Explore incident response strategies for AWS environments in this 51-minute RSA Conference talk. Gain insights into AWS-specific security incidents, learn about the unique architecture and components of Amazon's cloud platform, and discover how traditional incident response principles can be adapted. Delve into detailed use cases, understand the shared responsibility model, and explore key AWS services like CloudWatch and CloudTrail. Examine real-world scenarios, including metadata service incidents and data loss prevention. Learn to leverage AWS Config, snapshot management, and security group modifications for effective incident response. Discover valuable resources such as AWS Labs, Threat Response Repository, and AWS Security Fundamentals training to enhance your cloud security skills. Develop a 90-day plan to improve your organization's AWS incident response capabilities.
Clearing the Clouds - Incident Response in AWS - Isn’t as Bad as You Thought
Overview
Syllabus
Welcome
Introduction
Agenda
AWS Incident Response Path
What this session is
Poll Question
AWS Architecture
Shared Responsibility Model
Incident Response Services
Machine Learning Stack
AWS Framework
AWS Console
Where to Focus
Cloud Watch vs Cloud Trail
Roadblocks to Incident Response
Use Cases
The Incident
The Metadata Service
Why Should We Care
Code Spaces
Data Loss
How to Respond
Available Services
AWS Config
Copy a Snapshot
Change Security Group
Other Options
AWS Labs
Threat Response Repository
Threat Response Walkthrough
Secret Key
Search
AWS Training
AWS Security Fundamentals
SecureDoc Cloud
Whats your 90 day plan
QA
Sandbox
Taught by
RSA Conference
