Customers
Why Mitiga
Request a DemoEmergency Assistance
Home
»
Resource Library

What is Cloud Incident Response? Cyber Terms Explained

Featuring: Tal Mozes, CEO & Co-Founder, Mitiga

Cloud incident response, process-wise, is not very different than a regular incident response—which is the process once we realize we have been breached. We need to start investigating what has happened, what is the impact, when did it happen, and what we need to return to business as usual as soon as possible.

The problem in the cloud, unlike in the on-prem technologies, is that we rely on a lot of logs and system settings that we can query, and a lot of data might not be accessible to us for those investigations. When we talk about old-school on-prem incident response, usually we can take images from endpoints, we can find logs from operating systems, and so on.

But again, when we go to the cloud, if we didn't make sure that we have the right data in advance and keep it, in most scenarios, we won't be able to recreate this data, and we won't have the complete picture to do the investigation and to do a thorough and productive incident response.

So, for some of the SaaS applications that we might have in our organization, we won't have logs at all. For some of them, we might be able to ask for those logs. For example, if you are running on Office 365 and you're investigating a business email compromise, which is very common, not necessarily the Office 365 could be G Suite.

With all Office 365 applications, they only give you the logs from seven days back. But if you just discovered that it happened, I don't know, 10 months ago, and you would like to download those logs from Microsoft, Microsoft will throttle the download; and you might wait several weeks to download the right logs so you can start investigation, and that will slow you down.
 
Therefore, keeping all those logs in advance and defining the right logs to have, also capturing security configuration and settings for cloud accounts and subscription that might not be exist while you start investigation, is key to have an effective and quick incident response.

Learn how Mitiga’s platform enables swift cloud incident response.

Video

What Is Cloud Investigation? Cyber Terms Explained

Maybe before we dive deep into cloud investigation, let's talk about what is the cloud that we're referring to in cybersecurity? Because the cloud has different parts in your organization.

Video

What is a Security Data Lake? Cyber Terms Explained

When we talk about a Security Data Lake, Data Lake is not a very new concept. It's the concept of aggregating alot of data from different resources into a centralized repository.

Video

Mitiga — RSA Conference 2024 Innovation Sandbox

Each year, RSA Conference invites cybersecurity’s boldest new innovators to compete in RSAC Innovation Sandbox, a contest that puts the spotlight on startups with potentially game-changing ideas.