Request a DemoEmergency Assistance
SNOWFLAKE CUSTOMERS

Find out fast if you are impacted by this active threat campaign. >>

SNOWFLAKE CUSTOMERS
Find out fast if you are impacted by this active threat campaign. >>
Home
»
Resource Library

What is Cloud Incident Response? Cyber Terms Explained

Featuring: Tal Mozes, CEO & Co-Founder, Mitiga

Cloud incident response, process-wise, is not very different than a regular incident response—which is the process once we realize we have been breached. We need to start investigating what has happened, what is the impact, when did it happen, and what we need to return to business as usual as soon as possible.

The problem in the cloud, unlike in the on-prem technologies, is that we rely on a lot of logs and system settings that we can query, and a lot of data might not be accessible to us for those investigations. When we talk about old-school on-prem incident response, usually we can take images from endpoints, we can find logs from operating systems, and so on.

But again, when we go to the cloud, if we didn't make sure that we have the right data in advance and keep it, in most scenarios, we won't be able to recreate this data, and we won't have the complete picture to do the investigation and to do a thorough and productive incident response.

So, for some of the SaaS applications that we might have in our organization, we won't have logs at all. For some of them, we might be able to ask for those logs. For example, if you are running on Office 365 and you're investigating a business email compromise, which is very common, not necessarily the Office 365 could be G Suite.

With all Office 365 applications, they only give you the logs from seven days back. But if you just discovered that it happened, I don't know, 10 months ago, and you would like to download those logs from Microsoft, Microsoft will throttle the download; and you might wait several weeks to download the right logs so you can start investigation, and that will slow you down.
 
Therefore, keeping all those logs in advance and defining the right logs to have, also capturing security configuration and settings for cloud accounts and subscription that might not be exist while you start investigation, is key to have an effective and quick incident response.

Learn how Mitiga’s platform enables swift cloud incident response.

Video

Cloud Security and Cyber Insurance Experts Help Organizations Learn How to Mitigate Cloud and SaaS Threats

We really need to define and understand “Where is the border between our security or what we invest in cybersecurity as a client, and between the infrastructure?” And sometimes because they're so big and because they are, we trust that they have everything, is that a right presumption from our side?

Video

Protecting Data and Access in Cloud Environments

When we're talking about this modern era now, what new challenges do you need to address that are different in terms of access, data, and identity that perhaps are different than things you might've had to think about a couple years back?

Video

Get to Know Mitiga: Cloud and SaaS Threat Detection, Investigation, and Response Leader

After 25 years of experience in cybersecurity, we came to a conclusion that in cloud detection, investigation, and response, there is still no single good solution that can oversee the entire landscape of the digital footprint.