AppSec California 2020

When I first started working with AWS, there were a handful of core services. Since then, AWS has been announcing hundreds of new services per year in dozens of regions around the world. With a rapidly changing landscape, relevant documentation, tutorials, and how-to's can be difficult to come by. AWS is its own beast and traditional Incident Response and Forensics techniques don't work. Try to perform full packet inspection between EC2 instances in the same VPC or use a write blocker while analyzing an EBS. Better yet, try to build a timeline with default log settings. Organizations are desperately looking for tools available to them to detect and respond to threats. This talk will provide a much needed summary of Continuous Cloud Security Monitoring (CCSM) strategies, techniques, and best practices so you don't have to spend the next 12 months reading AWS white papers. Takeaways from this presentation will be methods to immediately apply logging, monitoring, alerting, and Honey[Things] that can be applied in any AWS environment.