Adding to the Toolkit – Some Useful Tools for Cloud Security
With more business applications moving to the cloud, the ability to assess network behavior has changed from a primarily systems administration function to a daily security operations concern. And whilst sec-ops teams are already familiar with firewall and network device log tools, these can be of limited used in a “cloud first” business where much of the good traffic that occurs is hard to distinguish from potentially risky traffic.
Fortunately, there are plenty of tools in use by developers and sys-ops teams alike that can help during security assessment and forensic investigations. The only downside for many security operations teams is that they simply haven’t had a chance to explore many of the more useful tools that can help inform an investigation.
With this blog post, I wanted to highlight a few tools that might already be in use in your business that can help round out your security assessment capabilities.
Reviewing a Client’s Web Traffic
If you’re using a proxy server to filter and secure your traffic (and you really should be!), you should hopefully already have logs of the web sessions that are leaving your organization. For scenarios where a proxy server isn’t available or practical, I’ve found web sniffing tools like Fiddler or mitmproxy particularly helpful.
I’m confident that practically every security researcher has, at one time or another, tracked processes and associated web traffic using netstat and other similar tools (and/or used packet inspection tools which we’ll get to later). I’ve personally found that working slightly higher up the OSI model can deliver quick results that can help focus investigations.
Using a web sniffing tool permits you to trace the specific web requests made by a host. Working off the back of an unexpected firewall alert with these tools can lead you to see (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Chris Hudson. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/cloud/useful-tools-cloud-security/