Explore TD Ameritrade's journey in solving cloud security logging across multiple platforms in this 54-minute RSA Conference talk. Delve into the human element of determining critical logs for cloud environments, and discover use cases and agile implementation strategies for enabling security logging on AWS and Azure to support incident response and threat management. Gain insights into public cloud security threats, opportunities for detecting attacks and data exfiltration, and approaches to clearing the log fog. Learn about cloud logs by cloud services, monitoring critical events and activities, and context-based monitoring. Examine multi-cloud logging architectures for on-premises SIEM and CSP Cloud SIEMS, and explore critical attributes for log monitoring. Investigate specific use cases for system visibility, audit logging, network visibility, and automated agent deployment across AWS and Azure environments. Conclude with a comprehensive takeaway checklist to enhance your cloud security logging practices.
Overview
Syllabus
Intro
Public Cloud Security Threats
Opportunities To Detect Attacks, Data Exfiltration
Clear The Log Fog
Public Cloud Security Program
Approach
Cloud Logs by Cloud Services
Monitor Critical Events & Activities
Context Based Monitoring
Log Types, Critical Events & Attributes
Cloud Security Insights Matter
Multi-Cloud Logging Architecture - On-Premises SIEM
Multi-Cloud Logging Architecture - CSP Cloud SIEMS
Critical Attributes For Log Monitoring
AWS Network Log
Use-case: System visibility for Compute
Use-case: AWS Audit Logging
Use-case: Network visibility for Security Events
Azure Active Directory Logs
Use-case: Automated Agent Deployment
Use-case: Network & Resource visibility for Security Events
Take Away Checklist
Taught by
RSA Conference
