The Rise of Public Cloud Providers such as Amazon Web Services (AWS), Google Cloud (GCP), and Microsoft's Azure which serves the computing needs for small, medium and large businesses all over the world and there is no sign of any slowing the move to the “cloud”. These same Public Cloud providers have had at the same time become more complicated each day as we are creating more complex security holes with new cloud services, offeri...

Security teams need to build consistent, reusable design patterns for cloud security controls that can be automated and maintained readily over time. Within cloud infrastructure, many controls can be provisioned and enabled ahead of time and operate autonomously in any deployment scenario. Commonly termed “guardrails,” these controls ensure that security capabilities are always enabled and operate within the context of deployments...

This is a 2 hour hands-on workshop. As with any enterprise environment, we can (and should) focus on hardening our defenses to keep the adversaries out, but these defenses may some day be evaded via a variety of methods. Cloud is no different. In this workshop, which is a follow-on from the talk “Building Better Cloud Detections... By Hacking? (Azure Edition)“, we will work through the process of creating a detection that we can us...

Learn real-world cyber security skills from top industry experts during SANS Security West 2023 (May 15-20). Join us In-Person in San Diego, CA or Live Online to experience interactive training with hands-on labs, practice your skills during NetWars Tournaments, and network with your peers in real-time. Choose your course and register now! SANS Security West 2023 Features: Hands-on labs in a virtual environment Courses include electronic and p...

As with any enterprise environment, we can (and should) focus on hardening our defenses to keep the adversaries out, but these defenses may some day be evaded via a variety of methods. Cloud is no different. We will discuss the process of creating a detection that we can use as defenders to spot an adversary performing attack techniques against our Azure environments. The overall process and takeaways will be: Establish proper logging to detec...

The movement towards multi-cloud has been growing momentum with no end in sight. Over 50% of the respondents to the SANS 2022 Multi-cloud Survey not only use all of the Big 3 Cloud Providers (AWS, Azure, and Google Cloud), but they also use all of the next three most popular CSPs (Alibaba Cloud, Oracle Cloud, and IBM Cloud). Organizations look to so-called “cloud-agnostic” technologies to manage this complexity. One such technology...

This is a 2 hour hands-on workshop. As with any enterprise environment, we can (and should) focus on hardening our defenses to keep the adversaries out, but these defenses may some day be evaded via a variety of methods. Cloud is no different. In this workshop, which is a follow-on from the talk “Building Better Cloud Detections... By Hacking? (AWS Edition)“, we will work through the process of creating a detection that we can use...

Content delivery networks provide a valuable service and make the Internet a better place. Without them, streaming services would overwhelm entire networks. Mobile and single-paged web applications would take forever to load. But, what about sensitive data? Do we have to avoid caching sensitive data at all costs or are there ways we can secure it? Join me to learn more about origin protection and signature enforcement with custom policy in Ama...

The evil Professor Moriarty is hunting for a hiding Sherlock Holmes, whose whereabouts are only known to Sherlock’s brother, Mycroft. In this webinar, we will discuss how Moriarty and his gang hacked into Mycroft’s web environment to search for clues, and how Sherlock turned the tables and detected their every step. This webinar is based on a newly released SANS poster that focuses on Cloud Threat Detection, set in the world of mod...

Most companies with cloud infrastructure have implemented multiple security posture tools, along with compliance management and identity access management – but breaches still happen. A recent IBM study found that organizations take an average of 207 days to uncover breaches and another 70 days to remediate. Configuration and vulnerability management are important for compliance reporting but not enough to intercept cloud breaches. In th...