SANS SEC510: Public Cloud Security: AWS, Azure, and GCP

دوره جدید SANS SEC510: Public Cloud Security: AWS, Azure, and GCP از موسسه SANS آموزش امنیت در خصوص Public Cloud می باشد. دوره SANS SEC510 تجزیه و تحلیل عمیق از امنیت سرویس های مدیریت شده در ابر عمومی یا همان Public Cloud را شامل میشود، با توجه به اینکه سه شرکت آمازون، مایکروسافت و گوگل امروزه سهم بسیار بزرگی از سرویس های میزبانی را دارند، یادگرفتن تامین امنیت برای سرویس های مختلف در این پلتفرم ها امری مهم میباشد. مدرک این دوره GPCS نام دارد.

Date: 2021
Price: $7,190 USD
Publisher: SANS

What You Will Learn

SEC510.1: Cloud Credential Management
SEC510.2: Cloud Virtual Networks
SEC510.3: Cloud Encryption, Storage, and Logging
SEC510.4: Serverless Platforms
SEC510.5: Cross-Account and Cross-Cloud Assessment

Multiple Clouds Require Multiple Solutions

SEC510: Public Cloud Security: AWS, Azure, and GCP teaches you how the major cloud providers work and how to securely configure and use their services and Platform as a Service (PaaS) offerings.

Organizations in every sector are increasingly adopting cloud offerings to build their online presence. However, although cloud providers are responsible for the security of the cloud, their customers are responsible for what they do in the cloud. Unfortunately, the providers have made the customer’s job difficult by offering many services that are insecure by default. Worse yet, with each provider offering hundreds of different services and with many organizations opting to use multiple providers, security teams need a deep understanding of the underlying details of the different services in order to lock them down. As the landscape rapidly evolves and development teams eagerly adopt the next big thing, security is constantly playing catch-up in order to avert disaster.

SEC510 provides cloud security practitioners, analysts, and researchers with an in-depth understanding of the inner workings of the most popular public cloud providers: Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). Students will learn industry-renowned standards and methodologies, such as the MITRE ATT&CK Cloud Matrix and CIS Cloud Benchmarks, then apply that knowledge in hands-on exercises to assess a modern web application that leverages the cloud native offerings of each provider. Through this process students will learn the philosophies that undergird each provider and how these have influenced their services.

The Big 3 cloud providers alone provide more services than any one company can consume. As security professionals, it can be tempting to limit what the developers use to the tried-and-true solutions of yesteryear. Unfortunately, this approach will inevitably fail as the product development organization sidelines a security entity that is unwilling to change. Functionality drives adoption, not security, and if a team discovers a service offering that can help get its product to market quicker than the competition, it can and should use it. SEC510 gives you the ability to provide relevant and modern guidance and guardrails to these teams to enable them to move both quickly and safely.

This Course Will Prepare You To

• Understand the inner workings of cloud services and Platform as a Service (PaaS) offerings in order to make more informed decisions in the cloud
• Understand the design philosophies that undergird each provider and how these have influenced their services in order to properly prescribe security solutions for them
• Discover the unfortunate truth that many cloud services are adopted before their security controls are fully fleshed out
• Understand Amazon Web Services (AWS), Azure, and Google Cloud Platform (GCP) in depth.
• Understand the intricacies of Identity and Access Management, one of the most fundamental concepts in the cloud and yet one of the last understood
• Understand cloud networking and how locking it down is a critical aspect of defense-in-depth in the cloud
• Analyze how each provider handles encryption at rest and in transit in order to prevent sensitive data loss
• Apply defense-in-depth techniques to protect data in cloud storage
• Compare and contrast the serverless platforms of each provider
• Explore the service offering landscape to discover what is driving the adoption of multiple cloud platforms and to assess the security of services at the bleeding edge (such as the Firebase platform)
• Utilize multicloud IAM and cloud Single Sign-On to provide secure access to resources across cloud accounts and providers
• Automate security and compliance checks using cloud-native platforms and open-source solutions
• Understand Terraform Infrastructure-as-Code well enough to share it with your engineering team as a starting point for implementing the controls discussed in the course
• Read and understand Terraform Infrastructure as Code configuration for the AWS, Azure, and GCP clouds
• Perform security reviews on Terraform Infrastructure as Code to identify cloud misconfigurations

LAB INFORMATION

SEC510: Public Cloud Security: AWS, Azure, and GCP consolidates all of the concepts discussed in the lectures through hands-on labs. In the labs, students will assess a modern cloud infrastructure created using Terraform Infrastucture as Code. Each cloud provider will host a multicloud web application written in Next.js, Reach, and Sequilize that leverages the cloud native offerings of each provider. Each lab includes step-by-step guide as well as a “no hints” option for students who want to test their skills without further assistance. This allows students to choose the level of difficulty that is best for them and fall back to the step-by-step guide as needed.

Hands-On Training:

• Virtual Machine Credential Exposure
• Harden AWS IAM Policies
• Harden Azure and GCP IAM Policies
• Advanced IAM Features
• Network Lockdown
• Analyzing Network Traffic
• Private Endpoint Security
• Cloud VPN and Managed SSH
• Audit Decryption Events
• Encrypt All The Things!
• Storage Service Lockdown
• Unauthorized File Sharing
• Serverless Prey
• Harden Serverless Functions
• App Service Security
• Broken Firebase DB Access Control
• Multicloud Integration
• Login with Azure AD
• Automated Benchmarking
• CloudWars Daily Bonus Challenges
• Lab Tear Down