Sign up to save your podcasts
Or
Share Episode 009 – Detecting Intruders on AWS with Scott Piper
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 009 – Detecting Intruders on AWS with Scott Piper
The old saying of a defender has to be right 100% of the time while an attacker only has to be right once is growing a bit tired. Now blue team members should be measured not by keeping the attackers out, but by how quickly they can find out that they're on your network. Scott Piper joins me this week to discuss how we can detect intruders in your AWS cloud infrastructure. We cover a lot of different tools and techniques that you can use to help detect intruders, and some mitigation strategies to help reduce the risk when an attack is successful. Some links of interest:
ElastAlert: https://github.com/Yelp/elastalert
StreamAlert: https://github.com/airbnb/streamalert
Prowler: https://github.com/Alfresco/prowler
Security Monkey: https://github.com/Netflix/security_monkey
AWS Billing Alerts: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/free-tier-alarms.html
jq (for JSON parsing on the CLI): https://stedolan.github.io/jq/
Summit Route: https://summitroute.com/
Downclimb: https://summitroute.com/blog/
Scott's Twitter: @SummitRoute
Want to reach out to the show? There's a few ways to get in touch!
Show Twitter: @PurpleSquadSec
John's Twitter: @JohnsNotHere
Podcast Website: purplesquadsec.com
Sign-Up for our Slack community: https://signup.purplesquadsec.com
John's Peerlyst Profile: https://www.peerlyst.com/users/john-svazic
Thanks for listening, and I will talk with you again next time!
Find out more at http://purplesquadsec.com
View all episodes
By John Svazic
4.8
2121 ratings
The old saying of a defender has to be right 100% of the time while an attacker only has to be right once is growing a bit tired. Now blue team members should be measured not by keeping the attackers out, but by how quickly they can find out that they're on your network. Scott Piper joins me this week to discuss how we can detect intruders in your AWS cloud infrastructure. We cover a lot of different tools and techniques that you can use to help detect intruders, and some mitigation strategies to help reduce the risk when an attack is successful. Some links of interest:
ElastAlert: https://github.com/Yelp/elastalert
StreamAlert: https://github.com/airbnb/streamalert
Prowler: https://github.com/Alfresco/prowler
Security Monkey: https://github.com/Netflix/security_monkey
AWS Billing Alerts: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/free-tier-alarms.html
jq (for JSON parsing on the CLI): https://stedolan.github.io/jq/
Summit Route: https://summitroute.com/
Downclimb: https://summitroute.com/blog/
Scott's Twitter: @SummitRoute
Want to reach out to the show? There's a few ways to get in touch!
Show Twitter: @PurpleSquadSec
John's Twitter: @JohnsNotHere
Podcast Website: purplesquadsec.com
Sign-Up for our Slack community: https://signup.purplesquadsec.com
John's Peerlyst Profile: https://www.peerlyst.com/users/john-svazic
Thanks for listening, and I will talk with you again next time!
Find out more at http://purplesquadsec.com
More shows like Purple Squad Security
View all
Domain Name Wire Podcast
46 Listeners
Watchman Privacy
71 Listeners