Abstract:
StackStorm is an open-source platform for integration and automation across services and tools, taking actions in response to events (sometimes called IFTTT for operations). In this presentation I will show how to simplify system administrator’s life by using StackStorm to perform automated security scanning of the servers and remediation in the cloud.
We will have a look at how to set up StackStorm to continuously scan your cloud infrastructure for rogue services, rootkits and breaches. The remediation step will include isolating a server / putting it in a lock-down mode, collecting additional context and forensic evidence (files, hashes, running processes, etc.) and notifying the administrators of the incident.
After the presentation, you will have a good idea of how to connect and integrate StackStorm together with services such as Amazon EC2 and “common” Linux tools such as netstat, tcpdump, chkrootkit, rkhunter and iptables.
Bio:
Tomaž Muraus is a software engineer at StackStorm where he is helping to build the product. Tomaz previously worked at Cloudkick, Rackspace and DivvyCloud where he was building and operating highly performant and highly available distributed systems. His latest work at Rackspace includes Service Registry, an API-driven cloud service which allows users to react to changes faster and build highly-available and decoupled applications and services. Tomaz is a big supporter and proponent of open systems and open-source software. He has started, participated in development and contributed to many different open-source projects. Additionally, he is a project chair and main developer of Apache Libcloud, an open-source project that deals with cloud interoperability.
[…] Stormer Tomaz Muraus will be hosting a talk at this year’s Security BSides Ljubljana on “Automated Security Scanning and Remediation in the Cloud Using StackStorm” […]
[…] Muraus talked at BSides Ljubljana about security scanning and remediation with […]