Chapter 3. Getting Security Visibility at Scale

When looking at security, an often-referenced framework for looking at how teams can operate during incidents is John Boyd’s OODA loop, shown in Figure 3-1.

The OODA loop
Figure 3-1. The OODA loop

What this model implies is that the quicker you can cycle through this loop, the more you will outmaneuver and outperform your competitors and adversaries. John himself was a decorated US Air Force fighter pilot and Pentagon consultant who was dubbed “Forty-Second Boyd” for his standing bet that he would beat any other pilot from a state of disadvantage in 40 seconds. Applied in a security context, it means that during an incident, you need to able to rapidly cycle through this loop to be able to react and act proactively.

With this model in mind, this chapter focuses on visibility, building the ability for you to observe your estate at scale. Without the right infrastructure in place, you will be stuck fumbling around in the dark or having to invest too much time trying to see what’s going on to be able to take control of the situation and act.

In this chapter, you will learn how to accomplish the following:

  • Build a lightweight cloud native Security Operations Center

  • Centralize your logs into a secure location for analysis and investigations

  • Leverage the automated log anomaly detection available from your CSP to detect common threat vectors

Get Cloud Native Security Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.