White Paper

SANS 2021 DFIR Cloud Report: Partly Cloudy with a Bunch of DFIR

SANS 2021 DFIR Cloud Report

There’s no doubt that more organizations than ever are leveraging the cloud for storage, processing, and computing. The rapid shift to a cloud-first business approach has inevitably increased pressure on security teams as they lean on traditional DFIR tools and methods to investigate cloud incidents. Traditional DFIR methods were not developed with cloud in mind, as apparent with every step of the process from collection to analysis.

The SANS 2021 Cloud Report: Partly Cloudy with a Bunch of DFIR analyzes today’s most pressing cloud DFIR challenges, while proposing a way forward for security teams and DFIR experts who are seeking a better way to manage cloud investigations and implement a cloud-first security program.

This report explores:

  • Cloud threats on the rise
  • How an increased focus on container and auto-scaling technology poses new security challenges
  • How to navigate data access requirement obstacles
  • How to leverage the power of the cloud and automation to drastically reduce the time to evidence
  • The importance of a defense-in-depth cloud security strategy