Presented by

  • Alistair Chapman

    Alistair Chapman
    @agc93
    https://agc93.au

    Alistair Chapman is an Australian Information Security engineer and .NET developer. As well as working in InfoSec, Alistair has also been building, contributing and maintaining open source projects for the last decade, working with a variety of different projects and communities in the .NET ecosystem and beyond. Alistair’s current passions are cloud security architecture, cross-platform .NET, containerisation and DevOps automation. By day however, Alistair is a Senior Cloud Security Engineer at Red Hat specializing in incident response and security architecture for public and hybrid cloud environments based in Brisbane, Australia.

Abstract

This talk will be a high-level rundown of the complexities of logging, auditing and forensics in public or hybrid cloud environments. While some might think they've got the hang of logging in their system of choice, whether that's Linux or any other OS, things become a lot more complicated once you're looking for events that happen in the cloud platforms themselves! Based on experience from incident response and forensics in using open-source software and tools, but running in decidedly less open public cloud platforms, Alistair will present a number of challenges and unforeseen complications from trying to track down what happened in cloud security incidents. In particular, we'll be looking at how every cloud platform uses its own (often arcane) set of services and capabilities, many of which don’t integrate very cleanly with your existing tools or capabilities. You’ll get to learn about the insane challenges, but also massive opportunities for improving how you log and trace incidents in cloud environments, whether you’re a developer building OSS tools, the sysadmin trying to keep your environments running, or a security professional trying to make sense of cloud-based incident response.