Fortune 500s have suffered breaches and leaked data making the cloud scary. If you’ve got the big bucks, you can get fancy toys with pretty dashboards to protect your cloud, but what about the rest of us? How do we protect our cloud? This talk will focus on basic AWS cloud security methodologies, benchmarks, and using free/cheap tools to blue-ify your cloud. The goal of this presentation is to make it easy to identify what organizations are doing wrong, historic incidents, what common mistakes have resulted in, and how Security professionals can build a secure AWS environment mitigating common pitfalls in their organizations.
After completing this session, attendees will learn:
- How to secure AWS environments for the same price as a BigMac
- About the cloud security shard responsibility model
- How to defend against account takeover & VM sprawl
- Methods to log user action and to perform quick IR log parsing
- Reconnaissance techniques attackers use against AWS environments