security Essentials 2.0 at RSA
Cloud Security Essentials 2.0 at RSACloud Security Essentials 2.0 at RSA
Cloud Security Essentials 2.0 at RSA
 
AWS November meetup Slides
AWS November meetup SlidesAWS November meetup Slides
AWS November meetup Slides
 
AWS User Group November
AWS User Group NovemberAWS User Group November
AWS User Group November
 
Maturing Your Organization from DevOps to DevSecOps
Maturing Your Organization from DevOps to DevSecOpsMaturing Your Organization from DevOps to DevSecOps
Maturing Your Organization from DevOps to DevSecOps
 
Maturing your organization from DevOps to DevSecOps
Maturing your organization from DevOps to DevSecOpsMaturing your organization from DevOps to DevSecOps
Maturing your organization from DevOps to DevSecOps
 
Continuous Automated Red Teaming (CART) - Bikash Barai
Continuous Automated Red Teaming (CART) - Bikash BaraiContinuous Automated Red Teaming (CART) - Bikash Barai
Continuous Automated Red Teaming (CART) - Bikash Barai
 
A Fully Automated SOC: Fact or Fiction
A Fully Automated SOC: Fact or FictionA Fully Automated SOC: Fact or Fiction
A Fully Automated SOC: Fact or Fiction
 
SANS Cloud Security Summit 2018: Forensics as a Service
SANS Cloud Security Summit 2018: Forensics as a ServiceSANS Cloud Security Summit 2018: Forensics as a Service
SANS Cloud Security Summit 2018: Forensics as a Service
 
OWASP Atlanta 2018: Forensics as a Service
OWASP Atlanta 2018: Forensics as a ServiceOWASP Atlanta 2018: Forensics as a Service
OWASP Atlanta 2018: Forensics as a Service
 
FIM and System Call Auditing at Scale in a Large Container Deployment
FIM and System Call Auditing at Scale in a Large Container DeploymentFIM and System Call Auditing at Scale in a Large Container Deployment
FIM and System Call Auditing at Scale in a Large Container Deployment
 
Cloud security : Automate or die
Cloud security : Automate or dieCloud security : Automate or die
Cloud security : Automate or die
 
Telco analytics at scale
Telco analytics at scaleTelco analytics at scale
Telco analytics at scale
 
A Vision for Shared, Central Intelligence to Ebb a Growing Flood of Alerts
A Vision for Shared, Central Intelligence to Ebb a Growing Flood of AlertsA Vision for Shared, Central Intelligence to Ebb a Growing Flood of Alerts
A Vision for Shared, Central Intelligence to Ebb a Growing Flood of Alerts
 

More from Priyanka Aash

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfPriyanka Aash
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfPriyanka Aash
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfPriyanka Aash
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfPriyanka Aash
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfPriyanka Aash
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfPriyanka Aash
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdfPriyanka Aash
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfPriyanka Aash
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfPriyanka Aash
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfPriyanka Aash
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldPriyanka Aash
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksPriyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Priyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Priyanka Aash
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Priyanka Aash
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsPriyanka Aash
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 

More from Priyanka Aash (20)

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdf
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdf
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdf
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdf
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
 
DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdf
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdf
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdf
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdf
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdf
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 Battlefield
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware Attacks
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 

Recently uploaded

Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 

Recently uploaded (20)

Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 

Cloud Breach – Preparation and Response

  • 1. SESSION ID: #RSAC Monzy Merza Cloud Incident Response CSV-F01 Director of Cyber Research Chief Security Evangelist Splunk, Inc @monzymerza #splunk 1
  • 2. #RSAC Agenda Cloud dependency and use Challenges and opportunities in the cloud A model for cloud IR Capabilities required for cloud IR IR scenarios Takeaways and call to action
  • 3. #RSAC What if… ● Visibility was reduced ● Sensors disappeared ● Authorization was transferrable ● Trust exploitation became vector #1
  • 4. #RSAC What if… ● Visibility was reduced ● Sensors disappeared ● Authorization was transferrable ● Trust exploitation became vector #1 That world is now!
  • 5. #RSAC Cloud Service are Mission Critical ● Business Applications: ● Sharing and Collaboration: ● Storage Applications: ● Infrastructure Platforms:
  • 8. #RSAC Cloud: A Behavioral Model Identity Interactions Resources
  • 9. #RSAC Challenges to IP Stewardship User Autonomy Technical flexibility Users create/modify/move/s hare data in<-> out and across services Ubiquitous access - geo and device diversity Encrypted Communication
  • 11. #RSAC Examples of Interactions Create an account Start a machine instance Share a resource Synchronize files Manage a process Approve a transaction
  • 12. #RSAC Examples of Resources File sharing services Transaction services Customer relations management (CRM) Compute services Applications services
  • 13. #RSAC Why Do These Challenges Exist? Local Users and Cloud Services Local Users and Local Services Remote Users and Cloud Services Remote Users and Local Services
  • 14. #RSAC Cloud IR: A Simple Model Identity Used Resources Accessed by Identity Interactions with resource
  • 16. #RSAC Cloud Opportunities APIs for operation and management Centralized authentication and management Near real-time impact of changes Logging capabilities
  • 17. #RSAC Preparing: Resources Accessed Identify the cloud resources Web logs Next generation firewall application logs Determine the methods of collection Log files API calls Requirements for automation Configuration changes Special API keys, licenses
  • 18. #RSAC Preparing: Identity Used Log User Access On-prem resources Cloud resources Enrich User Information Current CMDB for Users HR Business Applications Integrate Management Configuration and rollback Notification
  • 19. #RSAC Preparing: Interactions w/ Resources Log User Activity Applications Infrastructure Log API Activity Cloud services On-prem services Integrate host acquisition Memory Disk
  • 20. #RSAC Preparing: Additional Considerations Storage Logs Disk/Memory Special Access Elasticity API licenses Analytics tools Data Analysis Sharing and Collaboration
  • 21. #RSAC Preparing for Cloud IR Collect streaming events - log data, API results Collect batch data - log data, disk, memory images Execute ad hoc collection via APIs - automated or human mediated Search and investigate the collections Enrich data with third party information - asset/identity, HR, threat intel Automate collection/analysis/sharing tasks
  • 23. #RSAC Capabilities needed for Cloud Incident Response Logs: Infrastructure, Instance, Service Memory Forensics Disk Forensics Versioning, Snapshots APIs for Configuration Changes APIs for Status Gathering
  • 24. #RSAC Operational Considerations for Collection Logs Streaming or batched Structured or unstructured Binary data Memory dumps are unstructured Disk forensics require storage Analytics Out of the box vs Custom Collaboration requires integration Automation Test and Rollback Human mediation
  • 25. #RSAC Cloud IR: Tools Selection Criteria Hybrid Cloud + Onprem Automation/API friendly Collaboration and sharing ready
  • 26. #RSAC Attack and IR Scenarios
  • 27. #RSAC Linkin' Joe: Insider File Sharing Joe creates a shared link on a cloud storage folder and emails it to an accomplice. Over the course of a month, Joe posts company proprietary data to the folder. And over the course of the month, Joe's accomplice makes copies of the data.
  • 28. #RSAC IR: Linkin’ Joe Identity • Log data: cloud storage, on-prem auth • Enrich with: DLP or watch listed files, HR watch list, local file access Resources • Search for unauthenticated access to a folder Interactions • Search for large number of files moving to a specific folder • Make a list of file names uploaded/downloaded to folder
  • 29. #RSAC Pickpocket: Compromised Cloud Keys Stolen cloud infrastructure keys are used to instantiate new instances and access existing instances
  • 30. #RSAC IR: Pickpocket Identity • Identify the keys that were stolen • Enrich log data: threat intel, IP, domains, file names, service names Resources • Log data: cloud infrastructure, cloud instance, threat intel • Host data: memory dump, cloud instance snapshot • Search other cloud instances for discovered indicators Interactions • Search log data for: use of keys, number of instances, durations of sessions • Search memory: installed services, open ports, files names Contain • API: Disable keys • API: Modify security zones for instances spawned by infected key use
  • 31. #RSAC N’synch - synch folder propagator Malware propagates by copying itself to auto synch folders for cloud storage service
  • 32. #RSAC N’synch IR Identity •Identify owner of infected file Resources •Cloud storage, email •Search storage logs for file operations Interactions •Search host logs for reg keys, services, files, sockets Contain •API: remove propagating file •API: change permissions on infected folders
  • 34. #RSAC Call to Action for Cloud IR Demand APIs from Security Vendors Collect Data from Anywhere Search Based on New Criteria Enrich from internal, external sources on demand Automation, Workflows, Sharing
  • 35. #RSAC Cloud IR: A Simple Model Identity Used Resources Accessed by Identity Interactions with resource