Enhancing Security with Cloud Flow Logs.

<p dir="ltr">Organizations, including the U.S. military, are increasingly adopting cloud deployments for their flexibility and cost savings in deployment. One aspect of such deployments is the shared security model promulgated by NSA, which describes many of the security services that cloud service providers (CSPs) support and provides for cooperation on security issues. This model also leaves security responsibilities on the organizations contracting for service. These responsibilities include ensuring the hosted application is accomplishing its intended purpose for the authorized set of users. Cloud flow logs, as identified by network defenders, are a valuable source of data to support this security responsibility. If expected events (indicated by transfer of data to and from the cloud) happen, these logs help identify which external endpoints receive service, the extent of the service, and whether there are users who overuse cloud resources. The SEI has a long history of support for flow log analysis, including its early 2025 releases (for Azure or AWS) of open-source scripts to facilitate cloud flow log analysis. This blog summarizes these efforts and explores challenges associated with correlating events across multiple CSPs.</p>