Cloud Security Podcast - NIST Incident response framework has 4 steps including one for Containment. AWS Incident Response being API enabled allows for automating a lot of incident response activity especially containment. In this episode with Damien Burks (Damien - Linkedin) spoke about his @fwdcloudsec talk where he shared how he automated Incident Response in AWS environments of Citi. There were lot more gems dropped so def check out the episode.
Episode YouTube Video - https://youtu.be/IrLuHMLQs_w
Host Twitter: Ashish Rajan (@hashishrajan)
Guest Socials: Damien Burks (Damien - Linkedin)
Podcast Twitter - @CloudSecPod @CloudSecureNews
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security News
- Cloud Security BootCamp
Spotify TimeStamp for Interview Questions
A word from our sponsors - you can visit them on snyk.io/csp
(00:00) Introduction
(00:13) A word from our sponsors - Snyk.io/csp
(01:16) A bit about Damien Burks
(02:24) Incident Response in the cloud context
(03:50) Is incident response different in the cloud?
(05:22) Average time for an incident response
(07:33) AWS services for incident response automation
(08:55) AWS Eventbridge
(11:56) The phases of incident response
(13:42) Containment Phase: Starting point and challenges
(17:54) Organisation with Multiple Accounts
(20:09) How to structure the process
(21:04) Containment for EC2 instance
(23:54) Enjoying this cloud security topic so far?
(25:17) Containment for S3 Bucket
(27:57) Where to start with incident response
(30:18) Preparing for Incidents
(32:08) Fun Questions
See you at the next episode!
