cloud detection

Guest:

• Arie Zilberstein, CEO and Co-Founder at Gem Security

Topics: 

• How does Cloud Detection and Response (CDR) differ from traditional, on-premises detection and response?

• What are the key challenges of cloud detection and response?

• Often we lift and shift our teams to Cloud, and not always for bad reasons, so  what’s your advice on how to teach the old dogs new tricks: “on-premise-trained” D&R teams and cloud D&R?

• What is this new CIRA thing that Gartner just cooked up?  Should CIRA exist as a separate market or technology or is this just a slice of CDR or even SIEM perhaps?

• What do you tell people who say that “SIEM is their CDR”?

• What are the key roles and responsibilities of the CDR team? How is the cloud D&R process related to DevOps and cloud-style IT processes?

 Resources:

• Video version of this episode

• Cloud breaches databases

• EP98 How to Cloud IR or Why Attackers Become Cloud Native Faster?

• EP103 Security Incident Response and Public Cloud - Exploring with Mandiant

• EP76 Powering Secure SaaS … But Not with CASB? Cloud Detection and Response?

• 9 Megatrends drive cloud adoption—and improve security for all

• “Emerging Tech: Security — Cloud Investigation and Response Automation (CIRA) Offers Transformation Opportunities” (Gartner access required)

• “Does the World Need Cloud Detection and Response (CDR)?” blog

Guest: 

• David Seidman, Head of Detection and Response @ Robinhood

Toipics:

• Tell us about joining Robinhood and prioritizing focus areas for detection in your environment?

• Tim and Anton argue a lot about what kind of detection is best - fully bespoke and homemade, or scalable off-the-shelf. First, does our framework here make sense, and second, looking at your suite of detection capabilities, how have you chosen to prioritize detection development and detection triage?

• You're operating in AWS: there are a lot of vendors doing detection in AWS, including AWS themselves. How have you thought about choosing your detection approaches and data sources?

• Finding people with as much cloud expertise as you can't be easy: how are you structuring your organization to succeed despite cloud detection and response talent being hard to find? What matters more: detection skills or cloud skills?

• What has been effective in ramping up your D&R team in the cloud?

• What are your favorite data sources for detection in the cloud?

Resources:

• “Detection as Code? No, Detection as COOKING!”

• “On Threat Detection Uncertainty”

• “Radical Candor” by Kim Scott

• “Daring Greatly” by Brene Brown

• “Extreme Ownership” by Jocko Willink

• “Drive” by Daniel Pink

Guest: 

• Jim Higgins, CISO at Snap,  former CISO at Square

Topics:

1. You were at Google for a long time, and at Google you sat between Google security and Cloud. Now that you're leading security for a major company, how are you prioritizing your focus between your on-premise resources and your cloud resources? 
2. How are you thinking about threat detection in the Cloud?
3. In detection, how has your technology changed? How has your process changed? What threats do you mostly focus on?
4. Why don’t we talk about the role of automation in detection and response (D&R)? How do you approach automation and eliminating toil?
5. As you're scaling teams, processes and technology for your cloud footprint, what has been easiest to get right and what's been hardest to get right?
6. How do you approach measuring security? What cloud metrics are you sharing upwards to your board?

Resources:

• BeyondCorp Enterprise
• “Ghost in the Wires: My Adventures as the World's Most Wanted Hacker” book

Guest:

• Ben Johnson, CTO/co-founder @ Obsidian Security

Topics:

• Why is there so much attention lately on SaaS security? Doesn’t this area date back to 2015 or so?
  
• What do you see as the primary challenges in securing SaaS?
  
• What does a SaaS threat model look like? What are the top threats you see?
  
• CASB has been the fastest growing security market and it has grown into a broad platform and many assume that “securing SaaS = using CASB”, what are they missing?
  
• Where would another technology to secure SaaS fit architecturally, inline with CASB or as another API-based system?
  
• Securing IaaS spanned a robust ecosystem of vendors (CWPP, CSPM, now CNAPP) and many of these have ambitions for securing SaaS, thus clashing with CASB. Where do you fit in this battle?
  
• For a while, you were talking more about CDR - what is it and do we really need a separate CDR technology?
  

Resources:

• Obsidian Security blog and Resource Center
  
• Does the World Need Cloud Detection and Response (CDR)? blog
  
• Does the world need Cloud Detection and Response (CDR) as a new market segment? poll
  
• MITRE ATT&CK for SaaS matrix
  
• CISA SCUBA resource
  
• “Essentialism” book.
  

Guests:

• Dave “Merk” Merkel, CEO @ Expel
• Peter Silberman,  CTO @ Expel

Topics:

• Many MDRs claim to be “security from the cloud”, but they actually don’t know much about cloud security. What does good looks like for MDR in the cloud (cloud being a full range from IaaS to SaaS)?
• What are the key challenges for clients picking an MDR for their cloud environments?  What are the questions to ask your potential MDR?
• Do clients want the same security outcomes done in the cloud vs on-premise?  
• Does it mean that MSSP/MDR capabilities must be different for good coverage of the cloud? 
• Is MDR technology different for Cloud detection and response as opposed to on-prem D&R? 
• How do you communicate with clients about the importance and value of cloud specific detection vs detection for endpoints running in the cloud? 
• What are the top threats against client cloud environments that you see, detect and protect from?
• Which clouds (IaaS?) are easiest for MDR to protect? What makes them easier to handle than the other Clouds?

Resources:

• Who Does What In Cloud Threat Detection?
• How to Think about Threat Detection in the Cloud
• Cattle vs Pets reminder
• Expel Blog - Incident report: Spotting an attacker in GCP 
• Expel Great eXpeltations 2022: Cybersecurity trends and predictions
• Expel Quarterly Threat Report: Q1 2022