While Security Orchestration Automation and Response (SOAR) solutions help automate and structure these activities, the activities themselves require telemetry data that provide the breadcrumbs to help scope, identify and potentially remedy the situation. This takes increasing significance in the cloud for a few reasons:
- The public cloud shared security model may lead to gaps in the telemetry (e.g., lack of telemetry from the underlying infrastructure that could help correlate breadcrumbs at the infrastructure level to the application level).
- Lack of consistency in telemetry information as applications increasingly segment into microservices, containers and Platform-as-a-Service, and as various modules come from different sources such as internal development, open source, commercial modules, and outsourced development.
- Misconfigurations and misunderstandings as control shifts between DevOps, CloudOps and SecOps.
- All the above coupled with a significant expansion of attack surface area with the decomposition of monolith applications into microservices.
When incidents occur, the ability to quickly size up the scope, impact and root cause of the incident is directly proportional to the availability of quality data, and its ability to be easily queried, analyzed, and dissected. As companies migrate to the cloud, logs have become the de-facto standard of gathering telemetry.
The challenges when relying almost exclusively on logs for telemetry
This book is designed for security and risk assessment professionals, DevOps engineers, penetration testers, cloud security engineers, and cloud software developers who are interested in learning practical approaches to cloud security. It covers practical strategies for assessing the security and privacy of your cloud infrastructure and applications and shows how to make your cloud infrastructure secure to combat threats, attacks, and prevent data breaches. The chapters are designed with a granular framework, starting with the security concepts, followed by hand-on assessment techniques based on real-world studies, and concluding with recommendations including best practices.
FEATURES:
- Includes practical strategies for assessing the security and privacy of your cloud infrastructure and applications
- Covers topics such as cloud architecture and security fundamentals, database and storage security, data privacy, security and risk assessments, controls related to continuous monitoring, and more
- Presents several case studies revealing how threat actors abuse and exploit cloud environments to spread malware