Forensics and Security Investigations in Niche Public Cloud Environments
Amazon Web Services, Microsoft Azure, and Google Cloud Platform combined currently hold a bit over 50% of the worldwide cloud market. But what about the other half? Large corporations with a global presence or a local enterprise might find that a niche cloud provider better meets their needs. Alibaba Cloud's, IBM Cloud's, and Oracle Cloud's market share are not that far behind GCP, and you might find yourself on one of these platforms while you respond to an incident. We will pick a handful of these niche cloud providers and focus on services and data that have the highest investigative value for us during this talk. Where can we find the API logs? How can we get flow logs? Is there a packet mirroring service we could turn on? Which application and endpoint logs can we get? How can we obtain and analyze disk images of cloud instances? Covering all the different cloud providers out there would not be feasible or even practical, so we will discuss a generic strategy that you can follow when looking for evidence. We will also look at security tools or lack thereof for these niche clouds, hoping to inspire others to explore further, develop new solutions, and start new projects.
Relevant Government Agencies
Other Federal Agencies, Federal Government, State & Local Government
Event Type
Webcast
When
Mon, Jul 11, 2022, 1:00pm
ET
Cost
Complimentary: $ 0.00
Website
Click here to visit event website
Event Sponsors
Organizer
SANS Institute