Digital Forensics in the cloud. ENGENSEC presentation in Barselona (OpenStack Summit)

OpenStack Summit took place in Barсelona on 25-26 October 2016. The Summit included exhibition in Marketplace Expo Hall, Conference Breakout sessions and Design Summit developer & operator working sessions. A lot of presentations were devoted to OpenStack Security – Holistic Security for OpenStack Clouds, Advanced Threat Protection and Kubernetes, Incident Response and Anomaly Detection in Opentack, The state of OpenStack security and Secure Image Management Infrastructure.

The ENGENSEC representatives, Anders Carlsson, general manager and developer from Digital Forensics team (BTH, Sweden), and Alexander Adamov, leader of Malware analysis team (KhNURE, Ukraine), focused the attention of visitors on the questions related to the Digital Forensics in the cloud – “Cloud Forensics vs. OpenStack”

Comprehensive logging as a way to mitigate a repudiation attack and find the traces of the attacker when an incident happens was discussed during the presentation. Another highlighted issue was exhilarating digital evidence in a multi-tenant environment. Compute node logs that represent digital evidence may lead to confidentiality violations if the node includes additional tenants who are not related to the incident. The presenters analyzed the ability of the OpenStack forensic tools that applying in OpenStack.

At the end of the panel, experts gave recommendations on how to prepare your organization for the inevitable security attack, with the consensus being that the best way to handle an incident is to prevent or block the attack at the very beginning, thus, simplifying the investigation process and minimizing losses.

The source of original article