Established methodologies for monitoring cloud-based environments are less than ideal. They come with significant downsides, including the ability for attackers and mischievous users to avoid detection and bypass security controls. I would like to explore how we can use existing technologies like log management systems, SIEMs and the auditing features that cloud platforms already provide to establish an effective monitoring strategy that can enable administrators to detect and even respond to misuse or severe security events. This talk will focus on Google Cloud Platform (GCP) and Amazon Web Services, although we will talk about intrusion/misuse detection and prevention more generally.
