"This book analyses the cybersecurity of a cloud environment from both offensive and defensive aspects. The book will discuss emerging threats such as advanced phishing campaigns, data exfiltration, and zero-day attacks possible in the cloud environment.We cover threat modeling for cloud environments based on possible attack vectors and threat modeling tools specific to the cloud. The offensive security aspect will discuss uncovering emerging threats by penetration testing. This will help security professionals discover authentication, authorization, and network access management issues in the cloud environment. The DevSecOps captures a shift-left approach to address security early in the software development life cycle. It covers static analysis, code reviews, software component analysis, and dynamic analysis with continuous integration/continuous-deployment (CI/CD) used for deploying code in the cloud. The defensive security portion will elaborate upon defense against emerging threats using vulnerability management using native tools and commercial vulnerability management software. The cloud compliance section will cover the cloud's security and data protection standards and security controls. We discuss the zero-trust model that deviates from the traditional definition of trust boundaries and validates all interactions in a cloud environment. The incident response life cycle is used to prepare for, identify, contain, and eradicate security threats in the cloud. We discuss how automation and autonomous cyber defense tools based on Artificial Intelligence (AI) and Machine Learning and techniques can help resource-constrained security teams address cloud security at a scale. The book also elaborates upon some helpful case studies on the practical deployment of cloud security solutions, their limitations, and lessons learned based on case-studies experience in cloud security"-- Provided by publisher.
The book reviews the zero-trust model that deviates from the traditional definition of trust boundaries and validates all interactions in a cloud environment. The incident response life cycle is used to prepare for, identify, contain, and eradicate security threats in the cloud. It discusses how automation and autonomous cyber defense tools based on Artificial Intelligence and Machine Learning and techniques can help resourceconstrained security teams address cloud security at a scale. The book also elaborates upon some helpful case studies on the practical deployment of cloud security solutions, their limitations, and lessons learned based on case-studies experience in cloud security.
This book offers a hands-on guide to cloud security from both offensive and defensive perspectives. It explores real-world threats like phishing, data exfiltration, and zero-day exploits, while equipping professionals with tools for threat modeling, DevSecOps, and penetration testing.
Preface. Architecture of Cloud Platforms. Emerging Threats and Threat
Modeling. Penetration Testing for Cloud Platform. DevSecOps in Cloud. Cloud
Governance, Risks and Compliance. Designing Secure Cloud. Security
Automation: AI and ML in Cloud Security. Incident Response in Cloud. Case
Studies in Cloud Security. References. Index.
Ankur Chowdhary is a cybersecurity researcher and currently works as a Staff Security Engineer at 6sense Insights, Inc. He has over 10 years of experience in cybersecurity industry and has presented his research work at many leading conferences such as DEFCON. Ankur completed his PhD (2020) and M.S. (2015) in Computer Science with specialization in cybersecurity from Arizona State University. His research interests include Cloud Security, Software Defined Networks, and application of Artificial Intelligence and Machine Learning in the field of cybersecurity. Ankur has co-authored over 30 research papers and one textbook in the field of cybersecurity. More information about his recent work can be found at his website https://ankurchowdhary.com
Abdulhakim Sabur is an Assistant Professor of Network Security in the College of Computer Science and Engineering at Taibah University, Madinah, Saudi Arabia. He obtained a Ph.D. and Masters in Cybersecurity from Arizona State University, Tempe, Arizona in 2023 and 2018, respectively. His research interests include Network and Cloud Security, Privacy, Vulnerability Management, Software Defined Systems, and applications of AI in Cybersecurity. Abdulhakim has authored over 20 research articles published in top journals and conferences.
Lisainfo e-raamatute kohta