There Is No Security Team |
Abstract
A developer creates a publicly accessible S3 bucket, who is notified? It’s the Cloud and you’re doing Agile, so developers have free reign to create and teardown resources as they see fit. What tool is the best choice to monitor the security of your environment? Typical security tools are more adapted for static environments and focus on the security of VMs and the network. When faced with the challenging terrain of a multitude of cloud services that can be easily misconfigured how do we find and fix security holes? This talk will focus on using StreamAlert, an Open Source AirBnB library, to leverage AWS Audit logs (CloudTrails) and find security misconfigurations when they happen. |