this video, we're gonna review key points regarding cloud Security Operation Thes airy takeaways from Domain nine, Incident Response and domain 13. Security as a service.
Incidents happened in the incident Response Life cycle is your way to deal with them. Missed 861 was an example protocol for incident handling. It had several different phases. Preparation, detection and analysis, container advocate and recover and post incident activities
for preparation. Wanted to make sure we have SL is established
as well as defined roles and responsibilities. This is setting expectations with customers and making sure that within your own organization, you know who is going to be doing what. Then you're going to create and test the communication plan you put in place for a communication plan in the second.
At that point, it's all about detecting. Analyze. This is setting up alerting as well as some automated responses. When you see erratic behaviors and since this alerting will be based on logs, you have to know how to interpret your data logs because keep in mind in the cloud, the logs are gonna look a little different. The network logs. You'll probably be relying on application logs
when monitoring the past based services
from there contain, eradicate and recover. Once something is going wrong, what are you going to do? First things first clear. The management plane. This is key to thwarting an attacker is that they have control Here. You can take all the other preventative measures you want. They're still gonna have the keys to the kingdom. And they may even be able to determine
that you're trying to take preventative actions and then get really upset and be more drastic and what they're doing.
Also, be sure the leverage software defined networking. This allows you to isolate and rebuild your apple structure, taking maybe a compromise virtual machine. Segmenting it off, isolating it from the rest of the network. This allows you to more detailed forensics after the fact. Finally, post incident activities. This is where you're going to review what happened. Who did what?
How did you go through the procedure
and maybe even identify some areas for future improvement?
The communication plan was a key part of preparation for incident response, but communication itself is also very important. In fact, it's so important. I wanted to highlight it again, have a communication plan in place. This ensures the appropriate internal and external parties are engaged. This communication could be helpful while you're debugging and addressing the problem. For example, communicating with the cloud provider.
But it's also helpful to report problems when appropriate
to the appropriate authorities, for example, telling customers about data loss and even escalating the various activities to law enforcement
and closing out the material. Recap. Let's review the security as a service.
These services are managed in the cloud and exhibit many of the cloud benefits elasticity pays you go. Upgrades were handled by the vendor and so on. They're typically used to monitor cloud workloads, but they can also be used to manage hybrid or on prem environments. Seconds is a broad concept in the market. Appetite for these capabilities is growing.
Some of the more common categories of these services include identity access management services,
cloud application, security, broker's Web security gateways, email, email, scanning, security assessments, vulnerability assessments, Web application virals, which are a great example of how seconds services can actually insulate you from Attackers, software incident and event management. Key management for the encryption and cryptography, as well as
as well as business continuity and disaster recovery and then wraps up our recap of the major parts and key takeaways from throughout all 16 domains of the C s. A guidance,
but there's one more video left ends a very important one, so I'll see you in just a moment.