Chris Peiris - Threat Hunting in the Cloud: Defending AWS, Azure and Other Cloud Platforms Against Cyberattacks

1. Chapter 2
2. Chapter 6

1. Chapter 1
2. Chapter 2
3. Chapter 3
4. Chapter 4
5. Chapter 5
6. Chapter 6
7. Chapter 7
8. Chapter 8
9. Chapter 9
10. Appendix G

Chris Peiris

Binil Pillai

Abbas Kudrati

Copyright 2022 by John Wiley & Sons, Inc. All rights reserved.

Published by John Wiley & Sons, Inc., Hoboken, New Jersey.

Published simultaneously in Canada.

ISBN: 978-1-119-80406-2
ISBN: 978-1-119-80411-6 (ebk)
ISBN: 978-1-119-80410-9 (ebk)

No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 750-4470, or on the web at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permission.

Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.

For general information on our other products and services or for technical support, please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002.

Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic formats. For more information about Wiley products, visit our web site at www.wiley.com.

Library of Congress Control Number: 2021944284

Trademarks: WILEY and the Wiley logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. AWS is a registered trademark of Amazon Technologies, Inc. and Azure is a registered trademark of Microsoft Corporation. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book.

Cover Image: bookzv/Shutterstock

Cover Design: Wiley

This book is dedicated to my mother, Shantha, and my father, Christopher, who taught me that hard work, passion, and curiosity will overcome any obstacle in life. Thank you for the support and courage you provided me to take on the worldand to my youngest son, Deven, who teaches me to venture out of my comfort zone and challenge the status quo every day. This is for you.

Dr. Chris Peiris

I dedicate this book to my dad, Capt. Aravindakshan Pillai, my mom, Ambika Devi, my sister, Beena Pradeep, and my school teachers, not only for their love and care but also for their support during my childhood socialization, which helped shape how I view the world around me and learn the importance of respecting others, regardless of their race, ethnicity, religion, gender, age, etc.

Binil Pillai

I dedicate this book to my dad, Shabbir Hussain, whom I role model in many ways, and to my mom, Zahra, who keeps me in her everyday prayers.

Abbas Kudrati

Dr. Chris Peiris's information technology career spans over 25 years, the last 15+ years dedicated to cybersecurity. Chris is an avid publisher and a thought leader in the cybersecurity, enterprise architecture, and cloud integration spaces. He has advised Fortune 500 companies, federal and state governments, and defense and intelligence entities across the U.S., Asia Pacific Japan, Middle East Africa, Australia, and New Zealand.

Chris is a published author of 10 books on multiple technologies, including cybersecurity, cloud computing, web services, C#, and Java topics. These books have been translated into nine languages and are available in 30+ countries. He is also an academic researcher at Monash University and University of Canberra. Chris was awarded an Associate Professorship (Adjunct) fellowship at the University of Canberra in recognition of academic research contributions to cybersecurity and cloud computing. He has multiple tertiary qualifications from Harvard University, the University of Canberra, and Monash University. He is an author of multiple academic research journals and frequent speaker at professional IT conferences.

Chris was the Director of Cybersecurity for Microsoft, Asia Pacific Japan, and Australia. He was also the National Security Lead for Avanade (Accenture and Microsoft joint venture) and an advisor to multiple defense and intelligence think tanks. Chris has assisted in creating government wide secure threat management frameworks in Taiwan, Singapore, New Zealand, and Australia. He also created incident response, security operations center/cyber fusion center, advisory services, and threat intelligence capabilities across Asia Pacific Japan, Middle East Africa, and Americas.

Binil Pillai is a strategic-thinking business development professional with 23 years of multifaceted experience building relationships, cultivating partnerships, retaining customers, and growing profit channels by establishing trust. As Global Director of Security, Compliance and Identity (SCI) at Microsoft, Binil focuses on the small, medium, and corporate segment and works with corporate executives to evangelize security as a foundational capability to accelerate a secure digital transformation journey. Binil has experience in security product development, managed security product marketing, and led worldwide security go-to-market and sales activations. He was the business architect who designed and launched the Business Value Analysis (BVA) model to quantify security risk exposure for B2B customers. Before joining Microsoft, Binil worked as a regional practice manager for Deloitte Consulting's strategy and operations practice. His business strategy consulting experience spans business transformation, corporate strategy alignment, post-merger integration, adoption and change management, customer relationship management, IT strategic planning, and more, with a wide range of companies and government agencies.