In this talk, Shaun McCullough SANS Certified Instructor and author of the brand new class SEC541: Cloud Monitoring and Threat Detection, will talk about Threat Detection in a cloud environment. We will work through what is Hunting, and how it should be approached for Cloud environments. Then, we will look at some specific threats, and investigate the AWS tools that generate the log data we can use to detect those threats. Services such as CloudTrail, VPC Flow Logs and CloudWatch can be used to collect and analyze the data, while GuardDuty, Config and Inspector have their own detections built in.
About the Speaker
As a hands-on practitioner with a gift for architecture design, Shaun explores the good and bad of how the Cloud is changing the way the industry secures and runs infrastructure. During his 25+ years of experience, Shaun has spent equal parts in security engineer and operations as well as software development. With extensive experience within the Department of Defense, Shaun was the Technical Director of the Red and Blue operations teams, a researcher of advanced host analytics, and ran a threat intelligence focused open source platform based on MITRE ATT&CK. Previously, he was a consultant with H&A Security Solutions, focusing on analytic development, DevOps support, and security automation tooling. Shaun has authored the brand new SEC541: Cloud Monitoring and Threat Hunting and can be found teaching SEC545: Cloud Security Architecture and Operations on a regular basis.
ចូលរួមទៅក្នុងបន្ទប់ផ្តល់ព័ត៌មាន Telegram channel សម្រាប់ទទួលបានព័ត៌មានចុងក្រោយស្តីពីសន្តិសុខអុិនធឺណិតទាំងក្នុង និងក្រៅប្រទេស៖ https://t.me/infosecisac។ ចង់ផ្សព្វផ្សាយពាណិជ្ជកម្ម សូមទំនាក់ទំនង firstname.lastname@example.org
Subscribe to our Telegram channel for the latest updates on the Cybersecurity Breaking News in both locally and internationally: https://t.me/infosecisac.