Securing a cloud environment can be challenging and time consuming, especially if you don't know where to start. This Workshop will scrutinize a common cloud service: Virtual Machines, and focus on the secure implementation of that service. We'll discuss Operating Systems (and why it matters from a cloud perspective), as well as security groups, remote access, system and network hardening as well as how mature organizations handle deployments....

The increasing reliance on cloud computing has driven the need for efficient and secure IT environments, necessitating the development of robust engineering skills across various domains. This keynote speech will explore the world of cloud investigations, focusing on the critical intersection of data engineering, infrastructure as code (IaC), and Continuous Integration/Continuous Deployment (CI/CD) pipelines. Attendees will learn about the lat...

The Rise of Public Cloud Providers such as Amazon Web Services (AWS), Google Cloud (GCP), and Microsoft's Azure which serves the computing needs for small, medium and large businesses all over the world and there is no sign of any slowing the move to the “cloud”. These same Public Cloud providers have had at the same time become more complicated each day as we are creating more complex security holes with new cloud services, offeri...

Security teams need to build consistent, reusable design patterns for cloud security controls that can be automated and maintained readily over time. Within cloud infrastructure, many controls can be provisioned and enabled ahead of time and operate autonomously in any deployment scenario. Commonly termed “guardrails,” these controls ensure that security capabilities are always enabled and operate within the context of deployments...

This is a 2 hour hands-on workshop. As with any enterprise environment, we can (and should) focus on hardening our defenses to keep the adversaries out, but these defenses may some day be evaded via a variety of methods. Cloud is no different. In this workshop, which is a follow-on from the talk “Building Better Cloud Detections... By Hacking? (Azure Edition)“, we will work through the process of creating a detection that we can us...

Learn real-world cyber security skills from top industry experts during SANS Security West 2023 (May 15-20). Join us In-Person in San Diego, CA or Live Online to experience interactive training with hands-on labs, practice your skills during NetWars Tournaments, and network with your peers in real-time. Choose your course and register now! SANS Security West 2023 Features: Hands-on labs in a virtual environment Courses include electronic and p...

As with any enterprise environment, we can (and should) focus on hardening our defenses to keep the adversaries out, but these defenses may some day be evaded via a variety of methods. Cloud is no different. We will discuss the process of creating a detection that we can use as defenders to spot an adversary performing attack techniques against our Azure environments. The overall process and takeaways will be: Establish proper logging to detec...

The movement towards multi-cloud has been growing momentum with no end in sight. Over 50% of the respondents to the SANS 2022 Multi-cloud Survey not only use all of the Big 3 Cloud Providers (AWS, Azure, and Google Cloud), but they also use all of the next three most popular CSPs (Alibaba Cloud, Oracle Cloud, and IBM Cloud). Organizations look to so-called “cloud-agnostic” technologies to manage this complexity. One such technology...

This is a 2 hour hands-on workshop. As with any enterprise environment, we can (and should) focus on hardening our defenses to keep the adversaries out, but these defenses may some day be evaded via a variety of methods. Cloud is no different. In this workshop, which is a follow-on from the talk “Building Better Cloud Detections... By Hacking? (AWS Edition)“, we will work through the process of creating a detection that we can use...

Content delivery networks provide a valuable service and make the Internet a better place. Without them, streaming services would overwhelm entire networks. Mobile and single-paged web applications would take forever to load. But, what about sensitive data? Do we have to avoid caching sensitive data at all costs or are there ways we can secure it? Join me to learn more about origin protection and signature enforcement with custom policy in Ama...