SEC510: SANS Krakow June 2023

What You Will Learn

Multiple Clouds Require Multiple Solutions

SEC510 provides cloud security practitioners, analysts, and researchers with an in-depth understanding of the inner workings of the most popular public cloud providers: Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). Students will learn industry-renowned standards and methodologies, such as the MITRE ATT&CK Cloud Matrix and CIS Cloud Benchmarks, then apply that knowledge in hands-on exercises to assess a modern web application that leverages the cloud native offerings of each provider. Students will launch unhardened services, analyze the security configuration, validate that they are insufficiently secure, deploy patches, and validate the remediation. Through this process students will learn the philosophies that undergird each provider and how these have influenced their services and will leave the course confident that they have the knowledge they need when adopting services and Platform as a Service (PaaS) / Infrastructure as a Service (IaaS) offerings in each cloud.

The Big 3 cloud providers alone provide more services than any one company can consume. As security professionals, it can be tempting to block unfamiliar cloud providers. Unfortunately, this approach will inevitably fail as the product development organization sidelines a security entity that is unwilling to change. Functionality drives adoption, not security, and if a team discovers a service offering that can help get its product to market quicker than the competition, it can and should use it. SEC510 gives you the ability to provide relevant and modern guidance and guardrails to these teams to enable them to move both quickly and safely.

"This class was an excellent investment. I learned a great deal about the various strengths and weaknesses in the 3 largest cloud providers' default services and default configurations as well as inherent insecurities that can't be easily mitigated. There is a great deal of actionable content that I can take back to my team as we work to monitor and help our clients secure their cloud environments."- John Senn, EY

BUSINESS TAKEAWAYS

• Be proactive in embracing the multi cloud trend safely. It is impossible for an organization to standardize on a single cloud provider. A survey from Forrester shows that 86% of organizations identify as multi cloud. Even if you do not want to use multiple clouds, mergers and acquisitions makes this inevitable. So-called "cloud-agnostic" technologies cannot solve the related security challenges alone.
• Effective cloud security practitioners need to know how the Big 3 providers differ. Security concepts do not always translate from cloud-to-cloud. A great strategy for one can be catastrophic for another.
• All security-minded organizations require professional reconfiguration as most cloud services are highly insecure by default.
• Storage security is much more than just closing public buckets. Even private assets can be compromised by competent attackers.
• Security is 5+ years behind development and needs to play catch-up. Technologies that security considers to be cutting-edge, like serverless, have been used in production for a very long time.

SKILLS LEARNED

• Understand the inner workings of cloud services and Platform as a Service (PaaS) / Infrastructure as a Service (IaaS) offerings in order to make more informed decisions in the cloud
• Understand the design philosophies that undergird each provider and how these have influenced their services in order to properly prescribe security solutions for them
• Discover the unfortunate truth that many cloud services are adopted before their security controls are fully fleshed out
• Understand Amazon Web Services (AWS), Azure, and Google Cloud Platform (GCP) in depth.
• Evaluate the pros and cons of deploying cloud-agnostic workloads across multiple cloud providers
• Understand the intricacies of Identity and Access Management, one of the most fundamental concepts in the cloud and yet one of the last understood
• Understand cloud networking and how locking it down is a critical aspect of defense-in-depth in the cloud
• Analyze how each provider handles encryption at rest and in transit in order to prevent sensitive data loss
• Apply defense-in-depth techniques to protect data in cloud storage
• Compare and contrast the serverless platforms of each provider
• Explore the service offering landscape to discover what is driving the adoption of multiple cloud platforms and to assess the security of services at the bleeding edge, such as serverless platforms
• Utilize multicloud IAM and cloud Single Sign-On to provide secure access to resources across cloud accounts and providers
• Automate security and compliance checks using cloud-native platforms and open-source solutions
• Understand Terraform Infrastructure-as-Code well enough to share it with your engineering team as a starting point for implementing the controls discussed in the course

HANDS-ON TRAINING

SEC510: Public Cloud Security: AWS, Azure, and GCP consolidates all of the concepts discussed in the lectures through hands-on labs. In the labs, students will assess a modern, cloud-agnostic, web application written with Next.js, React, and Sequelize that leverages the cloud native offerings of each provider. Each lab includes step-by-step guide as well as a "no hints" option for students who want to test their skills without further assistance. This allows students to choose the level of difficulty that is best for them and fall back to the step-by-step guide as needed.

SEC510 also offers students an opportunity to participate in CloudWars Bonus Challenges each day in a gamified environment, while also providing more hands-on experience with the cloud security and relevant tools.

• SECTION 1: VM credential exposure, Hardening AWS IAM policies, Hardening Azure and GCP policies, Advanced IAM features, CloudWars Section 1
• SECTION 2: Network lockdown, Analyzing network traffic, private endpoint security, Cloud VPN and Managed SSH, CloudWars Section 2
• SECTION 3: Audit decryption events, Encrypt all the things!, Storage service lockdown, Unauthorized file sharing, CloudWars Section 3
• SECTION 4: Serverless prey, Hardening serverless functions, App service security, Firebase access control, CloudWars Section 4
• SECTION 5: Multicloud integration, Login with Azure AD, Automated benchmarking, Lab teardown, CloudWars Section 5

"Labs are amazing, they cover all the content we review over the lecture."- Enrique Gamboa, ALG

"Labs are insane. Such a great setup. I'm learning a ton and plus will be able to build upon this great foundation." - Kevin Sahota, 604 Security

"Labs are very well structured and detailed to explain exactly what is happening and why."- Gareth Johnson, Close Brothers

SYLLABUS SUMMARY

• Section 1: Securely Using Identity and Access Management (IAM) and Defending IAM Credentials
• Section 2: Restricting Infrastructure and Data Access to Trusted Networks
• Section 3: Encrypting Data at Rest and In-Transit, Locking Down Storage, and Auditing Logs
• Section 4: Exploring Serverless Functions, App Services, and the Firebase Platform
• Section 5: Securely Integrating Across Cloud Accounts and Automating Misconfiguration Benchmarking

ADDITIONAL FREE RESOURCES

• The Myth of Cloud Agnosticism: Why Securing Multiple Clouds Using Terraform is Harder Than You Think, webcast, May 2023
• Cloud Agnostic or Devout, blog, April 2023
• Multicloud Survey: Exploring the World of Multicloud, whitepaper, Dec 2022
• Cloud Ace Podcast
• Cloud Ace Journey Learning Paths
• Head in the Clouds, Episode 11: Importing Resources into the Terraform State File (Links to YouTube)
• Secure Service Configuration: AWS, Azure, & GCP poster | En Espanol
• Multicloud Command-Line Interface Cheat Sheet
• Firebase: Google Cloud's Evil Twin, blog post by Brandon Evans
• Detecting and Locking Down Malware in Azure, blog post by Brandon Evans
• Top 5 Considerations for Multi Cloud Security, blog post by Brandon Evans

WHAT YOU WILL RECEIVE

• Printed and Electronic courseware
• MP3 audio files of the course
• Course virtual machine (VM) with all lab exercises that can be redone outside of class
• Thousands of lines of Infrastructure-as-Code for each cloud platform that you can use at your organization

WHAT COMES NEXT

Multi cloud security is a major component of many cloud-specific job roles. For additional cloud security training courses, please visit our main SANS Cloud Security curriculum page.