Forensics challenges in the Cloud
NIST Internal or Interagency Report (NISTIR) 8006, NIST Cloud Computing Forensic Science Challenges
This document summarizes the research performed by the members of the NIST Cloud Computing Forensic Science Working Group, and aggregates, categorizes, and discusses the forensics challenges faced by experts when responding to incidents that have occurred in a cloud-computing ecosystem. The challenges are presented along with the associated literature that references them.
Preparing your tools for the Cloud
Cloud Incident Response Framework | CSA
Preventive security controls cannot completely eliminate the possibility of critical data being compromised in a cyber attack. Therefore, organizations that utilize cloud services must ensure that they have a reliable cloud incident response strategy in place. Cloud incident response is simply the process used to manage cyber attacks in a cloud environment.
How Dropbox Security builds tools for threat detection and incident response
The Dropbox Detection and Response Team (DART) detects and mitigates information security threats to our employees, infrastructure, and customer data. DART ingests security-relevant logs for building detection, threat hunting and responding to potential incidents. Our log volume is huge, averaging tens of terabytes a day.
Introducing Twilio's SOCless: Automated Security Runbooks
How can an organization's security team defend its customers against threats at scale? When the Twilio Security Operations team (SecOps) was founded, this challenge weighed heavily on our minds. We knew that automating all our threat investigation and response procedures would be key to safeguarding our customers, but we had no clue where to begin.
Live Incident Response
Deploying GRR to Kubernetes for Incident Response
Kubernetes (k8s) is being used to run more and more infrastructure in the cloud, but what happens when there's a security incident, such as a coin miner running in your cluster? Many security organisations are well equipped to deal with incidents in their local environment, but still struggle to adapt to incident response in cloud environments.