New Cloud Security Podcast Video: Keith Prahan on Cloud Incident Detection and Response

In this new video from the Cloud Security Podcast, Keith Prahan, Senior Security Engineer at Lime, shares his experiences and insights on incident detection and response in a cloud environment. The discussion begins with an introduction from Keith, who explains his career journey and his current role at Lime, a company specializing in micro-mobility solutions like electric scooters and bikes. Keith addresses the complexity of incident detection and response in the cloud, emphasizing that each company has specific needs. For instance, Lime required increased visibility into administrative actions in their AWS environment, as that's where most of their resources reside. He stresses that there is no one-size-fits-all solution; each organization must identify its own priorities and log sources. A crucial point in the discussion is the definition of incident detection and response. Keith explains that detection involves identifying what is wrong or abnormal in the environment, while response involves correcting these anomalies. He highlights that the transition from on-premise infrastructure to the cloud has introduced new threat vectors, especially with the advent of AI, complicating the detection of attacks. Keith also shares his experiences in building a detection and response pipeline from scratch. He mentions the importance of starting by identifying relevant log sources and ingesting them into a SIEM (Security Information and Event Management). He explains that some log sources, like GitHub, may require creative solutions for effective integration. He also emphasizes the importance of notifying teams effectively, using tools like Slack or emails, rather than always having to log into the SIEM. Another interesting aspect of the discussion is the importance of security culture within the organization. Keith insists that security should not be seen as an obstacle but rather as a partner helping to achieve the company's goals. He talks about the importance of building interpersonal relationships and finding security champions within different teams to facilitate the adoption of best security practices. Keith also addresses the challenges of transitioning from an on-premise to a cloud environment. He explains that threats and attack behaviors are different in the cloud, requiring a more granular detection approach. For example, in the cloud, it is crucial to monitor specific actions like update permissions for objects in S3 buckets, which is not always necessary in an on-premise environment. Finally, Keith shares some practical advice for those looking to build their own detection and response pipeline. He recommends starting by identifying critical applications and their log sources, then finding effective ways to ingest these logs into a SIEM. He emphasizes the importance of prioritizing alerts and ensuring that teams are equipped to respond effectively to incidents. For those who want to learn more about Keith's experiences and advice, the full video is available on YouTube.