Cloud Security Operations

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
9 hours 59 minutes
Difficulty
Intermediate
CEU/CPE
10
Video Transcription
00:01
>> This video, we're going to review key points
00:01
regarding Cloud security operation.
00:01
These will be takeaways from
00:01
Domain 9 incident response and
00:01
Domain 13 security as a service.
00:01
Incidents happen in the incident response life cycle
00:01
as you wait to deal with them.
00:01
In this 861 was
00:01
an example protocol for incident handling.
00:01
It had several different phases.
00:01
Preparation, detection, and analysis,
00:01
contain, eradicate,
00:01
and recover and post incident activities.
00:01
For preparation we wanted to make sure we have SLAs
00:01
established as well as
00:01
defined roles and responsibilities.
00:01
This is setting expectations with
00:01
customers and making sure
00:01
that within your own organization,
00:01
you know who is going to be doing what?
00:01
Then you're going to create and test
00:01
the communication plan you put in place.
00:01
More on communication plan in a second.
00:01
At that point, it's all about detect and analyze.
00:01
This is setting up alerting as well as
00:01
some automated responses when you see erratic behaviors.
00:01
Since this alerting will be based on logs,
00:01
you have to know how to interpret your data logs.
00:01
Because keep in mind in the Cloud,
00:01
the logs are going to look a little different.
00:01
The network logs, you'll probably be relying on
00:01
application logs when monitoring the past based services.
00:01
From their contain, eradicate, and recover.
00:01
Once something is going wrong, what are you going to do?
00:01
First things first, clear the management plane.
00:01
This is key to thwarting an attacker,
00:01
because if they have control here,
00:01
you can take
00:01
all the other preventative measures you want.
00:01
They're still going to have the keys to
00:01
the kingdom and they may even be able to determine
00:01
that you're trying to take
00:01
preventative actions and then get
00:01
really upset and be more drastic and what they're doing.
00:01
Also, be sure to leverage
00:01
software defined networking This
00:01
allows you to isolate and rebuild your Apple Structure,
00:01
taking maybe a compromised virtual machine,
00:01
segmenting it off, isolating
00:01
it from the rest of the network.
00:01
This allows you to more
00:01
detailed forensics after the fact.
00:01
Finally, post incident activities.
00:01
This is where you're going to review what happened?
00:01
Who did what? How did you go through the procedure?
00:01
Maybe even identify some areas for future improvement.
00:01
The communication plan was a key part of
00:01
preparation for incident response,
00:01
but communication itself is also very important.
00:01
In fact, it's so important,
00:01
I wanted to highlight it again.
00:01
Have a communication plan in place.
00:01
This ensures the appropriate
00:01
internal and external parties
00:01
are engaged.
00:01
This communication can be helpful while
00:01
you're debugging and addressing the problem.
00:01
For example, communicating with a cloud provider.
00:01
But it's also helpful to report problems when
00:01
appropriate to the appropriate authorities.
00:01
For example, telling customers about data loss and
00:01
even escalating nefarious activities to law enforcement.
00:01
Closing out the material.
00:01
Recap, let's review the security as a service.
00:01
These services are managed in
00:01
the Cloud and exhibit many of the Cloud benefits,
00:01
elasticity, pay as you go,
00:01
upgrades are handled by the vendor and so on.
00:01
They are typically used to monitor Cloud workloads,
00:01
but it can also be used to manage
00:01
hybrid or on-prem environments.
00:01
SecaaS is a broad concept in
00:01
the market appetite for these capabilities is growing.
00:01
Some of the more common categories of these services
00:01
include Identity Access Management Services,
00:01
Cloud application security brokers
00:01
, web security gateways,
00:01
e-mail scanning,
00:01
security assessments, vulnerability assessments,
00:01
web application firewalls, which are a great example of
00:01
how SecaaS services can
00:01
actually insulate you from attackers.
00:01
Software incident and event management,
00:01
key management for the encryption and cryptography,
00:01
as well as business continuity and disaster recovery.
00:01
Then wrap up our recap of the major parts and
00:01
key takeaways from throughout
00:01
all 16 domains of the CSA guidance.
00:01
But there's one more video
00:01
left and it's very important one.
00:01
I'll see you in just a moment.
Up Next
Course Assessment - CCSK
Assessment
30m