EP177 Cloud Incident Confessions: Top 5 Mistakes Leading to Breaches from Mandiant
06/17/24 • 30 min
Guests:
- Omar ElAhdan, Principal Consultant, Mandiant, Google Cloud
- Will Silverstone, Senior Consultant, Mandiant, Google Cloud
Topics:
- Most organizations you see use both cloud and on-premise environments. What are the most common challenges organizations face in securing their hybrid cloud environments?
- You do IR so in your experience, what are top 5 mistakes organizations make that lead to cloud incidents?
- How and why do organizations get the attack surface wrong? Are there pillars of attack surface?
- We talk a lot about how IAM matters in the cloud. Is that true that AD is what gets you in many cases even for other clouds?
- What is your best cloud incident preparedness advice for organizations that are new to cloud and still use on-prem as well?
Resources:
- Next 2024 LIVE Video of this episode / LinkedIn version (sorry for the audio quality!)
- “Lessons Learned from Cloud Compromise” podcast at The Defender’s Advantage
- “Cloud compromises: Lessons learned from Mandiant investigations” in 2023 from Next 2024
- EP174 How to Measure and Improve Your Cloud Incident Response Readiness: A New Framework
- EP103 Security Incident Response and Public Cloud - Exploring with Mandiant
- EP162 IAM in the Cloud: What it Means to Do It 'Right' with Kat Traxler
Guests:
- Omar ElAhdan, Principal Consultant, Mandiant, Google Cloud
- Will Silverstone, Senior Consultant, Mandiant, Google Cloud
Topics:
- Most organizations you see use both cloud and on-premise environments. What are the most common challenges organizations face in securing their hybrid cloud environments?
- You do IR so in your experience, what are top 5 mistakes organizations make that lead to cloud incidents?
- How and why do organizations get the attack surface wrong? Are there pillars of attack surface?
- We talk a lot about how IAM matters in the cloud. Is that true that AD is what gets you in many cases even for other clouds?
- What is your best cloud incident preparedness advice for organizations that are new to cloud and still use on-prem as well?
Resources:
- Next 2024 LIVE Video of this episode / LinkedIn version (sorry for the audio quality!)
- “Lessons Learned from Cloud Compromise” podcast at The Defender’s Advantage
- “Cloud compromises: Lessons learned from Mandiant investigations” in 2023 from Next 2024
- EP174 How to Measure and Improve Your Cloud Incident Response Readiness: A New Framework
- EP103 Security Incident Response and Public Cloud - Exploring with Mandiant
- EP162 IAM in the Cloud: What it Means to Do It 'Right' with Kat Traxler
Previous Episode
EP176 Google on Google Cloud: How Google Secures Its Own Cloud Use
Guest:
- Seth Vargo, Principal Software Engineer responsible for Google's use of the public cloud, Google
Topics:
- Google uses the public cloud, no way, right? Which one? Oh, yeah, I guess this is obvious: GCP, right?
- Where are we like other clients of GCP? Where are we not like other cloud users?
- Do we have any unique cloud security technology that we use that others may benefit from?
- How does our cloud usage inform our cloud security products?
- So is our cloud use profile similar to cloud natives or traditional companies?
- What are some of the most interesting cloud security practices and controls that we use that are usable by others?
- How do we make them work at scale?
Resources:
- EP12 Threat Models and Cloud Security (previous episode with Seth)
- EP66 Is This Binary Legit? How Google Uses Binary Authorization and Code Provenance
- EP75 How We Scale Detection and Response at Google: Automation, Metrics, Toil
- EP158 Ghostbusters for the Cloud: Who You Gonna Call for Cloud Forensics
- IAM Deny
- Seth Vargo blog
- “Attention Is All You Need” paper (yes, that one)
Next Episode
EP178 Meet Brandon Wood: The Human Side of Threat Intelligence: From Bad IP to Trafficking Busts
Guest:
- Brandon Wood, Product Manager for Google Threat Intelligence
Topics:
- Threat intelligence is one of those terms that means different things to everyone–can you tell us what this term has meant in the different contexts of your career? What do you tell people who assume that “TI = lists of bad IPs”?
- We heard while prepping for this show that you were involved in breaking up a human trafficking ring: tell us about that!
- In Anton’s experience, a lot of cyber TI is stuck in “1. Get more TI 2. ??? 3. Profit!” How do you move past that?
- One aspect of threat intelligence that’s always struck me as goofy is the idea that we can “monitor the dark web” and provide something useful. Can you change my mind on this one?
- You told us your story of getting into sales, you recently did a successful rotation into the role of Product Manager,, can you tell us about what motivated you to do this and what the experience was like?
- Are there other parts of your background that inform the work you’re doing and how you see yourself at Google?
- How does that impact our go to market for threat intelligence, and what’re we up to when it comes to keeping the Internet and broader world safe?
Resources:
- Video
- EP175 Meet Crystal Lister: From Public Sector to Google Cloud Security and Threat Horizons
- EP128 Building Enterprise Threat Intelligence: The Who, What, Where, and Why
- EP112 Threat Horizons - How Google Does Threat Intelligence
- Introducing Google Threat Intelligence: Actionable threat intelligence at Google scale
- A Requirements-Driven Approach to Cyber Threat Intelligence
If you like this episode you’ll love
Episode Comments
Generate a badge
Get a badge for your website that links back to this episode
Select type & size
<a href="https://goodpods.com/podcasts/cloud-security-podcast-by-google-346699/ep177-cloud-incident-confessions-top-5-mistakes-leading-to-breaches-fr-54702196"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to ep177 cloud incident confessions: top 5 mistakes leading to breaches from mandiant on goodpods" style="width: 225px" /> </a>
Copy