Conducting a Cloud Security Assessment

Abstract

Conducting a thorough cloud security assessment is different from traditional enterprise security. With a control plane exposed to the world, developers constantly pushing changes, and the complexities of multiple cloud vendors, the complexity is high. Security tools can provide an exhaustive and exhausting laundry list of findings, but which ones are meaningful? How do you ensure that things aren’t missed and the entire cloud environment is assessed?

In this two-day class, students will learn how to conduct an assessment of a fictional cloud company with a footprint in AWS. We’ll discuss risk, frameworks, and cloud threat models. Students will understand how to prioritize CSPM findings, protect deployment pipelines, and understand how to manage human and system access in the public cloud.

At the end of this class, students will have the knowledge and skills to conduct a cloud security assessment of an organization’s cloud governance and applications deployed into the cloud.

Target Audience & Prerequisites

This class is designed for general security practitioners and auditors. General familiarity with AWS is helpful but not required. This is a hands-on class where students will review a fictional company’s cloud environment and applications. Students must bring a laptop and be prepared to navigate the AWS console and command line.

Schedule

This class is offered on-site in either a two or three-day format.

The two-day format is 7 hours each day (with an hour for lunch), while the three-day format is 4 hours each day. Both formats allow busy students time to deal with daily tasks, so they’re not forced to answer emails or put out fires during class.

Curriculum Outline

Day 1

  1. Introduction to the Class
    1. What is the cloud anyway?
    2. What you need to protect: Cloud/Network/Deployment Plane
  2. Lab 1 - Welcome to Fooli
  3. The Cloud Is Dark and Full of Terrors - A Primer on how misconfigurations occur and how attackers leverage them.
  4. Assessment Methodology
    1. Benchmarks & Frameworks
    2. Cloud Threat Models
    3. Writing your own cloud security standards & baselines
  5. Cloud Security Tools
    1. Cloud provider native
      1. GuardDuty, Macie, IAM Access Analyzer
    2. CSPM & the Gartner alphabet soup
  6. Lab 2 - Prowler & SecHub
  7. Cloud Networking
    1. VPCs
    2. Security Groups & native firewalls
    3. VPC interconnectivity
  8. Lab 3 - Cloud Network Security Assessment
  9. Cloud Identity
    1. IAM Users, Roles, Federation
    2. My God, It’s Full of Stars - the quest for least privilege
  10. Lab 4 - Leverage Steampipe for total cloud visibility
  11. Cloud Ransomware
    1. How cloud ransomware differs from traditional ransomware
    2. Ransomware mitigations & recovery
  12. Lab 5 - AWS Backup

Day 2

  1. GitHub Security
    1. Managing Access
    2. Finding Secrets
    3. GitHub Actions & other pipelines
    4. Defending the Supply chain
    5. Shifting left
  2. Lab 6 - GitHub & CI/CD
  3. Incident Response
    1. Preparation
    2. Telemetry sources
    3. Detections
  4. Lab 7 - Incident Response Readiness Assessment
  5. Lab 8 - Incident Response Simulation
  6. Containers & Cloud Native
    1. Containers Primers
    2. Orchestration
  7. Lab 9 - Assessing a cloud-native application
  8. GuardRails - Advantages & Limitations
    1. Governance Policies (SCPs, Organization Policies, Blueprints)
    2. Auto-remediation (provider-native & Cloud Custodian)
  9. Lab 10 - Implementing GuardRaids at Fooli
  10. Google Workspace
  11. Azure AD / Entra ID
  12. Wrap-up and additional resources

Instructor Bio

Chris Farris is a highly experienced IT professional with a career spanning over 25 years. During this time, he has focused on various areas, including Linux, networking, and security. For the past eight years, he has been deeply involved in public cloud and public cloud security in media and entertainment, leveraging his expertise to build and evolve multiple cloud security programs.

Chris is passionate about enabling the broader security team’s objectives of secure design, incident response, and vulnerability management. He has developed cloud security standards and baselines to provide risk-based guidance to development and operations teams. As a practitioner, he has architected and implemented numerous serverless and traditional cloud applications, focusing on deployment, security, operations, and financial modeling.

He is one of the organizers of the fwd:cloudsec conference and presented at various AWS conferences and BSides events. He was named one of the inaugural AWS Security Heroes. Chris shares his insights on security and technology on social media platforms like Twitter, Mastodon and his website https://www.chrisfarris.com.

Pricing

On-site classes in the US & Canada are $20,000 for up to 15 students. PrimeHarbor will provide each student with their own Fooli target environment. The hosting company only needs to provide a projector, wireless connectivity, and HTTP/HTTPS and SSH access to the internet.