Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Cloud Security Monitoring at Auth0 - Security BSides Seattle

341 views

Published on

The slides from Eugene Kogan's talk on cloud security monitoring at Auth0, presented at Security BSides Seattle, 2017. More details at our blog: https://auth0.engineering/cloud-security-monitoring-at-auth0-ff5e87ad1141

Published in: Software
  • Be the first to comment

  • Be the first to like this

Cloud Security Monitoring at Auth0 - Security BSides Seattle

  1. 1. Cloud Security Monitoring Security BSides Seattle Eugene Kogan - @eugk - February 4, 2017 (for startups, mostly)
  2. 2. 1. Who 2. Why 3. What 4. How 5. When
  3. 3. 1. Who
  4. 4. CloudSecurityAlliance.org
  5. 5. 2. Why
  6. 6. 3. What
  7. 7. –President Ronald Reagan Trust, but verify.
  8. 8. Awareness Visualization Misuse detection Change detection Incident detection Incident response
  9. 9. Splunk Graylog Elastic Stack Loggly Logentries Fluentd Sumo Logic AWS G Suite Dropbox GitHub GitLab Slack Zendesk Salesforce Jenkins Syslog Webhooks
  10. 10. 4. How
  11. 11. _sourceCategory=cloudtrail_aws_logs* | json auto | where event_name matches "*Trail" or event_name matches "StartLogging" or event_name matches "StopLogging" | lookup awsaccountname from /shared/ awsaccounts on recipient_account_id = awsaccountid | count as count by event_name, recipient_account_id, awsaccountname, user_name, principle_id, accesskey_id
  12. 12. github.com/auth0/audit-droid
  13. 13. github.com/a2o/snoopy
  14. 14. github.com/nccgroup/Scout2
  15. 15. 5. When
  16. 16. You should be doing cloud security monitoring today.
  17. 17. Action items Know which cloud services your organization uses Have a modern platform for collection, analysis, alerting Collect the right data from cloud and internal systems Use this data wisely Ensure your staff has the right skills to do all of the above
  18. 18. The end 🖖 auth0.engineering/tagged/security twitter.com/eugk

×