Date post: | 22-Jan-2018 |
Category: |
Technology |
Upload: | duncangodfrey2 |
View: | 241 times |
Download: | 3 times |
Monitor all the
cloud things
@duncangodfrey
Security monitoring for everyone
Me:
Introduction
• A brisk introduction to security monitoring
• How do you monitor cloud services?
• What should you do with the data you collect?
• Keeping up and keeping sane
• Opportunities for security engineering
A very brisk
introduction to Security
Monitoring
“Security monitoring is the process
of generating security events
based on data gathered from your
IT environment.”
“Ability to detect threats in
near real time”
“Ability to respond after
a successful attack”
CSC 6
Maintenance, Monitoring, and Analysis of Audit
Logs
“Collect, manage, and analyze audit logs of
events that could help detect, understand, or
recover from an attack.”
How do you monitor
Cloud Services?
log created
collection / storage
search (for events)
Action
APIs, webhooks and
sorry JSON
$ curl https://slack.com/api/team.accessLogs\?token\=$yourtoken\&pretty\=1
Setup a platform for collection,
storage and search
• Splunk
• Greylog
• Elastic stack (ELK, Logstash or fluentd)
• Loggly
• Logentries
• Airbnb Streamalert
• Sumo Logic
What should you do
with the data you have
collected?
Create Security
Events
Take Action
log created
Sumo Logic
SL Query
Slack Message
#security-alerts
Where to start?
– Me
“It’s as important to look for config
errors as it is to look for attackers.”
CIS AWS Foundations Benchmark
Keeping up
and keeping sane
Have a process
Tuning
Canaries
Opportunities for
security engineering
Security monitoring for
everyone
“Everything is an API call
now”
Open Source
Fin.
Questions?
@duncangodfrey
https://auth0.engineering/