SANS SEC488: Cloud Security Essentials

مشاغل بیشتر از هر زمان دیگری در حال انتقال داده های حساس و تغییر بار کاری به سرویس های ابر هستند. سازمان ها وظیفه تأمین اطلاعات و برنامه های مهم خود را در سرویس ابر دارند. مزایای آن از نظر هزینه و سرعت استفاده از یک بستر چند منظوره برای توسعه و تسریع در تحویل برنامه های تجاری و تجزیه و تحلیل داده های مشتری می تواند به سرعت معکوس شود اگر متخصصان امنیتی به درستی آموزش در این خصوص نداشته باشند تا محیط ابری سازمان را تأمین کنند و امنیت این سرورس ها را تامین کنند. نقض فن آوری های جدید خطرات جدیدی را ایجاد می کنند. به سازمان خود کمک کنید تا هم با چالش های امنیتی و هم فرصت های ارائه شده توسط خدمات ابری با موفقیت پشت سر قرار دهید.

لینک دانلود دوره آموزشی SANS SEC488: Cloud Security Essentials


حجم: 8.4 گیگابایت

دانلود – PDF
دانلود – USB
دانلود – Video بخش اول
دانلود – Video بخش دوم
دانلود – Video بخش سوم
دانلود – Video بخش چهارم

رمز فايل:

Date: 2020
Price: $7,640 USD
Publisher: SANS

More businesses than ever are moving sensitive data and shifting mission-critical workloads to the cloud, and not just to one cloud service provider (CSP). Organizations are responsible for securing their data and mission-critical applications in the cloud. The benefits in terms of cost and speed of leveraging a multicloud platform to develop and accelerate delivery of business applications and analyze customer data can quickly be reversed if security professionals are not properly trained to secure the organization’s cloud environment and investigate and respond to the inevitable security breaches. New technologies introduce new risks. Help your organization successfully navigate both the security challenges and opportunities presented by cloud services. 20 Hands-on Labs + CloudWars CTF

What You Will Learn

License to Learn Cloud Security

Research shows that most enterprises have strategically decided to deploy a multicloud platform, including Amazon Web Services (AWS), Azure, Google Cloud Platform (GCP), other cloud service providers. Mature CSPs have created a variety of security services that can help customers use their products in a more secure manner, but only if the customer knows about these services and how to use them properly. This course covers real-world lessons using security services created by the Big 3 CSPs, as well as open-source tools. Each section of the course features hands-on lab exercises to help students hammer home the lessons learned. We progressively layer multiple security controls in order to end the course with a functional security architecture implemented in the cloud.

This course will equip you to implement appropriate security controls in the cloud, often using automation to “inspect what you expect.” We will begin by diving headfirst into one of the most crucial aspects of cloud – Identity and Access Management (IAM). From there, we’ll move on to securing the cloud through discussion and practical, hands-on exercises related to several key topics to defend various cloud workloads operating in the different CSP models of: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS), and Functions as a Service (FaaS).

“I would recommend any tech friend to learn what they can about cloud security as the industry has been transitioning this way for quite a while. This class is a great introduction to this subject.” – Christopher Barath, Wells Fargo

Use of AWS, Azure and even GCP with concrete examples: that’s a win!” – Maite Amourdon, SAP France


  • Understand the current cloud deployment
  • Protect cloud-hosted workloads, services, and virtual machines
  • Cost-effectively select appropriate services and configure properly to adequately defend cloud resources
  • Get in front of common security misconfigurations BEFORE they are implemented in the cloud
  • Ensure business is aligning to industry regulations and laws when operating in the cloud
  • Decrease adversary dwell time in compromised cloud deployments


  • Navigate your organization through the security challenges and opportunities presented by cloud services
  • Identify the risks of the various services offered by cloud service providers (CSPs)
  • Select the appropriate security controls for a given cloud network security architecture
  • Evaluate CSPs based on their documentation, security controls, and audit reports
  • Confidently use the services of any of the leading CSPs
  • Protect secrets used in cloud environments
  • Leverage cloud logging capabilities to establish accountability for events that occur in the cloud environment
  • Identify the risks and risk control ownership based on the deployment models and service delivery models of the various products offered by cloud service providers (CSPs).
  • Evaluate the trustworthiness of CSPs based on their security documentation, service features, third-party attestations, and position in the global cloud ecosystem.
  • Secure access to the consoles used to access the CSP environments.
  • Implement network security controls that are native to both AWS and Azure.
  • Follow the penetration testing guidelines put forth by AWS and Azure to invoke your “inner red teamer”to compromise a full stack cloud application


SEC488: Cloud Security Essentials reinforces the training material via multiple hands-on labs in each section of the course. Labs are performed via a browser-based application rather than virtual machine. Each lab is designed to impart practical skills that students can bring back to their organizations and apply on the first day back in the office. The labs go beyond the step-by-step instructions by providing the context of why the skill is important and instilling insights as to why the technology works the way it does.

Highlights of what students will learn in SEC488 labs include:

  • Leveraging the web consoles of AWS and Azure to secure various cloud service offerings
  • Hardening and securing cloud environments and applications using open source security tools and services
  • Building, hardening, patching, and securing virtual machines and virtual machine images
  • Using the command line interface (CLI) and simple scripts to automate work
  • Preventing secrets leaking in code deployed to the cloud
  • Using logs and security services to detect malware on a cloud virtual machine and perform preliminary forensics
  • Using Terraform to deploy a complete environment to multiple cloud providers

Section 1: New cloud users, Permissions boundaries, Cloud management station, Deploy CD/CA environment

Section 2: Secure instance deployment, Threat intelligence gold image, Which reality, Blob lock down

Section 3: Data hunting, Data in transit, Terraform code assessment, CASB techniques

Section 4: Restricting network access, Web Application Firewall (WAF), Cloud services logging, IaaS logging

Section 5: Security hub compliance assessment, Microsoft Defender for cloud, Multicloud penetration testing, Multicloud forensics

Section 6: CloudWars


آدرس ایمیل شما منتشر نخواهد شد.