))
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
EP103 Security Incident Response and Public Cloud - Exploring with Mandiant
Manage episode 352651735 series 2892548
Thông tin tác giả Anton Chuvakin được phát hiện bởi Player FM và cộng đồng của chúng tôi - bản quyền thuộc sở hữu của nhà sản xuất (publisher), không thuộc về Player FM, và audio được phát trực tiếp từ máy chủ của họ. Bạn chỉ cần nhấn nút Theo dõi (Subscribe) để nhận thông tin cập nhật từ Player FM, hoặc dán URL feed vào các ứng dụng podcast khác.
Guest:
- Nader Zaveri, Senior Manager of IR and Remediation at Mandiant, now part of Google Cloud
Topics:
- Could we start with a story of a cloud incident response (IR) failure and where things went wrong?
- What should that team have done to get it right?
- Are there skills that matter more in cloud incidents than they do for on-prem incidents? Are there on-prem instincts that will lead incident responders astray in cloud?
- What 3 things an IR team leader needs to do to prepare his team for IR in the cloud?
- Are there on-premise tools that can stay on prem and not join us in the cloud?
- What processes should we leave behind? Keep with us?
- What logs and context should we prepare for cloud IR? What access should we have behind “break glass”?
- While doing IR, what things should we look at in the cloud logs (which logs, also?) to expedite the investigation?
Resources:
- “How to Cloud IR or Why Attackers Become Cloud Native Faster?” (ep98)
- “How to prepare for detection & response in the cloud” Google Cloud Next 2022 presentation
- “Security Incident Response in the Cloud: A Few Ideas” blog
- GCP Cloud Logging
- “Security at Scale: Logging in AWS” paper
- “AWS Security Incident Response Whitepaper” paper
115 tập
