The sprint to the cloud has drastically changed how CISOs should view their security boundaries and requires a paradigm shift. While the cloud has offered unprecedented opportunity for resilience, scale, and innovation, security monitoring and incident response (IR) have not kept pace with the rapid change. As we think about how to solve for this dilemma, we should consider the following problem statement—how does an organization enable security monitoring and IR in the cloud and do it the “cloud way”?
To help answer this question, we have identified four ways to help prepare for cloud security incidents:
- Automate security monitoring and IR of cloud assets using cloud- native SOAR (Security Orchestration, Automation, and Response)
- Set up and prepare your cloud digital forensics and IR environment before you need it
- Retool your analysis, containment, and isolation capabilities to support cloud-native resources Rehearse
- Rehearse your security response capability with cloud-focused adversary simulations