AWS INCIDENT RESPONSE - Automate Containment
Cloud Security Podcast - NIST Incident response framework has 4 steps including one for Containment. AWS Incident Response being API enabled allows for automating a lot of incident response activity especially containment. In this episode with Damien Burks (Damien - Linkedin) spoke about his @fwdcloudsec talk where he shared how he automated Incident Response in AWS environments of Citi. There were lot more gems dropped so def check out the episode. Episode YouTube Video - https://youtu.be/IrLuHMLQs_w Host Twitter: Ashish Rajan (@hashishrajan) Guest Socials: Damien Burks (Damien - Linkedin) Podcast Twitter - @CloudSecPod @CloudSecureNews If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security News - Cloud Security BootCamp Spotify TimeStamp for Interview Questions A word from our sponsors - you can visit them on snyk.io/csp (00:00) Introduction (00:13) A word from our sponsors - Snyk.io/csp (01:16) A bit about Damien Burks (02:24) Incident Response in the cloud context (03:50) Is incident response different in the cloud? (05:22) Average time for an incident response (07:33) AWS services for incident response automation (08:55) AWS Eventbridge (11:56) The phases of incident response (13:42) Containment Phase: Starting point and challenges (17:54) Organisation with Multiple Accounts (20:09) How to structure the process (21:04) Containment for EC2 instance (23:54) Enjoying this cloud security topic so far? (25:17) Containment for S3 Bucket (27:57) Where to start with incident response (30:18) Preparing for Incidents (32:08) Fun Questions See you at the next episode!