Episode 009 – Detecting Intruders on AWS with Scott Piper

The old saying of a defender has to be right 100% of the time while an attacker only has to be right once is growing a bit tired.  Now blue team members should be measured not by keeping the attackers out, but by how quickly they can find out that they're on your network. Scott Piper joins me this week to discuss how we can detect intruders in your AWS cloud infrastructure.  We cover a lot of different tools and techniques that you can use to help detect intruders, and some mitigation strategies to help reduce the risk when an attack is successful. Some links of interest: ElastAlert: https://github.com/Yelp/elastalert StreamAlert: https://github.com/airbnb/streamalert Prowler: https://github.com/Alfresco/prowler Security Monkey: https://github.com/Netflix/security_monkey AWS Billing Alerts: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/free-tier-alarms.html jq (for JSON parsing on the CLI): https://stedolan.github.io/jq/ Summit Route: https://summitroute.com/ Downclimb: https://summitroute.com/blog/ Scott's Twitter: @SummitRoute Want to reach out to the show?  There's a few ways to get in touch! Show Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere Podcast Website: purplesquadsec.com Sign-Up for our Slack community: https://signup.purplesquadsec.com John's Peerlyst Profile: https://www.peerlyst.com/users/john-svazic Thanks for listening, and I will talk with you again next time! Find out more at http://purplesquadsec.com