Sans Sec 549 2021

Mastering Cloud Security: A Deep Dive into SANS SEC 549 (2021 Edition)

Subject: SANS SEC 549: Cloud Security Architecture & Operations
Year of Focus: 2021
Instructor (Typical): David Hazar (primary author)

It was in this climate that SANS SEC549: Cyber Threat Intelligence became essential viewing for analysts looking to move from reactive firefighting to proactive defense. sans sec 549 2021

1. Threat Intelligence Fundamentals: Introduction to threat intelligence, types of threat intelligence, and its role in incident response.
2. Threat Intelligence Gathering: Techniques for gathering threat intelligence, including open-source intelligence, dark web analysis, and malware analysis.
3. Threat Intelligence Analysis: Analyzing and processing threat intelligence data, including indicators of compromise (IOCs), tactics, techniques, and procedures (TTPs), and threat actor profiling.
4. Incident Response: Incident response methodologies, including NIST 800-61 and SANS 704, and the importance of incident response planning.
5. Incident Response Process: Detailed overview of the incident response process, including containment, eradication, recovery, and post-incident activities.
6. Threat Intelligence-Driven Incident Response: Using threat intelligence to inform incident response, including threat hunting and threat intelligence-based incident response.
7. Tools and Techniques: Overview of tools and techniques used in threat intelligence and incident response, including threat intelligence platforms, SIEM systems, and malware analysis tools.

• Sanshiro: Akira Yamada (known for his roles in "Shinsengumi" and "Rurouni Kenshin")
• Akane: Fuka Koshiba (known for her roles in "Attack on Titan" and "Kizumonogatari")
• Ryota: Kenji Horikawa (known for his roles in "Gaku" and "Higurashi")

• Key Topic: Pod Security Policies (PSP) – though deprecated later, in 2021 they were critical.
• Key Topic: Admission controllers (Kyverno, OPA Gatekeeper) to enforce "no root containers" and "read-only root filesystems."
• Tool Focus: Falco for runtime anomaly detection.
• Lab: Students deployed a malicious pod that attempted to mount the host’s Docker socket and used Falco rules to generate real-time alerts.