AWS INCIDENT RESPONSE - Automate Containment

Cloud Security Podcast -  NIST Incident response framework has 4 steps including one for Containment. AWS Incident Response being API enabled allows for automating a lot of incident response activity especially containment. In this episode with Damien Burks (⁠Damien - Linkedin⁠) spoke about his  @fwdcloudsec  talk where he shared how he automated Incident Response in AWS environments of Citi. There were lot more gems dropped so def check out the episode. Episode YouTube Video - https://youtu.be/IrLuHMLQs_w Host Twitter: Ashish Rajan (⁠⁠⁠@hashishrajan⁠⁠⁠) Guest Socials: Damien Burks (Damien - Linkedin) Podcast Twitter - ⁠⁠⁠@CloudSecPod⁠⁠⁠ ⁠⁠⁠@CloudSecureNews⁠⁠⁠ If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - ⁠⁠⁠Cloud Security News ⁠⁠⁠ - ⁠⁠⁠Cloud Security BootCamp⁠⁠⁠ Spotify TimeStamp for Interview Questions A word from our sponsors - you can visit them on ⁠⁠⁠snyk.io/csp⁠⁠⁠ (00:00) Introduction (00:13) A word from our sponsors - Snyk.io/csp (01:16) A bit about Damien Burks (02:24) Incident Response in the cloud context (03:50) Is incident response different in the cloud? (05:22) Average time for an incident response (07:33) AWS services for incident response automation (08:55) AWS Eventbridge (11:56) The phases of incident response (13:42) Containment Phase: Starting point and challenges (17:54) Organisation with Multiple Accounts (20:09) How to structure the process (21:04) Containment for EC2 instance (23:54) Enjoying this cloud security topic so far? (25:17) Containment for S3 Bucket (27:57) Where to start with incident response (30:18) Preparing for Incidents (32:08) Fun Questions See you at the next episode!