© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Aurangabad (Chh. Sambhajinagar) 2023 Venue Sponsor 

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Security Incident Response By: Sankalp Sandeep Paranjpe Aurangabad (Chh. Sambhajinagar) 2023 

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AGENDA Aurangabad (Chh. Sambhajinagar) 2023 Introduction to Cybersecurity Security controls, procedures and practices Shared Responsibility Model Amazon GuardDuty and Inspector Incident Response 

WHOAMI © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Cloud Captain Final year B.Tech student at MIT ADTU Pune Cloud Security, Application Security 2X AWS Certified EC Council CEH-Practical Certified Sankalp Sandeep Paranjpe 

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Shared Responsibility Model 

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What is a security incident? Event Any observable occurrence in your IT infrastructure File created on a system The user logged in to the system System shut down Incident An Event that negatively affects IT systems and impacts the business System out of memory/disk Power/hardware failure Host/network unreachable Security Incident potentially jeopardizes the CIA Triad of an information system Malware installed on a system Unauthorized access to system Software vulnerability exploited 

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Incident Response Aurangabad (Chh. Sambhajinagar) 2023 

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Aurangabad (Chh. Sambhajinagar) 2023 Incident response refers to an organization’s processes and technologies for detecting and responding to – cyber threats, security breaches cyberattacks. The goal of Incident Response: To prevent cyberattacks 

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Aurangabad (Chh. Sambhajinagar) 2023 

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Define the vision, mission, and scope of incident response. Obtaining Management Approval and funding Assess the organizational structure, and security policies and develop an Incident response plan. Developing procedures and building IR Team. Prioritize assets and infrastructure Preparation 

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Incident Recording Incident Triage Incident analysis Incident Classification Incident Prioritization Detection and Analysis 

Containment Disabling the compromised service or system Changing passwords or disabling Accounts Gathering of evidence Forensic Analysis of Evidence 

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Eradication of the root cause of the incident. Implement protection tools and techniques such as Firewalls etc. System Recovery after the eradication of incidents. Eradication and recovery 

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Image caption 1 Image caption 2 Image caption 3 Image caption 4 Image caption 5 Image caption 6 Aurangabad (Chh. Sambhajinagar) 2023 Let's Connect: https://www.linkedin.com/in/sankalp-s-paranjpe/ https://twitter.com/SankalpParanjpe Thank you!