Cloud Security Monitoring and Threat Detection in AWS

Interested in more great talks like this? SANS CloudSecNext 2022 FREE Global Summit is coming up May 3-4. Learn more and register here: https://www.sans.org/cyber-security-t... In this talk, Shaun McCullough SANS Certified Instructor and author of the brand new class SEC541: Cloud Monitoring and Threat Detection, will talk about Threat Detection in a cloud environment. We will work through what is Hunting, and how it should be approached for Cloud environments. Then, we will look at some specific threats, and investigate the AWS tools that generate the log data we can use to detect those threats. Services such as CloudTrail, VPC Flow Logs and CloudWatch can be used to collect and analyze the data, while GuardDuty, Config and Inspector have their own detections built in. This material is directly related to SEC541: Cloud Security Monitoring and Threat Detection which you can learn more about here, https://www.sans.org/cyber-security-c... About the Speaker As a hands-on practitioner with a gift for architecture design, Shaun explores the good and bad of how the Cloud is changing the way the industry secures and runs infrastructure. During his 25+ years of experience, Shaun has spent equal parts in security engineer and operations as well as software development. With extensive experience within the Department of Defense, Shaun was the Technical Director of the Red and Blue operations teams, a researcher of advanced host analytics, and ran a threat intelligence focused open source platform based on MITRE ATT&CK. Previously, he was a consultant with H&A Security Solutions, focusing on analytic development, DevOps support, and security automation tooling. Shaun is co-author of SANS SEC541: Cloud Monitoring and Threat Detection.