Monitoring for attacks and defending against them in real-time is crucial. The mean time to detect (MTTD) has become an important criteria for cloud admins and SREs. Defending our cloud infrastructure during attacks is a challenge in the best of times and especially difficult when under attack.
In this training, we will learn how to do orchestration for security which enable us to do automated response. Sometimes this approach is also known as Security Orchestration and Automated Response (SOAR). We will learn how to utilize cloud native services supplemented by the ELK stack to offer automated response. Cloud native services such as AWS Lambda along with DynamoDB offers the freedom to DevSecOps teams to bring in security without worrying about one more server they need to manage.
Elastic Stack will collect, analyze logs and triggers alerts based on configured rule-set. Serverless stack drives the defense to perform automated response by blocking, slowing down attackers and alerting the defenders. The approach is cloud agnostic and works anywhere where we are able to respond programatically using APIs.
During the training, you will be able to orchestrate and see the automated response work for the following scenarios.
Key Take Aways
Some of the topics and techniques covered will include (at a minimum):
We start day one by setting the stage for automated response by deploying a centralized monitoring & alerting system
We will focus on day two by adding a Serverless stack to defend against the cloud infrastructure based on the near real-time alerts to match DevOps speed