SEC488: SANS Manchester October 2024

Provided by

Enquire about this course

What You Will Learn
What Is Cloud Security?

Cloud security is taking traditional security practices and adapting them to work for public clouds while understanding and leveraging the shared responsibility model. It involves constant application of available, incomplete, and often inconsistent vendor-provided controls to protect an organization's applications, data, and brand while operating in a "cloud" environment that the organization ultimately has minimal control over.
License to Learn Cloud Security

Research shows that most enterprises have strategically decided to deploy a multi cloud platform, including Amazon Web Services (AWS), Azure, Google Cloud Platform (GCP), and/or other cloud service providers. Mature CSPs have created a variety of security services that can help customers use their products in a more secure manner, but only if the customer knows about these services and how to use them properly. This cloud security course covers real-world lessons using security services created by the Big 3 CSPs, as well as open-source tools. Each section of this cloud security training features hands-on lab exercises to help students hammer home the lessons learned. We progressively layer multiple security controls in order to end the course with a functional security architecture implemented in the cloud.

This course will equip you to implement appropriate security controls in the cloud, often using automation to "inspect what you expect." We will begin by diving headfirst into one of the most crucial aspects of cloud - Identity and Access Management (IAM). From there, we'll move on to securing the cloud through discussion and practical, hands-on exercises related to several key topics to defend various cloud workloads operating in the different CSP models of: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS), and Functions as a Service (FaaS).

"Access to subject matter experts who are knowledgeable, passionate and providing interesting insight into practice through the form of anecdotes: what's not to love?" - Alistair Moulder, Close Brothers Limited

"Cloud is the future, no matter how much I fight it." - Charles B., US Government
Business Takeaways
  • Understand the current cloud deployment
  • Protect cloud-hosted workloads, services, and virtual machines
  • Cost-effectively select appropriate services and configure properly to adequately defend cloud resources
  • Get in front of common security misconfigurations BEFORE they are implemented in the cloud
  • Ensure business is aligning to industry regulations and laws when operating in the cloud
  • Decrease adversary dwell time in compromised cloud deployments
Skills Learned
  • Navigate your organization through the security challenges and opportunities presented by cloud services
  • Identify the risks of the various services offered by cloud service providers (CSPs)
  • Select the appropriate security controls for a given cloud network security architecture
  • Evaluate CSPs based on their documentation, security controls, and audit reports
  • Confidently use the services of any of the leading CSPs
  • Protect secrets used in cloud environments
  • Leverage cloud logging capabilities to establish accountability for events that occur in the cloud environment
  • Identify the risks and risk control ownership based on the deployment models and service delivery models of the various products offered by cloud service providers (CSPs)
  • Evaluate the trustworthiness of CSPs based on their security documentation, service features, third-party attestations, and position in the global cloud ecosystem
  • Secure access to the consoles used to access the CSP environments
  • Implement network security controls that are native to both AWS and Azure
  • Follow the penetration testing guidelines put forth by AWS and Azure to invoke your "inner red teamer" to compromise a full stack cloud application
Hands-On Cloud Security Training

SEC488: Cloud Security Essentials training course reinforces the training material via multiple hands-on labs in each section of the course. Labs are performed via a browser-based application rather than virtual machine. Each lab is designed to impart practical skills that students can bring back to their organizations and apply on the first day back in the office. The labs go beyond the step-by-step instructions by providing the context of why the skill is important and instilling insights as to why the technology works the way it does.

Highlights of what students will learn in this cloud security course labs include:
  • Leveraging the web consoles of AWS and Azure to secure various cloud service offerings
  • Hardening and securing cloud environments and applications using open-source security tools and services
  • Building, hardening, patching, and securing virtual machines and virtual machine images
  • Leveraging various cloud service components to add defense in depth to deployed cloud-based workloads
  • Using the command line interface (CLI) and simple scripts to automate work
  • Using Terraform to deploy a complete environment to multiple cloud providers
  • Using novel penetration testing methods to discover flaws related to cloud service and resource configurations
  • Creating a logging strategy to discover evidence of a cloud breach
Section 1: New cloud users, Permissions boundaries, Cloud management station, Deploy CD/CA environment

Section 2: Secure instance deployment, Threat intelligence gold image, Which reality, Blob lock down

Section 3: Data hunting, Data in transit encryption, Terraform code assessment, Cloud Custodian

Section 4: Restricting network access, Web Application Firewall (WAF), Cloud services logging, IaaS logging

Section 5: Microsoft Defender for cloud, Fun with functions, Multi-cloud penetration testing, Multi-cloud forensics

Section 6: CloudWars

"I learned so much more by doing labs within multiple cloud environments." - John D., US Government

"Labs are great hands on practice. Providing the descriptions behind each of the commands that we are inputting is extremely helpful.." - Javier White, Wells Fargo

"The labs imitate real world scenarios and will assist with my job duties to deploy and secure cloud assets. They are challenging, but the step-by-step instructions are easy to follow." - Wendy S., US Government

"The labs were very impressive. Providing the students an opportunity to see both sides of an attack, analyze the techniques and inspect follow-on findings is just as impressive as the great info provided during the lecture. This is a top notch group of labs and it is very obvious that it was no easy feat to put them together. The hard work is appreciated." - Iulian Langa
Syllabus Summary:

Section 1 - Before we begin locking down specific services, we MUST understand Identity Access Management (IAM) as, if left in the vendor's default state, can prove devastating as a compromised account can mean GAME OVER for the cloud environment.

Section 2 - This section begins by focusing on how to securely deploy, manage, and maintain compute infrastructure as well as looking at cloud application deployments holistically to focus on locking down all relevant cloud components.

Section 3 - To avoid making negative headlines, we will ensure that we understand the data circulating through our cloud deployments and how to best protect this data as it resides in different types of services.

Section 4 - Two very important topics--networking and logging--allow us to control the flow our traffic into, out of, and within our cloud-based operating environment as well as setting ourselves up for success to spot adversarial activity.

Section 5 - Now that we understand industry best practices, there is still work to be done in this section as we understand how cloud impacts compliance programs, how we can leverage cloud services to enhance our security via automation, and how best to perform penetration test and forensics investigations in the cloud.

Section 6 - The final section is unlike the previous as you will prove your skills learned in the first five sections through a hands-on CloudWars challenge.
Additional Free Resources:
  • Defending Lift and Shift Cloud Applications, webcast
  • Cloud Security: You're It!, webcast
  • Cloud Complexities: Navigating the Headwinds, webcast
  • Secure Service Configuration in AWS, Azure, and GCP, poster
  • En Español - Configuración Secure Service en AWS, Azure y GCP, poster
The SEC488 author and instructor team has created a variety of free hands-on workshops that support the learnings from the course. Feel free to review these for the education and understanding of the level of material presented in the course.
  • WORKSHOP: Cloud VM Deployment and Hardening, July 2023
  • WORKSHOP: Protecting Cloud Assets and Improving Security, Aug 2023
  • WORKSHOP: Avoiding Data Disasters, Sept 2023
  • WORKSHOP: Least Privileged: An Adventure in Third-Party Cloud Account Access, Jan 2024
Take your learning beyond the classroom. Explore sans.org/cloud-security and the SANS Cloud Security YouTube channel for a wide variety of cloud security-specific content.
What You Will Receive:
  • MP3 audio files of the complete course lectures
  • Printed and Electronic courseware
  • Extended access to the course's 20+ lab exercises
  • Access to SANS Cloud Alum Discord
What Comes Next:

Depending on your professional goals and direction, SANS offers a number of follow-on courses to SEC488.

Cloud Security Analyst
  • SEC510: Cloud Security Controls and Mitigations|GPCS
  • SEC541: Cloud Security Attacker Technique, Monitoring, and Threat Detection | GCTD
Cloud Security Engineer
  • SEC540: Cloud Security and DevSecOps Automation|GCSA
Cloud Security Architect
  • SEC549: Cloud Security Architecture
Cloud Security Management / Leadership
  • LDR520: Cloud Security for Leaders
Please review ourSANS Cloud Security Flight Planfor a full picture.

Enquire

Start date Location / delivery
21 Oct 2024 Manchester Book now

Related article

At GIAC, we believe that hands-on testing is the future of cybersecurity certification. With five certification exams featuring CyberLive , and thr...