Cloud Security Monitoring at Auth0 - Security BSides Seattle

•

1 j'aime•707 vues

The slides from Eugene Kogan's talk on cloud security monitoring at Auth0, presented at Security BSides Seattle, 2017. More details at our blog: https://auth0.engineering/cloud-security-monitoring-at-auth0-ff5e87ad1141

Logiciels

Cloud Security
Monitoring
Security BSides Seattle
Eugene Kogan - @eugk - February 4, 2017
(for startups, mostly)

–President Ronald Reagan
Trust, but verify.

Awareness
Visualization
Misuse detection
Change detection
Incident detection
Incident response

Splunk
Graylog
Elastic Stack
Loggly
Logentries
Fluentd
Sumo Logic
AWS
G Suite
Dropbox
GitHub
GitLab
Slack
Zendesk
Salesforce
Jenkins
Syslog
Webhooks

_sourceCategory=cloudtrail_aws_logs* | json auto | where event_name
matches "*Trail" or event_name matches "StartLogging" or event_name
matches "StopLogging" | lookup awsaccountname from /shared/
awsaccounts on recipient_account_id = awsaccountid | count as count
by event_name, recipient_account_id, awsaccountname, user_name,
principle_id, accesskey_id

You should be doing
cloud security monitoring
today.

Action items
Know which cloud services your organization uses
Have a modern platform for collection, analysis, alerting
Collect the right data from cloud and internal systems
Use this data wisely
Ensure your staff has the right skills to do all of the above

The end 🖖
auth0.engineering/tagged/security
twitter.com/eugk

Contenu connexe

En vedette

Bioocean1 :Introduction to Biological Oceanography

Gazi Abdullah

Build_Buy_StreamAnalytix_WhitePaper

Jane Roberts

DFW meetup Cognitive services - parashar - feb 22

Parashar Shah

Joe Caserta was a featured speaker, along with MIT Sloan School faculty and other industry thought-leaders. His session 'You're the New CDO, Now What?' discussed how new CDOs can accomplish their strategic objectives and overcome tactical challenges in this emerging executive leadership role. In its tenth year, the MIT CDOIQ Symposium 2016 continues to explore the developing role of the Chief Data Officer. For more information, visit http://casertaconcepts.com/

You're the New CDO, Now What?

Caserta

An examination of the trends of Big Data and Advanced Analytics as well as the technology, services and education needed to thrive in this new field. This session explores examples of true industry-disruptive analytics-driven transformations and the catalysts for transformation. Examining the role of people is paramount to success in order to develop a high-performing data scientist team - starting today.

Disruptive Data Science - How Data Science and Big Data are Transforming Busi...

EMC

Advantage of Clouds over Traditional Distributed Systems,Clouds,Service-Oriented Architecture (SOA) Layered Architecture,Performance Metrics and Scalability Analysis,System Efficiency,Performance Challenges in Cloud Computing,What is cloud computing and why is it distinctive?,CLOUD SERVICE DELIVERY MODELS AND THEIR PERFORMANCE CHALLENGES,Cloud computing security,What does Cloud Computing Security mean,Cloud Security Landscape,Distinctions between Security and Privacy,Energy Efficiency of Cloud Computing,How energy-efficient is cloud computing?

Cloud Computing System models for Distributed and cloud computing & Performan...

hrmalik20

Building an ai with raspberry pi

Haesung Lee

Are You Ready For Clean Code?

Whisnu Sucitanuary

Giovanni Lanzani GoDataDriven

BigDataExpo

Keynote #Enterprise - L'ouverture du Cloud Microsoft, transformation open sou...

Paris Open Source Summit

2017-10-03 Session aOS - Back from Ignite - MS Experiences

Patrick Guimonet

NUON Rens Weijers

BigDataExpo

5733 a deep dive into IBM Watson Foundation for CSP (WFC)

Arvind Sathi

Rise of Container (RoC)

Somkiat Puisungnoen

Equipping IT to Deliver Faster, More Flexible Service Management

Cognizant

Problem determination is an important focus area in the IBM WebSphere Application Server. Serviceability improvements have been added that have greatly improved the ability to find root causes of problems in both the full IBM WebSphere Application Server profile, and the newer Liberty profile. The session focuses on how to effectively use serviceability improvements added to the application server since V8.0. This includes high performance extensibe logging, cross-component trace, IBM Support Assistant data collector, timed operations, memory leak detection/prevention, and IBM Support Assistant 5. Presented at the WebSphere Technical University 2014, Dusseldorf

WebSphere Technical University: Top WebSphere Problem Determination Features

Chris Bailey

With Verizon’s global customer base, managing and constantly improving customer experience for over 5 million users can be challenging. They found themselves spending too much time searching for and remediating bugs in their code, which reduced the quality of their customer experience and left little time for innovation. That’s why they initially turned to Dynatrace and AWS — to help them streamline the process of finding and remediating issues. They quickly realized, though, that they could do a lot more than simply find bugs by leveraging both AWS and Dynatrace, which led them to a complete DevOps transformation. By leveraging AI-driven feedback provided by Dynatrace along with AWS services such as AWS CloudFormation, AWS CodeDeploy, and Amazon Route 53, Verizon completely revamped the speed and quality of their deliverables. Join our upcoming webinar to learn how Verizon is using Dynatrace on AWS to optimize their delivery pipeline

How Verizon Innovates Through AI-Driven DevOps with Dynatrace

Amazon Web Services

IBM z Systems Sessions at IBM Edge 2015

IBM z Systems

Primend Pilvekonverents - Azure Infrastruktuur

Primend

أساسيات العمل الجماعي

Ismail Ibrahim

En vedette (20)

Bioocean1 :Introduction to Biological Oceanography

Build_Buy_StreamAnalytix_WhitePaper

DFW meetup Cognitive services - parashar - feb 22

You're the New CDO, Now What?

Disruptive Data Science - How Data Science and Big Data are Transforming Busi...

Cloud Computing System models for Distributed and cloud computing & Performan...

Building an ai with raspberry pi

Are You Ready For Clean Code?

Giovanni Lanzani GoDataDriven

Keynote #Enterprise - L'ouverture du Cloud Microsoft, transformation open sou...

2017-10-03 Session aOS - Back from Ignite - MS Experiences

NUON Rens Weijers

5733 a deep dive into IBM Watson Foundation for CSP (WFC)

Rise of Container (RoC)

Equipping IT to Deliver Faster, More Flexible Service Management

WebSphere Technical University: Top WebSphere Problem Determination Features

How Verizon Innovates Through AI-Driven DevOps with Dynatrace

IBM z Systems Sessions at IBM Edge 2015

Primend Pilvekonverents - Azure Infrastruktuur

أساسيات العمل الجماعي

Similaire à Cloud Security Monitoring at Auth0 - Security BSides Seattle

Sumo Logic Cert Jam - Security Analytics

Sumo Logic

With the rapid migration to the cloud, it’s becoming increasingly difficult to keep track of all of the different data sources, commands, and tools available from each Cloud Service Provider (CSP). This cheat sheet was designed to provide security professionals with an overview of key best practices, data sources and tools that they can have at their disposal when responding to an incident in an AWS environment.

AWS Incident Response Cheat Sheet.pdf

Christopher Doman

This session is designed to teach security engineers, developers, solutions architects, and other technical security practitioners how to use a DevSecOps approach to design and build robust security controls at cloud-scale. This session walks through the design considerations of operating high-assurance workloads on top of the AWS platform and provides examples of how to automate configuration management and generate audit evidence for your own workloads. We’ll discuss practical examples using real code for automating security tasks, then dive deeper to map the configurations against various industry frameworks. This advanced session showcases how continuous integration and deployment pipelines can accelerate the speed of security teams and improve collaboration with software development teams.

SEC303 Automating Security in Cloud Workloads with DevSecOps

Amazon Web Services

SEC303 Automating Security in cloud Workloads with DevSecOps

Amazon Web Services

Remediate and secure your organization with azure sentinel

Samik Roy

Zentral macaduk conf 2016

Henry Stamerjohann

Splunk and node

Glenn Block

OpenStack Security Project

Travis McPeak

Secure your Web Application With The New Python Audit Hooks

Nicolas Vivet

What the Struts?

Joe Kutner

AWS classifies cloud incidents across three domains: Service, Infrastructure and Application. There has been much previous discussion across the Service and Application domains, see for example the excellent SANS DFIR 2022 Keynote. This talk will focus on the unique challenges and opportunities of responding to incidents in the Infrastructure domain. Cloud Service Providers, such as AWS, GCP and Azure, often introduce artifacts of forensic value when developing features for automation and monitoring of resources. Typically, these artifacts are undocumented and exist purely for the provider's own troubleshooting, but they also provide valuable insight to an investigator analyzing malicious activity on a system. Frequently, this insight surpasses that of “provider-supported” forensic data sources. Most of the discourse around performing forensics in the cloud focuses on provider-level logging. While this is undoubtedly useful, practitioners understand that resource-level forensic analysis is crucial when responding to incidents affecting cloud infrastructure. And much of this knowledge remains opaque and undocumented. In this presentation, Chris Doman, CTO of Cado Security will present novel research of undocumented forensic artifacts from cloud service provider specific operating systems and tools. He will provide the audience with an overview of forensic techniques across cloud compute and serverless environments. He will also discuss native operating system artifacts, contrast them with their cloud equivalents and consider their usefulness in the context of the cloud. Attendees can expect to gain a unique perspective on resource-level cloud forensics and should leave the talk with a host of new data sources and knowledge for performing forensic analysis of cloud resources.

A New Perspective on Resource-Level Cloud Forensics

Christopher Doman

How to Use OWASP Security Logging

Milton Smith

2012-10-16 Mil-OSS Working Group: Introduction to SCAP Security Guide

Shawn Wells

JS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложение

JSFestUA

We will walk you through a hypothetical incident response managed on AWS. Learn how to apply existing best practices as well as how to leverage the unique security visibility, control, and automation that AWS provides. We will cover how to setup your AWS environment to prevent a security event and how to build a cloud-specific incident response plan so that your organization is prepared before a security event occurs. This session also covers specific environment recovery steps available on AWS. Learn More: https://aws.amazon.com/government-education/

Incident Response in the Cloud | AWS Public Sector Summit 2017

Amazon Web Services

Native cloud security monitoring

John Varghese

Managing infrastructure as code has become an important process in scaling software organizations. This brings many software development processes and ideas to operations, including version control, automated testing, configuration management and reliable duplication. Programmable infrastructure becomes invaluable as application services grows, in quantity and granularity, in a growing company. Automating the provisioning, configuration and deployment of complex applications requires some design choices on top of AWS services. This presentation discusses how to implement modularity, reliability and security into continuous delivery pipelines ("DevSecOps"). Learn how to automate application delivery using AWS CloudFormation and other tools from Amazon Web Services.

Integrating_Cloud_Development_Security_And_Operations.pdf

Amazon Web Services

This workshop provides a hands-on opportunity for you to learn to use machine learning (ML) via Amazon SageMaker in your security pipeline. You are guided through the process of feeding data from AWS CloudTrail and Amazon GuardDuty into Amazon SageMaker in order to augment GuardDuty findings. You’ll receive an introduction to Amazon SageMaker and leverage the IP Insights algorithm to train a model based on IP addresses in the CloudTrail logs. This model is used to score IP addresses from GuardDuty findings to gain additional threat information about alerts, enabling security operators to better prioritize alerts for further action.

Using ML with Amazon SageMaker & GuardDuty to identify anomalous traffic - SE...

Amazon Web Services

Microservices observability

Maxim Shelest

6 ways to hack your JavaScript application by Viktor Turskyi

OdessaJS Conf

Similaire à Cloud Security Monitoring at Auth0 - Security BSides Seattle (20)

Sumo Logic Cert Jam - Security Analytics

AWS Incident Response Cheat Sheet.pdf

SEC303 Automating Security in Cloud Workloads with DevSecOps

SEC303 Automating Security in cloud Workloads with DevSecOps

Remediate and secure your organization with azure sentinel

Zentral macaduk conf 2016

Splunk and node

OpenStack Security Project

Secure your Web Application With The New Python Audit Hooks

What the Struts?

A New Perspective on Resource-Level Cloud Forensics

How to Use OWASP Security Logging

2012-10-16 Mil-OSS Working Group: Introduction to SCAP Security Guide

JS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложение

Incident Response in the Cloud | AWS Public Sector Summit 2017

Native cloud security monitoring

Integrating_Cloud_Development_Security_And_Operations.pdf

Using ML with Amazon SageMaker & GuardDuty to identify anomalous traffic - SE...

Microservices observability

6 ways to hack your JavaScript application by Viktor Turskyi

Dernier

We specialize in Psychic Readings, Psychic Love Spells, Binding Love Spells, Obsession Spells, Voodoo Spells, Lottery Spells, Marriage Spells, Black Magic Spells, Palm Readings & much more. Are you depressed? We perform this come-to-me love spell that works instantly with the aim of bringing back the victim to the person performing the magic. Have you lost your lover? We perform this come-to-me love spell that works instantly with the aim of bringing back the victim to the person performing the magic. Have you lost your lover? Do u need to solve any relationship problem? Contact the powerful spells caster chief kule with love spells that work overnight and love spells that really work. Have you found yourself infatuated with a special someone you think could be the one? Are you looking for a spell to provide them with a nudge in the right direction? Or maybe the spell you cast didn’t achieve the results you were hoping for? Whether you’re new or versed in the ways of spell casting, we’re here to help. Today we’re going to provide you with a detailed guide on the types of love spells to cast. Not only that but there’s something for those who wish to find outside advice from more advanced spell casters. We’re also going to provide you with the top sites available to help you with your dilemma. Let’s begin our journey by educating ourselves on love magic and what a real love caster looks like. Love Magic and Love Casters Love magic made its first appearance back in Ancient Egypt and has been an active practice since. This type of magic is a branch of traditional magic and can be practiced in various ways. Typically the more common use of love magic is through the work of spells, but other methods look like Charms Rituals-LOVE Potions-Dolls and even Amulets If you are interested in becoming a love caster, be prepared for what’s to come. A genuine love caster knows that the art of love casting is no easy feat and shouldn’t be done casually. You should know that not only does it require you to be gifted spiritually, but you must be ready to serve others. Someone who is considered a real love caster has experience in all manner of spells, no matter the difficulty. Training yourself in attraction, commitment, and marriage spells is an excellent place to start. But this by no means will make you a professional. Practice your craft and expand your knowledge; understand that you will possess the ability to help others in time truly. Types of Love Spells What better way to start broadening your experiences with love spells than by learning more about them? These spells work like just about any other spell. Simply apply your intention, use a medium (sigils, mantras, candles, or charm bags), and top it off with establishing the belief that you will receive what you want. So what kind of spells are available and which ones suit your needs the best? Let’s take a look at the many options you have at your disposal.

%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...

masabamasaba

%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...

masabamasaba

Direct Style Effect Systems -The Print[A] Example- A Comprehension Aid

Philip Schwarz

VTU technical seminar 8Th Sem on Scikit-learn

AmarnathKambale

%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein

masabamasaba

We specialize in Psychic Readings, Psychic Love Spells, Binding Love Spells, Obsession Spells, Voodoo Spells, Lottery Spells, Marriage Spells, Black Magic Spells, Palm Readings & much more. Are you depressed? We perform this come-to-me love spell that works instantly with the aim of Winnipeg back the victim to the person performing the magic. Have you lost your lover? We perform this come-to-me love spell that works instantly with the aim of bringing back the victim to the person performing the magic. Have you lost your lover? Do u need to solve any relationship problem? Contact the powerful spells caster chief kule with love spells that work overnight and love spells that really work. Have you found yourself infatuated with a special someone you think could be the one? Are you looking for a spell to provide them with a nudge in the right direction? Or maybe the spell you cast didn’t achieve the results you were hoping for? Whether you’re new or versed in the ways of spell casting, we’re here to help. Today we’re going to provide you with a detailed guide on the types of love spells to cast. Not only that but there’s something for those who wish to find outside advice from more advanced spell casters. We’re also going to provide you with the top sites available to help you with your dilemma. Let’s begin our journey by educating ourselves on love magic and what a real love caster looks like. Love Magic and Love Casters Love magic made its first appearance back in Ancient Egypt and has been an active practice since. This type of magic is a branch of traditional magic and can be practiced in various ways. Typically the more common use of love magic is through the work of spells, but other methods look like Charms Rituals-LOVE Potions-Dolls and even Amulets If you are interested in becoming a love caster, be prepared for what’s to come. A genuine love caster knows that the art of love casting is no easy feat and shouldn’t be done casually. You should know that not only does it require you to be gifted spiritually, but you must be ready to serve others. Someone who is considered a real love caster has experience in all manner of spells, no matter the difficulty. Training yourself in attraction, commitment, and marriage spells is an excellent place to start. But this by no means will make you a professional. Practice your craft and expand your knowledge; understand that you will possess the ability to help others in time truly. Types of Love Spells What better way to start broadening your experiences with love spells than by learning more about them? These spells work like just about any other spell. Simply apply your intention, use a medium (sigils, mantras, candles, or charm bags), and top it off with establishing the belief that you will receive what you want. So what kind of spells are available and which ones suit your needs the best? Let’s take a look at the many options you have at your disposal. Attraction Spells

%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...

masabamasaba

%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...

masabamasaba

%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain

masabamasaba

Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...

SelfMade bd

OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...

Shane Coughlan

Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pretoria ● Abortion Pills For Sale In Pretoria ● Pretoria 🏥🚑!! Abortion Clinic Near Me Cost, Price, Women's Clinic Near Me, Abortion Clinic Near, Abortion Doctors Near me, Abortion Services Near Me, Abortion Pills Over The Counter, Abortion Pill Doctors' Offices, Abortion Clinics, Abortion Places Near Me, Cheap Abortion Places Near Me, Medical Abortion & Surgical Abortion, approved cyctotec pills and womb cleaning pills too plus all the instructions needed This Discrete women’s Termination Clinic offers same day services that are safe and pain free, we use approved pills and we clean the womb so that no side effects are present. Our main goal is that of preventing unintended pregnancies and unwanted births every day to enable more women to have children by choice, not chance. We offer Terminations by Pill and The Morning After Pill.” Our Private VIP Abortion Service offers the ultimate in privacy, efficiency and discretion. we do safe and same day termination and we do also womb cleaning as well its done from 1 week up to 28 weeks. We do delivery of our services world wide SAFE ABORTION CLINICS/PILLS ON SALE WE DO DELIVERY OF PILLS ALSO Abortion clinic at very low costs, 100% Guaranteed and it’s safe, pain free and a same day service. It Is A 45 Minutes Procedure, we use tested abortion pills and we do womb cleaning as well. Alternatively the medical abortion pill and womb cleansing !!!

Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...

Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg

8257 interfacing 2 in microprocessor for btech students

HimanshiGarg82

WSO2CON 2024 - Does Open Source Still Matter?

WSO2

MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...

Jittipong Loespradit

The title is not connected to what is inside

shinachiaurasa2

In today's dynamic e-commerce landscape, the payment gateway emerges as a linchpin, ensuring smooth and secure transactions between buyers and sellers. In this discourse, we delve into the meticulous process of devising test cases tailored for scrutinizing payment gateways. Crafting precise test cases for payment gateways is a quintessential responsibility for testers operating within the service industry. This article meticulously explores pivotal scenarios integral to how to test payment gateways, coupled with essential guidelines for drafting effective test cases.

Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf

kalichargn70th171

%in Soweto+277-882-255-28 abortion pills for sale in soweto

masabamasaba

WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation

WSO2

%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein

masabamasaba

%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...

masabamasaba

Dernier (20)

%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...

%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...

Direct Style Effect Systems -The Print[A] Example- A Comprehension Aid

VTU technical seminar 8Th Sem on Scikit-learn

%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein

%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...

%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...

%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain

Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...

OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...

Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...

8257 interfacing 2 in microprocessor for btech students

WSO2CON 2024 - Does Open Source Still Matter?

MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...

The title is not connected to what is inside

Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf

%in Soweto+277-882-255-28 abortion pills for sale in soweto

WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation

%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein

%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...

Cloud Security Monitoring at Auth0 - Security BSides Seattle

1. Cloud Security Monitoring Security BSides Seattle Eugene Kogan - @eugk - February 4, 2017 (for startups, mostly)

2. 1. Who 2. Why 3. What 4. How 5. When

3. 1. Who

5. CloudSecurityAlliance.org

7. 2. Why

10.

11.

12. 3. What

13.

14. –President Ronald Reagan Trust, but verify.

15. Awareness Visualization Misuse detection Change detection Incident detection Incident response

16. Splunk Graylog Elastic Stack Loggly Logentries Fluentd Sumo Logic AWS G Suite Dropbox GitHub GitLab Slack Zendesk Salesforce Jenkins Syslog Webhooks

17. 4. How

18.

19.

20.

21.

22. _sourceCategory=cloudtrail_aws_logs* | json auto | where event_name matches "*Trail" or event_name matches "StartLogging" or event_name matches "StopLogging" | lookup awsaccountname from /shared/ awsaccounts on recipient_account_id = awsaccountid | count as count by event_name, recipient_account_id, awsaccountname, user_name, principle_id, accesskey_id

23.

24.

25.

26.

27.

28.

29. github.com/auth0/audit-droid

30. github.com/a2o/snoopy

31. github.com/nccgroup/Scout2

32. 5. When

33. You should be doing cloud security monitoring today.

34. Action items Know which cloud services your organization uses Have a modern platform for collection, analysis, alerting Collect the right data from cloud and internal systems Use this data wisely Ensure your staff has the right skills to do all of the above

35. The end 🖖 auth0.engineering/tagged/security twitter.com/eugk

Cloud Security Monitoring at Auth0 - Security BSides Seattle

Recommandé

Recommandé

Contenu connexe

En vedette

En vedette (20)

Similaire à Cloud Security Monitoring at Auth0 - Security BSides Seattle

Similaire à Cloud Security Monitoring at Auth0 - Security BSides Seattle (20)

Dernier

Dernier (20)

Cloud Security Monitoring at Auth0 - Security BSides Seattle