Streamline AWS Security Incidents

Asif Matadar
Tanium

Track 2

As Amazon AWS becomes more prevalent within organisations, there has been a significant rise in AWS breaches. Due to how quick AWS deployments can be, where virtual machines can be spun-up in quick succession, migrating from development into production environments is effortless, and fast deployment of AWS S3 buckets, there seems to be a false sense of security in relation to AWS which is resulting in the increase of breaches.

This talk will detail the challenges of undergoing AWS incidents and how DFIR professionals can streamline the process during an Incident Response engagement and uncover vital artefacts along with components that are usually overlooked. Detail descriptions of the different types of logs and functions to analyse that are essential for post-breach or during an Incident Response engagement.

Guidance will be provided on techniques to undergo Threat Hunting for continuous monitoring. Amazon’s latest service GuardDuty is a managed threat detection service for continuous monitoring so a thorough evaluation of the effectiveness of this utility will be undertaken from Threat Hunting and Incident Response perspective.

Asif Matadar
Asif (@d1r4c) is Director of Endpoint Detection & Response (EDR) at Tanium where he utilises his experience and knowledge of Incident Response, Endpoint Forensics and Threat Landscape to support high-profile clients' in the EMEA region. Asif is a seasoned Incident Response professional with over 7 years’ experience leading high-profile cases, such as advanced targeted attacks, nation-state attacks, highly complex incidents, and data breaches, to name a few. He holds a BSc (Hons) in Forensic Computing along with the GCFA certification. He frequently delivers Guest lectures at Universities in the U.K. ranging from BSc (Hons), MSc and PhD students. Asif has particular interest in research where he has delivered presentations at industry recognised conferences around the world with a keen focus on memory analysis and automation, *nix based forensics, PowerShell as a defence capability, cloud forensics, and triage analysis.