However difficult the foggy cloud may make it to find out what you need to know, there is always a ray of sunshine that shines a light on security… Because yes, you can automate incident response in the cloud, as Jeroen Vandeleur, Service Line Manager for cyber architecture and cloud security at NVISO, proves in his presentation. That is, provided you enable the available means in the cloud to log and centralize the necessary information, “this is part of the shared responsibility regarding security in the cloud!” Otherwise, you will have no idea about the means, the motive and the opportunity of the cyber criminal. “It would be like a murder case, without a body.”

Common mistakes relate to traffic filtering/logging, enabling default logging, the retention period of log data, access management, host configurations and identification of resource owner – “6 challenges when doing incident response in the cloud.” Both MS Azure and Amazon AWS provide basic and advanced security features, “so make use of what is available,” with Jeroen Vandeleur providing a concise comparison of both offerings.

The ultimate proof of the pudding is in showing how to actually automate incident response handling in a SOC. NVISO has an agile and flexible approach, based on the military ‘observe, orient, decide, act upon’ principle (OODA). Jeroen Vandeleur provided an example of how to script response rules, based on an internal incident case, finishing with an extensive demo (with reference where the script code can be found).

This webinar was the final session in the Cloud Security experience-sharing event, with grateful appreciation expressed to Jeroen Vandeleur as the driving force behind this event.

Nos autres articles

NIS-2: Where are you?

In December 2020 the European Commission published a proposal to repeal the current NIS Directive (European Directive on Network and Information Systems) and to replace it with a new Directive: the so-called NIS-2 Directive. This post will give an update on the status of negotiations of NIS-2, and will outline the aspects we already know and don’t know about the upcoming Directive’s final form.  

SANS Experience Sharing Event

The Cyber Security Coalition and top cybersecurity trainer SANS Institute joined forces to provide specially needed insights and recommendations on successful cloud security, as well as how to handle cyber security in these times of war.

Privacy Focus Group – Practical AI Use Cases

It is easy to drown in the sea of dire warnings about the danger of AI, in particular to our privacy. The main point is that AI in good trust is possible, but requires solid, long term and well-structured approaches. This session of the Privacy focus group offers some crucial insights and welcome examples.

30 November: Computer Security Day: Ada Lovelace

On computer security day we pay tribute to Ada Lovelace, the forgotten mother of the computer. Often described as the first computer programmer — before computers were even invented — Ada was a real visionary. Imagine what she might have achieved had Babbage actually built his “computer” and she hadn’t died at the age of 36.

Partagez ce contenu avec votre réseau :