The old saying of a defender has to be right 100% of the time while an attacker only has to be right once is growing a bit tired. Now blue team members should be measured not by keeping the attackers out, but by how quickly they can find out that they’re on your network.
Scott Piper joins me this week to discuss how we can detect intruders in your AWS cloud infrastructure. We cover a lot of different tools and techniques that you can use to help detect intruders, and some mitigation strategies to help reduce the risk when an attack is successful.
Some links of interest:
- ElastAlert: https://github.com/Yelp/elastalert
- StreamAlert: https://github.com/airbnb/streamalert
- Prowler: https://github.com/Alfresco/prowler
- Security Monkey: https://github.com/Netflix/security_monkey
- AWS Billing Alerts: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/free-tier-alarms.html
- jq (for JSON parsing on the CLI): https://stedolan.github.io/jq/
- Summit Route: https://summitroute.com/
- Downclimb: https://summitroute.com/blog/
- Scott’s Twitter: @SummitRoute
- Want to reach out to the show? There’s a few ways to get in touch!
- Show Twitter: @PurpleSquadSec
- John’s Twitter: @JohnsNotHere
- Podcast Website: purplesquadsec.com
- Sign-Up for our Slack community: https://signup.purplesquadsec.com
- John’s Peerlyst Profile: https://www.peerlyst.com/users/john-svazic
Thanks for listening, and I will talk with you again next time!