The document presents an overview of cloud security, highlighting its importance in the current environment and the challenges organizations face, such as significant data breaches and costly misconfigurations. It introduces Panther, a cloud-native SIEM designed to aid security teams in threat detection, log analysis, and policy management, with over 100 built-in policies for secure resource management. The document also outlines the onboarding process and subscription tiers for utilizing Panther's services.

1. Jack Naglieri | Founder & CEO | jack.naglieri@runpanther.io
Cloud Security 101

2. Cloud Security 101 | Panther
Your Host
● Cloud security expert w/ 8+ years experience leading
detection efforts @ co’s like Yahoo & Airbnb
● Co-creator and core developer of StreamAlert
● Originally from D.C. area, now based (i.e. quarantined!) in
SF
Jack Naglieri

3. Cloud Security 101 | Panther
Agenda
1. Cloud Security - Why Now?
2. Panther Intro
3. Panther Cloud Security Deep Dive
4. Example Use Case
5. Q&A

4. Cloud Security 101 | Panther
In the era of COVID-19… reliance on
cloud computing is stronger than ever.

5. Cloud Security 101 | Panther
Organizations already
struggle to implement
proper cloud security–more
than 33 billion records were
exposed in 2018 and 2019.

6. Cloud Security 101 | Panther
Cloud misconfigurations
cost companies
worldwide nearly $5
trillion in 2018 and 2019.
2018
$1.76 T
2019
$3.18 T

7. Panther is a Cloud-Native SIEM
for Modern Security Teams

8. Conduct Investigations
Historical
Search
Detect threats
Log
Analysis
Cloud Security 101 | Panther
Detect misconfigurations
Cloud
Security

9. OVERVIEW
Panther runs fully on top of AWS services like
Lambda, ECS, DynamoDB, S3, Cognito, and more
Cloud Security 101 | Panther

10. CONCEPTS
A cloud component
RESOURCE
A Python function representing
the desired secure state of a
resource
POLICY
Notification of a policy failure
ALERT
Panther 101

11. ONBOARDINGCloud Security 101 | Panther
bit.ly/panther-cloudsec-setup bit.ly/panther-real-time-setup

12. BUILT-IN DETECTIONSCloud Security 101 | Panther
● 100+ Built-in Policies
● AWS CIS, Best Practices, S3
● Categories
○ Availability
○ Security Controls
○ Data Protection
○ Identity & Access
Management

19. Why?
● Credentials can be leaked
● Sensitive data can be exposed
Writing Custom Policies
Cloud Security 101 | Panther
SCENARIO: Detecting Public AMIs (Amazon Machine Image)

20. Resource
Logic:
● Public should be false
● The AMI owner is one of our accounts

21. Policy

24. Automatic Remediation

25. Automatic Remediation

26. Automatic Remediation

27. 1. Panther can help harden our cloud environments
2. Python Policies ensure Resources are secure
3. Panther includes 100+ built-in Policies
4. Automatic Remediation can fix insecure Resources
5. Get started today! https://docs.runpanther.io/quick-start

28. https://bit.ly/runpanther

30. Subscription Tiers
Enterprise
Real-Time Log Analysis
Cloud Security and Remediation
Real-Time Alerting
Historical Search of Log Data
Powerful User Interface
200+ pre-built Rules and Policies
—Free—
+Basic Features
Self-hosted or SaaS
24 x 7 Support & Live Chat
150+ Premium Analysis Packs
Role-Based Access Control
SaaS Logs
—Contact Us—
Max scale and performance
Community
github.com/panther-labs/panther
Panther 101

31. Q & A

32. Cloud Security 101 | Panther ARCHITECTURE

33. RESOURCES
CloudTrail Config DynamoDB EC2VPC
ELB
GuardDuty IAM KMS RDS
S3
WAF
Redshift
SQS SNS
Write policies for any of the following resource types
Panther 101

34. DESTINATIONS
Dispatch alerts and integrate existing workflows
Panther 101

35. ONBOARDINGCloud Security 101 | Panther

36. ONBOARDINGCloud Security 101 | Panther

37. ONBOARDINGCloud Security 101 | Panther
bit.ly/panther-real-time-setup