Cloud Security Podcast Cloud Security Detection & Response Strategies That Actually Work
12 snips
Feb 4, 2025 Will Bengtson, VP of Security Operations at HashiCorp, dives into the complexities of cloud security. He explains how cloud incident response differs from on-prem solutions and reveals how quickly attackers exploit APIs. Will shares insights on building effective detection programs while highlighting detection blind spots in AWS and Azure. He also discusses the importance of collaboration in threat hunting and the evolving challenges in managing cloud security. Along the way, he reflects on personal growth and culinary favorites, adding a delightful twist to the conversation.
AI Snips
Chapters
Transcript
Episode notes
Early Cloud IR Challenges
- Early cloud incident response was challenging due to a lack of familiar tools like network logs.
- Misconfigurations and the realization that cloud security wasn't "secure by default" were initial hurdles.
Root Credentials in Early Cloud
- Early cloud deployments often relied heavily on root credentials for API access.
- The introduction of IAM and STS improved security by enabling more granular access control.
Event-Based Cloud Security
- Cloud incident response shifted from analyzing application/system logs to focusing on event-based threats.
- The event-driven nature of cloud introduces new challenges in tracking and validating security logs.