Automated Defense using Cloud Services for AWS, Azure and GCP
Abstract
Monitoring for attacks and defending against them in real-time is crucial. Defending our cloud infrastructure during attacks can prove to nightmare even with the currently available solutions in the market. We live in cloud first era where the cloud is our first choice of deployment due to the convenience and scalability. In this training we will learn how to defend our cloud infrastructure using Serverless technologies and Elastic Stack. Elasticstack will collect, analyse logs and triggers alerts based on configured rule-set. Serverless stack drives the defence to perform automated blocking. It will be configured based on the use case and type of attacks. The currently solution works on AWS, Azure and GCP. It can be extended for other providers and custom solutions like in house firewalls, IPS, etc.
The world is advancing towards accelerated deployments using DevOps and Cloud technologies. Automated defence will solve the modern world security challenges using near real-time alerting system, serverless technologies and centralised monitoring system.
Scenarios
- SSH Bruteforce detection & defense
- Content Management System Audit analysis
- VPC flow logs to defend cloud services (AWS)
- IAM CloudTrail logs to detect and defend against backdoors (AWS)
- Container logs to audit Kubernetes security Cloud Custodian for automated compliance
Participants will get
- Step by Step Gitbook covering the entire training (html, pdf, epub, mobi)
- Custom Ansible Playbooks
- Automated Defence Solution for AWS, Azure, GCP
Some of the topics and techniques covered will include (at a minimum):
Day one starts by setting the stage for automated defence by tackling Centralised Monitoring & Alerting System.
- Understanding limitations of existing solutions
- Setting & Hardening Elasticstack using Ansible Playbooks
- Configuring Infrastructure to send logs
- Attack patterns analysis and detection
- Building attack monitoring dashboards
- Setting up near real-time alerts (slack, email, etc.)
Day two focus on advancing the setup by adding serverless stack to defend against the Infrastructure based on the near real-time alerts to match DevOps speed.
- Getting started with serverless
- Deploying serverless stack for defence
- Automated attack generation
- Automated defence using serverless stack
- Near real-time alerts & defence with different attack simulations
- Defenders CTF with scenarios
- Best practices and deployment strategies
We will be deploying mostly in Amazon Web Services, with some demonstrations on Microsoft Azure and Google Cloud Platform. But serverless defence code will be given for three clouds.
WHO SHOULD TAKE THIS COURSE
- Security Engineers & Analysts
- SOC Teams
- DevOps Teams
- Who is interested in automating security monitoring
STUDENT REQUIREMENTS
- Able to use Linux CLI
- Basic understanding of TCP/IP
- Security Experience would be plus
- Understanding about different cloud providers will be advantage
WHAT STUDENTS SHOULD BRING
- Laptop with admin/root privileges for VM setup and wireless connectivity
- Students MUST sign up for AWS, Azure, GCP accounts before training begins
WHAT STUDENTS WILL BE PROVIDED WITH
- Customised VM with all the required tools installed
- Step by Step Gitbook covering the entire training (html, pdf, epub, mobi)
- Custom Ansible Playbooks
- Automated Defence Solution for AWS, Azure, GCP
Madhu Akula
Never Ending Learner!
Madhu Akula is a pragmatic security leader and creator of Kubernetes Goat, an intentionally vulnerable by design Kubernetes Cluster to learn and practice Kubernetes Security. Also published author and cloud native security researcher with an extensive experience. Also he is an active member of the international security, devops and cloud native communities (null, DevSecOps, AllDayDevOps, AWS, CNCF, USENIX, OWASP, etc). Holds industry certifications like OSCP (Offensive Security Certified Professional), CKA (Certified Kubernetes Administrator), CKS (Certified Kubernetes Security Specialist), etc. Madhu frequently speaks and runs training sessions at security events and conferences around the world including DEFCON (24, 26, 27, 28, 29, 30), BlackHat (2018, 19, 21, 22 & 23), USENIX LISA (2018, 19 & 21), SANS Cloud Security Summit 2021 & 2022, O’Reilly Velocity EU 2019, GitHub Satellite 2020, Appsec EU (2018, 19, 22), All Day DevOps (2016, 17, 18, 19, 20, 21 & 22), DevSecCon (London, Singapore, Boston), DevOpsDays India, c0c0n(2017, 18 & 20), Nullcon (2018, 19, 21 & 22), SACON 2019, Serverless Summit, null and multiple others. His research has identified vulnerabilities in over 200+ companies and organisations including; Google, Microsoft, LinkedIn, eBay, AT&T, WordPress, NTOP and Adobe, etc and credited with multiple CVE’s, Acknowledgements and rewards. He is co-author of Security Automation with Ansible2 (ISBN-13: 978-1788394512), which is listed as a technical resource by Red Hat Ansible. He is the technical reviewer for Learn Kubernetes Security, Practical Ansible2 books by Packt Pub. Also won 1st prize for building Infrastructure Security Monitoring solution at InMobi flagship hackathon among 100+ engineering teams.