Automated Defence using Cloud Services for AWS, Azure and GCP

Monitoring for attacks and defending against them in real-time is crucial. The mean time to detect (MTTD) has become an important criteria for cloud admins and SREs. Defending our cloud infrastructure during attacks is a challenge in the best of times and especially difficult when under attack. In this training, we will learn how to do orchestration for security which enable us to do automated response. Sometimes this approach is also known as Security Orchestration and Automated Response (SOAR). We will learn how to utilize cloud native services supplemented by the ELK stack to offer automated response. Cloud native services such as AWS Lambda along with DynamoDB offers the freedom to DevSecOps teams to bring in security without worrying about one more server they need to manage. Elastic Stack will collect, analyze logs and triggers alerts based on configured rule-set. Serverless stack drives the defense to perform automated response by blocking, slowing down attackers and alerting the defenders. The approach is cloud agnostic and works anywhere where we are able to respond programatically using APIs.