-
Works off NIST SP 800-661
-
Everything refers back to a company’s governance, risk management, and compliance (GRC) policies
-
Has many native (guardDuty, SecurityHub, etc) and third-party (Deloitte, Accenture, etc) security products
- Find issue
- Identify skilled engineers - need those to builders and testers
- Build realistic model
- Build and test scenario elements
- Invite other security individulas and cross-org participants
- Run the sim
- Examples are unauth'd changes to network configuation or resources, publically exposed creds, sensitive content made public via a misconfiguration, or air-gapped webserver that's talking to outside IP.
- Iterate
- Centralization vs Decentralization
- AWS Features: Lambda, Step Functions, Auto Remediation, SSM Agent, Fargate, EC2 (See Infrastructure Domain Incidents Steps)
- Use AWS Systems Manager Run Command to capture Volatile Data
- Event-based and periodic scanning
- Runbooks (akin to Splunk Playbooks)