As with any enterprise environment, we can (and should) focus on hardening our defenses to keep the adversaries out, but these defenses may some day be evaded via a variety of methods. Cloud is no different.
We will discuss the process of creating a detection that we can use as defenders to spot an adversary performing attack techniques against our Azure environments.
The overall process and takeaways will be:
- Establish proper logging to detect the adversarial activity Perform the attack to generate the appropriate artifacts
- Review the log event data
- Create an automated process to quickly discover this activity
- Test that the automated process is working effectively by "re-attacking" the Azure account
This webcast supports the 2-hour hands-on workshop “Building Better Detections - Azure Edition” www.sans.org/webcasts/hands-o...
About the Speaker
Ryan Nicholson's passion for information technology started in 2001 when he found himself constantly trying to make his high school's computers and even calculators do things that they weren't exactly intended to do. They lacked games, so he learned how to create some. Yes, some may call this hacking. Ryan called it "fun", which led to attending college with intentions of becoming a software engineer. During school, Ryan obtained an internship with a very cybersecurity-minded organization -- the Defense Information Systems Agency (DISA). Ever since then, he’s been hooked on cybersecurity. Ryan is the author for SEC488: Cloud Security Essentials, co-author of SEC541: Cloud Security Attacker Techniques, Monitoring, and Threat Detection. Learn more about Ryan at www.sans.org/profiles/ryan-ni...
SEC541: Cloud Security Attacker Techniques, Monitoring, and Threat Detection
www.sans.org/cyber-security-c...
SEC488: Cloud Security Essentials
www.sans.org/cyber-security-c...
SANS Cloud Security focuses the deep resources of SANS on the growing threats to The Cloud by providing training, GIAC certification, research, and community initiatives to help security professionals build, deploy and manage secure cloud infrastructure, platforms, and applications.
SANS Cloud Security Curriculum: www.sans.org/cloud-security
Twitter: @SANSCloudSec
LinkedIn: / sanscloudsec
Discord: www.sansurl.com/cloud-discord
Негізгі бет Ғылым және технология Building Better Cloud Detection By Hacking | Azure Edition
Пікірлер