“If you have access to change it then it is
yours, if not, then it’s theirs”
Slide 5
Slide 5 text
Incident Prevention
A process to set instruments/tools/services to avoid possible threats or
impacts during an attack
Incident Response Plan
What to do when once we are impacted
Slide 6
Slide 6 text
Compliance Updates
Maintain your instances up to date (OS, Libraries)
Network
Does this need to be public accessible?
What ports should I let in?
What traffic should go out?
Encryption
At rest
In transit
Secret Management
Keep your secret data secret
Preparation
Log everything you can (this will
also help for auditing)
● Application Logs
● Server Logs
● Network Logs (Traces)
● Access Logs and more
Design the infrastructure to
prevent single point of failure
Slide 12
Slide 12 text
Detection
Monitoring and Alerting
● Behaviour rules like traffic spikes, CPU
and Memory consumption
● Traffic from countries not served
● Sign in failures
Page System :(
Slide 13
Slide 13 text
Containment
Use automated processes to isolate any
further impact like:
● Creating Network rules
Make sure the impacted surface does
not grow
Slide 14
Slide 14 text
Investigation
● Analyze logs and timelines
● Check which alarming systems triggered
● Check Dashboards
Slide 15
Slide 15 text
Recovery
Get your environment to
normal state
Slide 16
Slide 16 text
Lessons Learned
Make sure all missings are documented and ARs are assigned
and tracked
Slide 17
Slide 17 text
Take Away #1
All applications are subject to exploits
Slide 18
Slide 18 text
Take Away #2
I’d rather invest more money on security checks, tools,
automation, than risking customer/company data
Slide 19
Slide 19 text
Take Away #3
Security is a shared responsibility to be carried among
all company employees, not only the Security crew