07-25, 11:00–11:20 (US/Eastern), Room 2/3
In the world of security, network logs are fundamental to security operations and response in . So what could possibly be new to learn? Like most simple things, the cloud’s gone and *#?!ed it all up. In this talk, I’ll be sharing my experience unraveling the unexpected and sometimes bizarre behavior of flow logs in the 3 major cloud service providers (AWS, Azure, and GCP). We’ll summarize how the simple has become complicated and uncover some of the gotchas (some documented and some not) when using these logs. I’ll walk through examples of how to actually derive use from these flow logs using examples from an organization that collects and analyzes billions of records and hundreds of terabytes of flow logs per day.
Daniel is a recent convert to the blue team after spending the majority of his career breaking systems at Praetorian and the US Air Force. At Snowflake, he spends his time improving the threat detection program. When he’s not working, you can find him spending time with his wife and cats, enjoying a nice cup of coffee, or in the gym practicing Muay Thai and Brazilian Jiu Jitsu.