Episode 62 — Network security monitoring in the cloud: choose signals that reveal attacker movement
This episode teaches how to select network monitoring signals that actually expose attacker behavior, rather than collecting traffic data that cannot answer investigation questions. You’ll define what “movement” looks like in cloud terms, including unexpected east-west connections, unusual service-to-service calls, and traffic patterns that violate intended segmentation. We’ll tie these ideas to GCLD-style questions that ask you to balance cost, coverage, and operational usefulness while still producing defensible detection capability. You’ll also examine practical challenges such as encrypted traffic reducing payload visibility, ephemeral assets changing baselines, and multi-account designs that complicate correlation. By the end, you’ll be able to justify which flow data, connection metadata, and service-level signals to prioritize so monitoring reveals paths an attacker would use to pivot and expand access. Produced by BareMetalCyber.com, where you’ll find more cyber audio courses, books, and information to strengthen your educational path. Also, if you want to stay up to date with the latest news, visit DailyCyber.News for a newsletter you can use, and a daily podcast you can commute with.
