SEC504: Hacker Tools, Techniques, and Incident Handling

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsMany organizations struggle with the conflict between software developers who want to use new technology and security teams who want to prevent deployments that contain security vulnerabilities. Security teams blocking new technology risk hurting the company financially or being bypassed altogether. Based on the number and magnitude of recent security breaches, organizations that choose to bypass security recommendations face substantial risk. This paper presents an alternative approach to manual security review and overcomes bypassed security review, using security automation to respond to events in the environment. Amazon Web Services (AWS) cloud infrastructure and security tools are particularly well suited for event driven security automation and will be used to provide examples, but the concepts apply to any environment. A working framework demonstrates automated intrusion detection and response on AWS.