Every SOC on the planet is grappling with the challenges of integrating detection techniques and response processes for public cloud computing.
This presentation by Rich Mogull, SVP Cloud Security at FireMon, delves into the details with a framework for modernizing response operations, combined with technical details and examples.
- Understanding the key cloud security feeds of the big three providers and how to collect them without falling behind attackers.
- How, and why, to treat cloud misconfigurations as threats.
- Building cloud IoCs, including top examples and why they matter.
- The role of key security feeds and response tools from AWS, Azure, and GCP.
- Balancing log volume and storage locations.
- Top tips for integrating cloud events into an existing SOC.
- Leveraging DevOps techniques for a distributed response process, and how engaging cloud teams will reduce SOC pressure while improving response.
This video was recorded at IRISSCON 2022, an annual conference organized by IRISSCERT. The all-day event focuses on providing attendees with an overview of the current cyber threats facing businesses in Ireland and what they can do to help deal with those threats.