Threat hunting in the cloud is something that is not often talked about from a security strategy perspective. This talk will specifically cover techniques that can be used to support hunting within cloud environments. Recently, we have seen both Amazon and Microsoft release traffic mirroring capabilities within cloud environments which has allowed traditional network security solutions to move to the cloud. This presentation will go over general best practices for securing a cloud environment (AWS/Azure) including the use of endpoint logging on instances as well as methods that can be employed to conduct threat hunting exercises against collected data. We will also discuss what additional investigative details and context can be gained through correlation of endpoint and cloud events.
