incident response in the cloud

33

Helping You Piece IT Together http:// www.bhconsulting.ie info@bhconsulting .ie Incident Response & Cloud Security

Upload: brian-honan

Post on 06-Dec-2014

991 views

Category:

Technology

2 download

Report

Download

Tags:

Embed Size (px):

DESCRIPTION

This is my presentation to SecureCloud 2014. Incident Response in the Cloud. The presentation looks at the challenges in dealing with incident response in the cloud compared to traditional onsite response. It also suggests ways to overcome those challenges

TRANSCRIPT

Page 1: Incident Response in the Cloud

Helping You Piece IT Together

http://www.bhconsulting.ie [email protected]

Incident Response&

Cloud Security

Page 2: Incident Response in the Cloud

Who Am I?

[email protected]

www.twitter.com/brianhonanwww.bhconsulting.ie/securitywatch

Page 3: Incident Response in the Cloud

Business View of The Cloud

Page 4: Incident Response in the Cloud

Vendor View of the Cloud

Page 5: Incident Response in the Cloud

Security View of the Cloud

5

Page 6: Incident Response in the Cloud

Stuff Happens !!

Page 7: Incident Response in the Cloud

Traditional Incident Response

Detect

Contain

Eradicate

Remediate

Recover

Review

Communicate

Page 8: Incident Response in the Cloud

Traditional IR

Page 9: Incident Response in the Cloud

Cloud Incident Response

Page 10: Incident Response in the Cloud

How Do You Contain Cloud?

Page 11: Incident Response in the Cloud

Where is Your Data?

Page 12: Incident Response in the Cloud

Data Protection & Privacy

Page 13: Incident Response in the Cloud

Change of Mindset

Page 14: Incident Response in the Cloud

Change of Mindset

Page 15: Incident Response in the Cloud

Same IR Principles

Detect

Contain

Eradicate

Remediate

Recover

Review

Communicate

Page 16: Incident Response in the Cloud

Engage Early with Business

Page 17: Incident Response in the Cloud

Ensure IR Requirements in T&Cs

Page 18: Incident Response in the Cloud

Establish Team

Information Security Operations Human

Resources Legal Public Relations

Facilities Management CSP

Page 19: Incident Response in the Cloud

Establish Relationships

Page 20: Incident Response in the Cloud

Agree Roles & Responsibilities

Page 21: Incident Response in the Cloud

Agree Policies & Procedures

Page 22: Incident Response in the Cloud

Agree Jurisdictional Issues

Page 23: Incident Response in the Cloud

Agree Disclosure Rules

Page 24: Incident Response in the Cloud

Notification in Place

Page 25: Incident Response in the Cloud

Set up Alerting Mechanisms

Page 26: Incident Response in the Cloud

Access to Logs

Page 27: Incident Response in the Cloud

Other Alerting Mechanisms

Page 28: Incident Response in the Cloud

Identify Tools

Page 29: Incident Response in the Cloud

Practise Makes Perfect

Page 30: Incident Response in the Cloud

Agree Testing

Page 31: Incident Response in the Cloud

Review & Measure

Page 32: Incident Response in the Cloud

Questions To CSP

Will the CSP Give You Access to Log Files, Including RAW Data?

What Is the CSP’s SLA? Are Security Demarcations Clearly Understood? What Are the CSP preventative measures?

DDOS Mitigation Security Monitoring, Alert You of Breach IR Plan

Page 33: Incident Response in the Cloud

Questions ?

@brianhonan

Computer Forensics and Incident Response in the Cloud · PDF fileComputer Forensics and Incident Response in the Cloud . ... MS-SQL Server. MySQL. HTTP. MS-DS Service. RPC. FTP.

Lesson 6 Basics of Incident Response. UTSA IS 6353 Security Incident Response Overview Hacker Lexicon Incident Response

California-Joint Cyber Incident Response Guide Cyber Incident...Feb 27, 2018 · Incident Response Lifecycle A security incident response capability will be developed and implemented

Improving Incident Response Incident Response Agenda Why Incident Response is Important Threats, Numbers, Traditional Response What is an Incident

(SEC404) Incident Response in the Cloud | AWS re:Invent 2014

AWS Security Incident Response Guide...• Educate your security operations and incident response staff about cloud technologies and how your organization intends to use them. •

Lesson 5 Introduction to Incident Response. UTSA IS 6353 Incident Response Overview Hacker Lexicon Incident Response

CrowdStrike Services CROWDSTRIKE INCIDENT RESPONSE AND PROACTIVE …€¦ · CrowdStrike Incident Response & Proactive Services. 01 AM I BREACHED? INCIDENT RESPONSE The CrowdStrike

Enterprise Incident Response - Cisco · Enterprise Incident Response: ... Case Study 2: Removable Media. ... • Full-scope incident response, analysis, and investigation

How to Response Against Web Security Incident...Agenda Incident Response Life Cycle Recap Incident Response Web Hacking PlayBook Incident Response Step for Web Hacking Security Incident

RSA Incident Response: Emerging Threat Profile€¦ · RSA Incident Response incident response RSA Incident Response: Emerging Threat Profile . Shell_Crew . January 2014

TRAUMATIC INCIDENT RESPONSE PROGRAM …Traumatic Incident Response Program Manual March 2014 2 SECU State Employees' Credit Union TIR Traumatic Incident Response TIRC Traumatic Incident

Incident Response in the Cloud Age - Securosis · Shifting Foundations Since we published our React Faster and Better research and Incident Response Fundamentals, quite a bit has

Incident Response Incident Response Process Forensics

Exam information - Universitetet i oslo · Incident response is a reaction to unexpected events. Incident response shall reduce negative consequences of an incident. As incident response

Incident Response Preparedness: Best Practices - lba.org Crocker - Incident Response - Are... · Sr. Incident Response Consultant, Incident Response & Digital Forensics . SecureWorks

Cyber incident response - KPMG · the incident response programme. Incident response programme development • Assistance in creation of an incident response programme, process design

CLOUD FORENSICS WITH F-RESPONSE · PROVIDING CLOUD FORENSICS VIA F-RESPONSE Page 3 8/19/2013 CHALLENGE When it comes to performing Incident Response or Computer Forensics Services

INCIDENT RESPONSE ACTIVITY - ICS-CERT · 2017-01-09 · INCIDENT RESPONSE ACTIVITY. INDUSTRIAL CONTROL SYSTEMS. CYBER EMERGENCY RESPONSE TEAM. INCIDENT RESPONSE ACTIVITY. SITUATIONAL

Be Prepared: Incident Response and Business Continuity ... · Incident Response and Business Continuity —What These Are Incident response management Ensure proper management response

Digital Forensics, Incident Response, and Cloud Computing · Digital Forensics, Incident Response, and Cloud ... •Cloud-ready incident response and forensics: ... forensics-incident-response-summit-jesse-kornblum-computer

Business Resilience & Incident Response Are You Ready? · Resilience & Incident Response ... Business Resilience & Incident Response ... Business Resilience & Incident Response Are

Incident Response and Forensic Prepardness - ACUIA.org - Incident Response... · Incident Response and Forensic Preparedness ... and intrusion detection and antivirus products

Microsoft Azure Security Response in the Cloud · PDF fileMicrosoft Azure Security Response in the Cloud . ... The security incident response SOP is designed to be clear ... 2.1 Azure

Communication Strategies for Incident Response - · PDF fileEffective incident response requires more than notification technologies. Real-time collaboration among incident response

Logicworks’ Cloud Incident Response Team Downloads/Case...155 AVENUE OF THE AMERICAS, FIFTH FLOOR | NEW YORK, NY 10013 | P: 212.625.5300 | !!! Logicworks’ Cloud Incident Response

Incident response

1. Incident Response System Modelling...2 1. Incident Response System Modelling The Incident Response (IR) subsystem is responsible for handling any incident message and providing

Data Breach IncIDent response plan toolkIt · Incident Response Team 3 Incident Response Contact Sheet 4 Suspecting or Detecting an Incident 5 Incident Response Discovery Form 6 Incident

Incident Response Plan - Spearstonespearstone.com/resources/Breach_Response_Plan_by_AICPA.pdf · 4 Table of Contents Incident Response Plan 6 Incident Response Team 6 Incident Response

Automate Your Cloud Security · Cloud Security Secure Your Cloud Visibility Governance & Compliance Simplified Monitoring Data Security Threat Protection Incident Response User Behavior

Incident Response Cloud Computing Business Use Case 03162011 Heart Beacon

POLLUTION INCIDENT RESPONSE MANAGEMENT PLAN FOR …danielsinternational.com.au/.../pollution-incident-response-plan.pdf · CONFIDENTIAL & PROPRIETARY | POLLUTION INCIDENT RESPONSE

Incident response cloud

Incident Response - asecuritysite.com · Incident Response Eve ... Snort. Intrusion Detection System Alice Cloud AWS Cloudtrail. Amazon S3. Azure. Application Serv Weblogic. WebSphere