BBC Radio 5 live’s award winning gaming podcast, discussing the world of video games and games culture.
…
continue reading
Player FM - Internet Radio Done Right
48 subscribers
Checked 3d ago
dört yıl önce eklendi
İçerik Anton Chuvakin tarafından sağlanmıştır. Bölümler, grafikler ve podcast açıklamaları dahil tüm podcast içeriği doğrudan Anton Chuvakin veya podcast platform ortağı tarafından yüklenir ve sağlanır. Birinin telif hakkıyla korunan çalışmanızı izniniz olmadan kullandığını düşünüyorsanız burada https://tr.player.fm/legal özetlenen süreci takip edebilirsiniz.
Cloud Security Podcast by Google benzeri
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
How does artificial intelligence change when people — not profit — truly come first? Join IRL’s host Bridget Todd, as she meets people around the world building responsible alternatives to the tech that’s changing how we work, communicate, and even listen to music.
…
continue reading
What is the internet doing to us? The Times tech columnist Kevin Roose discovers what happens when our lives move online. Unlock full access to New York Times podcasts and explore everything from politics to pop culture. Subscribe today at nytimes.com/podcasts or on Apple Podcasts and Spotify.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
S
Security Weekly Podcast Network (Audio)
1
Security Weekly Podcast Network (Audio)
Security Weekly Productions
2k
3k
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
The power of Data is undeniable. And unharnessed - it’s nothing but chaos. Making data your ally. Using it to lead with confidence and clarity. Host Jess Carter is solving problems in real-time to reveal what’s possible. Helping communities and people thrive. This is Data Driven Leadership, a show brought to you by Resultant.
…
continue reading
R
Redefining AI - Artificial Intelligence with Squirro
1
Redefining AI - Artificial Intelligence with Squirro
Squirro
12k115
Redefining AI is the 2024 New York Digital Award winning tech podcast! Discover a whole new take on Artificial Intelligence in joining host Lauren Hawker Zafer, a top voice in Artificial Intelligence on LinkedIn, for insightful chats that unravel the fascinating world of tech innovation, use case exploration and AI knowledge. Dive into candid discussions with accomplished industry experts and established academics. With each episode, you'll expand your grasp of cutting-edge technologies and ...
…
continue reading
Player FM - Podcast Uygulaması
Player FM uygulamasıyla çevrimdışı Player FM !
Player FM uygulamasıyla çevrimdışı Player FM !
))
Daily Deals
Dinlemeye Değer Podcast'ler
SPONSOR
S
State Secrets: Inside The Making Of The Electric State
1 The Secret To Getting Inspired: Millie Bobby Brown & Chris Pratt Go Behind The Scenes 21:04
21:04 
Daha Sonra Çal 
Daha Sonra Çal 
Listeler 
Beğen 
Beğenildi21:04
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
BeğenildiStep into the mysterious and visually stunning world of The Electric State as host Francesca Amiker takes you behind the scenes with the creative masterminds who brought Simon Stålenhag’s dystopian vision to life. In this premiere episode, directors Joe and Anthony Russo, stars Millie Bobby Brown and Chris Pratt, writers Christopher Markus and Stephen McFeely, and producers Angela Russo-Otstot and Chris Castaldi reveal how they transformed a haunting graphic novel into an epic cinematic experience. Watch The Electric State coming to Netflix on March 14th. Check out more from Netflix Podcasts . State Secrets: Inside the Making of The Electric State is produced by Netflix and Treefort Media.…
EP194 Deep Dive into ADR - Application Detection and Response
Manage episode 445146319 series 2892548
İçerik Anton Chuvakin tarafından sağlanmıştır. Bölümler, grafikler ve podcast açıklamaları dahil tüm podcast içeriği doğrudan Anton Chuvakin veya podcast platform ortağı tarafından yüklenir ve sağlanır. Birinin telif hakkıyla korunan çalışmanızı izniniz olmadan kullandığını düşünüyorsanız burada https://tr.player.fm/legal özetlenen süreci takip edebilirsiniz.
Guest:
Daniel Shechter, Co-Founder and CEO at Miggo Security
Topics:
- Why do we need Application Detection and Response (ADR)? BTW, how do you define it?
- Isn’t ADR a subset of CDR (for cloud)? What is the key difference that sets ADR apart from traditional EDR and CDR tools?
- Why can’t I just send my application data - or eBPF traces - to my SIEM and achieve the goals of ADR that way?
- We had RASP and it failed due to instrumentation complexities. How does an ADR solution address these challenges and make it easier for security teams to adopt and implement?
- What are the key inputs into an ADR tool?
- Can you explain how your ADR correlates cloud, container, and application contexts to provide a better view of threats? Could you share real-world examples of types of badness solved for users?
- How would ADR work with other application security technologies like DAST/SAST, WAF and ASPM?
- What are your thoughts on the evolution of ADR?
Resources:
- EP157 Decoding CDR & CIRA: What Happens When SecOps Meets Cloud
- EP143 Cloud Security Remediation: The Biggest Headache?
- Miggo research re: vulnerability ALBeast
- “WhatDR or What Detection Domain Needs Its Own Tools?” blog
- “Making Sense of the Application Security Product Market” blog
- “Effective Vulnerability Management: Managing Risk in the Vulnerable Digital Ecosystem“ book
220 bölüm
PaylaşManage episode 445146319 series 2892548
İçerik Anton Chuvakin tarafından sağlanmıştır. Bölümler, grafikler ve podcast açıklamaları dahil tüm podcast içeriği doğrudan Anton Chuvakin veya podcast platform ortağı tarafından yüklenir ve sağlanır. Birinin telif hakkıyla korunan çalışmanızı izniniz olmadan kullandığını düşünüyorsanız burada https://tr.player.fm/legal özetlenen süreci takip edebilirsiniz.
Guest:
Daniel Shechter, Co-Founder and CEO at Miggo Security
Topics:
- Why do we need Application Detection and Response (ADR)? BTW, how do you define it?
- Isn’t ADR a subset of CDR (for cloud)? What is the key difference that sets ADR apart from traditional EDR and CDR tools?
- Why can’t I just send my application data - or eBPF traces - to my SIEM and achieve the goals of ADR that way?
- We had RASP and it failed due to instrumentation complexities. How does an ADR solution address these challenges and make it easier for security teams to adopt and implement?
- What are the key inputs into an ADR tool?
- Can you explain how your ADR correlates cloud, container, and application contexts to provide a better view of threats? Could you share real-world examples of types of badness solved for users?
- How would ADR work with other application security technologies like DAST/SAST, WAF and ASPM?
- What are your thoughts on the evolution of ADR?
Resources:
- EP157 Decoding CDR & CIRA: What Happens When SecOps Meets Cloud
- EP143 Cloud Security Remediation: The Biggest Headache?
- Miggo research re: vulnerability ALBeast
- “WhatDR or What Detection Domain Needs Its Own Tools?” blog
- “Making Sense of the Application Security Product Market” blog
- “Effective Vulnerability Management: Managing Risk in the Vulnerable Digital Ecosystem“ book
220 bölüm
Tüm bölümler
×
C
Cloud Security Podcast by Google
1 EP219 Beyond the Buzzwords: Decoding Cyber Risk and Threat Actors in Asia Pacific 31:46
31:46 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi31:46
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Steve Ledzian , APAC CTO, Mandiant at Google Cloud Topics: We've seen a shift in how boards engage with cybersecurity. From your perspective, what's the most significant misconception boards still hold about cyber risk, particularly in the Asia Pacific region, and how has that impacted their decision-making? Cybersecurity is rife with jargon. If you could eliminate or redefine one overused term, which would it be and why? How does this overloaded language specifically hinder effective communication and action in the region? The Mandiant Attack Lifecycle is a well-known model. How has your experience in the East Asia region challenged or refined this model? Are there unique attack patterns or actor behaviors that necessitate adjustments? Two years post-acquisition, what's been the most surprising or unexpected benefit of the Google-Mandiant combination? M-Trends data provides valuable insights, particularly regarding dwell time. Considering the Asia Pacific region, what are the most significant factors reducing dwell time, and how do these trends differ from global averages? Given your expertise in Asia Pacific, can you share an observation about a threat actor's behavior that is often overlooked in broader cybersecurity discussions? Looking ahead, what's the single biggest cybersecurity challenge you foresee for organizations in the Asia Pacific region over the next five years, and what proactive steps should they be taking now to prepare? Resources: EP177 Cloud Incident Confessions: Top 5 Mistakes Leading to Breaches from Mandiant EP156 Living Off the Land and Attacking Critical Infrastructure: Mandiant Incident Deep Dive EP191 Why Aren't More Defenders Winning? Defender’s Advantage and How to Gain it!…
C
Cloud Security Podcast by Google
1 EP218 IAM in the Cloud & AI Era: Navigating Evolution, Challenges, and the Rise of ITDR/ISPM 30:10
30:10 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi30:10
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Henrique Teixeira , Senior VP of Strategy, Saviynt, ex-Gartner analyst Topics: How have you seen IAM evolve over the years, especially with the shift to the cloud, and now AI? What are some of the biggest challenges and opportunities these two shifts present? ITDR (Identity Threat Detection and Response) and ISPM (Identity Security Posture Management) are emerging areas in IAM. How do you see these fitting into the overall IAM landscape? Are they truly distinct categories or just extensions of existing IAM practices? Shouldn’t ITDR just be part of your Cloud DR or maybe even your SecOps tool of choice? It seems goofy to try to stand ITDR on its own when the impact of an identity compromise is entirely a function of what that identity can access or do, no? Regarding workload vs. human identity, could you elaborate on the unique security considerations for each? How does the rise of machine identities and APIs impact IAM approaches? We had a whole episode around machine identity that involved turtles–what have you seen in the machine identity space and how have you seen users mess it up? The cybersecurity world is full of acronyms. Any tips on how to create a memorable and impactful acronym? Resources: EP166 Workload Identity, Zero Trust and SPIFFE (Also Turtles!) EP182 ITDR: The Missing Piece in Your Security Puzzle or Yet Another Tool to Buy? EP127 Is IAM Really Fun and How to Stay Ahead of the Curve in Cloud IAM? EP94 Meet Cloud Security Acronyms with Anna Belak EP162 IAM in the Cloud: What it Means to Do It 'Right' with Kat Traxler EP199 Your Cloud IAM Top Pet Peeves (and How to Fix Them) EP188 Beyond the Buzzwords: Identity's True Role in Cloud and SaaS Security “Playing to Win: How Strategy Really Works” book “Open” book…
C
Cloud Security Podcast by Google
1 EP217 Red Teaming AI: Uncovering Surprises, Facing New Threats, and the Same Old Mistakes? 23:11
23:11 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi23:11
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Alex Polyakov , CEO at Adversa AI Topics: Adversa AI is known for its focus on AI red teaming and adversarial attacks. Can you share a particularly memorable red teaming exercise that exposed a surprising vulnerability in an AI system? What was the key takeaway for your team and the client? Beyond traditional adversarial attacks, what emerging threats in the AI security landscape are you most concerned about right now? What trips most clients, classic security mistakes in AI systems or AI-specific mistakes? Are there truly new mistakes in AI systems or are they old mistakes in new clothing? I know it is not your job to fix it, but much of this is unfixable, right? Is it a good idea to use AI to secure AI? Resources: EP84 How to Secure Artificial Intelligence (AI): Threats, Approaches, Lessons So Far AI Red Teaming Reasoning LLM US vs China: Jailbreak Deepseek, Qwen, O1, O3, Claude, Kimi Adversa AI blog Oops! 5 serious gen AI security mistakes to avoid Generative AI Fast Followership: Avoid These First Adopter Security Missteps…
C
Cloud Security Podcast by Google
1 EP216 Ephemeral Clouds, Lasting Security: CIRA, CDR, and the Future of Cloud Investigations 31:43
31:43 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi31:43
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: James Campbell , CEO, Cado Security Chris Doman , CTO, Cado Security Topics: Cloud Detection and Response (CDR) vs Cloud Investigation and Response Automation( CIRA ) ... what’s the story here? There is an “R” in CDR, right? Can’t my (modern) SIEM/SOAR do that? What about this becoming a part of modern SIEM/SOAR in the future? What gets better when you deploy a CIRA (a) and your CIRA in particular (b)? Ephemerality and security, what are the fun overlaps? Does “E” help “S” or hurts it? What about compliance? Ephemeral compliance sounds iffy… Cloud investigations, what is special about them? How does CSPM intersect with this? Is CIRA part of CNAPP? A secret question, need to listen for it! Resources: EP157 Decoding CDR & CIRA: What Happens When SecOps Meets Cloud EP67 Cyber Defense Matrix and Does Cloud Security Have to DIE to Win? EP158 Ghostbusters for the Cloud: Who You Gonna Call for Cloud Forensics Cloud security incidents (Rami McCarthy) Cado resources…
C
Cloud Security Podcast by Google
1 EP215 Threat Modeling at Google: From Basics to AI-powered Magic 26:03
26:03 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi26:03
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Meador Inge , Security Engineer, Google Cloud Topics: Can you walk us through Google's typical threat modeling process? What are the key steps involved? Threat modeling can be applied to various areas. Where does Google utilize it the most? How do we apply this to huge and complex systems? How does Google keep its threat models updated? What triggers a reassessment? How does Google operationalize threat modeling information to prioritize security work and resource allocation? How does it influence your security posture? What are the biggest challenges Google faces in scaling and improving its threat modeling practices? Any stories where we got this wrong? How can LLMs like Gemini improve Google's threat modeling activities? Can you share examples of basic and more sophisticated techniques? What advice would you give to organizations just starting with threat modeling? Resources: EP12 Threat Models and Cloud Security EP150 Taming the AI Beast: Threat Modeling for Modern AI Systems with Gary McGraw EP200 Zero Touch Prod, Security Rings, and Foundational Services: How Google Does Workload Security EP140 System Hardening at Google Scale: New Challenges, New Solutions Threat Modeling manifesto EP176 Google on Google Cloud: How Google Secures Its Own Cloud Use Awesome Threat Modeling Adam Shostack “Threat Modeling: Designing for Security” book Ross Anderson “Security Engineering” book ”How to Solve It” book…
C
Cloud Security Podcast by Google
1 EP214 Reconciling the Impossible: Engineering Cloud Systems for Diverging Regulations 29:22
29:22 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi29:22
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Archana Ramamoorthy , Senior Director of Product Management, Google Cloud Topics: You are responsible for building systems that need to comply with laws that are often mutually contradictory. It seems technically impossible to do, how do you do this? Google is not alone in being a global company with local customers and local requirements. How are we building systems that provide local compliance with global consistency in their use for customers who are similar in scale to us? Originally, Google had global systems synchronized around the entire planet–planet scale supercompute–with atomic clocks. How did we get to regionalized approach from there? Engineering takes a long time. How do we bring enough agility to product definition and engineering design to give our users robust foundations in our systems that also let us keep up with changing and diverging regulatory goals? What are some of the biggest challenges you face working in the trusted cloud space? Is there something you would like to share about being a woman leader in technology? How did you overcome the related challenges? Resources: Video “Compliance Without Compromise” by Jeanette Manfra (2020, still very relevant!) “Good to Great” book “Appreciative Leadership” book…
C
Cloud Security Podcast by Google
1 EP213 From Promise to Practice: LLMs for Anomaly Detection and Real-World Cloud Security 28:01
28:01 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi28:01
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Yigael Berger , Head of AI, Sweet Security Topic: Where do you see a gap between the “promise” of LLMs for security and how they are actually used in the field to solve customer pains? I know you use LLMs for anomaly detection. Explain how that “trick” works? What is it good for? How effective do you think it will be? Can you compare this to other anomaly detection methods? Also, won’t this be costly - how do you manage to keep inference costs under control at scale? SOC teams often grapple with the tradeoff between “seeing everything” so that they never miss any attack, and handling too much noise. What are you seeing emerge in cloud D&R to address this challenge? We hear from folks who developed an automated approach to handle a reviews queue previously handled by people. Inevitably even if precision and recall can be shown to be superior, executive or customer backlash comes hard with a false negative (or a flood of false positives). Have you seen this phenomenon, and if so, what have you learned about handling it? What are other barriers that need to be overcome so that LLMs can push the envelope further for improving security? So from your perspective, LLMs are going to tip the scale in whose favor - cybercriminals or defenders? Resource: EP157 Decoding CDR & CIRA: What Happens When SecOps Meets Cloud EP194 Deep Dive into ADR - Application Detection and Response EP135 AI and Security: The Good, the Bad, and the Magical Andrej Karpathy series on how LLMs work Sweet Security blog…
C
Cloud Security Podcast by Google
1 EP212 Securing the Cloud at Scale: Modern Bank CISO on Metrics, Challenges, and SecOps 33:16
33:16 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi33:16
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Dave Hannigan , CISO at Nu Bank Topics: Tell us about the challenges you're facing as CISO at NuBank and how are they different from your past life at Spotify? You're a big cloud based operation - what are the key challenges you're tracking in your cloud environments? What lessons do you wish you knew back in your previous CISO run [at Spotify]? What metrics do your team report for you to understand the security posture of your cloud environments? How do you know “your” cloud use is as secure as you want it to be? You're a former Googler, and I'm sure that's not why, so why did you choose to go with Google SecOps for your organization? Resources: “Moving shields into position: How you can organize security to boost digital transformation” blog and the paper . “For a successful cloud transformation, change your culture first” blog “Is your digital transformation secure? How to tell if your team is on the right path” ’ blog EP201 Every CTO Should Be a CSTO (Or Else!) - Transformation Lessons from The Hoff EP104 CISO Walks Into the Cloud: And The Magic Starts to Happen! EP141 Cloud Security Coast to Coast: From 2015 to 2023, What's Changed and What's the Same? EP209 vCISO in the Cloud: Navigating the New Security Landscape (and Don’t Forget Resilience!) “Thinking Fast and Slow” book “Turn the Ship Around” book…
C
Cloud Security Podcast by Google
1 EP211 Decoding the Underground: Google's Dual-Lens Threat Intelligence Magic 26:02
26:02 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi26:02
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Kimberly Goody , Head of Intel Analysis and Production, Google Cloud Topics: Google's Threat Intelligence Group (GTIG) has a unique position, accessing both underground forum data and incident response information. How does this dual perspective enhance your ability to identify and attribute cybercriminal campaigns? Attributing cyberattacks with high confidence is important. Can you walk us through the process GTIG uses to connect an incident to specific threat actors, given the complexities of the threat landscape and the challenges of linking tools and actors? There is a difficulty of correlating publicly known tool names with the aliases used by threat actors in underground forums. How does GTIG overcome this challenge to track the evolution and usage of malware and other tools? Can you give a specific example of how this "decoding" process works? How does GTIG collaborate with other teams within Google, such as incident response or product security, to share threat intelligence and improve Google's overall security posture? How does this work make Google more secure? What does Google (and specifically GTIG) do differently than other organizations focused on collecting and analyzing threat-intelligence? Is there AI involved? Resources: “Cybercrime: A Multifaceted National Security Threat” report EP112 Threat Horizons - How Google Does Threat Intelligence EP175 Meet Crystal Lister: From Public Sector to Google Cloud Security and Threat Horizons EP178 Meet Brandon Wood: The Human Side of Threat Intelligence: From Bad IP to Trafficking Busts “Wild Swans: Three Daughters of China” book How Google Does It: Making threat detection high-quality, scalable, and modern How Google Does It: Finding, tracking, and fixing vulnerabilities “From Credit Cards to Crypto: The Evolution of Cybercrime” video…
C
Cloud Security Podcast by Google
1 EP210 Cloud Security Surprises: Real Stories, Real Lessons, Real "Oh No!" Moments 26:58
26:58 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi26:58
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Or Brokman , Strategic Google Cloud Engineer, Security and Compliance, Google Cloud Topics: Can you tell us about one particular cloud consulting engagement that really sticks out in your memory? Maybe a time when you lifted the hood, so to speak, and were absolutely floored by what you found – good or bad! In your experience, what's that one thing – that common mistake – that just keeps popping up? That thing that makes you say 'Oh no, not this again!' 'Tools over process' mistake is one of the 'oldies.' What do you still think drives people to it, and how to fix it? If you could give just one piece of cloud security advice to every company out there, regardless of their size or industry, what would it be? Resources: Video ( YouTube ) “Threat Modeling: Designing for Security” by Adam Shostack EP16 Modern Data Security Approaches: Is Cloud More Secure? EP142 Cloud Security Podcast Ask Me Anything #AMA 2023 “For a successful cloud transformation, change your culture first” (OOT vs TOO blog) https://www.linkedin.com/in/stephrwong/ New Paper: “Autonomic Security Operations — 10X Transformation of the Security Operations Center” (2021)…
C
Cloud Security Podcast by Google
1 EP209 vCISO in the Cloud: Navigating the New Security Landscape (and Don’t Forget Resilience!) 29:06
29:06 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi29:06
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuests: Beth Cartier , former CISO, vCISO, founder of Initiative Security Guest host of the CISO mini-series: Marina Kaganovich , Executive Trust Lead, Office of the CISO @ Google Cloud Topics: How is that vCISO’ing going? What is special about vCISO and cloud? Is it easier or harder? AI, cyber, resilience - all are hot topics these days. In the context of cloud security, how are you seeing organizations realistically address these trends? Are they being managed effectively (finally?) or is security always playing catch up? Recent events reminded us that cybersecurity may sometimes interfere with resilience. How have you looked to build resilience into your security program? The topic is perhaps 30+ years old, but security needs to have a seat at the table, and often still doesn’t - why do you think this is the case? What approaches or tips have you found to work well in elevating security within organizations? Any tips for how cyber professionals can stay up to date to keep up with the current threat landscape vs the threats that are around the corner? Resources: EP208 The Modern CISO: Balancing Risk, Innovation, and Business Strategy (And Where is Cloud?) EP189 How Google Does Security Programs at Scale: CISO Insights EP129 How CISO Cloud Dreams and Realities Collide EP104 CISO Walks Into the Cloud: And The Magic Starts to Happen! EP93 CISO Walks Into the Cloud: Frustrations, Successes, Lessons ... And Is My Data Secure?…
C
Cloud Security Podcast by Google
1 EP208 The Modern CISO: Balancing Risk, Innovation, and Business Strategy (And Where is Cloud?) 31:19
31:19 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi31:19
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest host: Marina Kaganovich , Executive Trust Lead, Office of the CISO @ Google Cloud Guest: John Rogers , CISO @ MSCI Topics: Can you briefly walk us through your CISO career path? What are some of the key (cloud or otherwise) trends that CISOs should be keeping an eye on? What is the time frame for them? What are the biggest cloud security challenges CISOs are facing today, and how are those evolving? Given the rapid change of pace in emerging tech, such as what we’ve seen in the last year or so with gen AI, how do you balance the need to address short-term or imminent issues vs those that are long-term or emergent risks? What advice do you have for how CISOs can communicate the importance of anticipating threats to their boards and executives? So, how to be a forward looking and strategic yet not veer into dreaming, paranoia and imaginary risks? How to be futuristic yet realistic? The CISO role as an official title is a relatively new one, what steps have you taken to build credibility and position yourself for having a seat at the table? Resources: ATT&CK Framework EP189 How Google Does Security Programs at Scale: CISO Insights EP129 How CISO Cloud Dreams and Realities Collide EP104 CISO Walks Into the Cloud: And The Magic Starts to Happen! EP93 CISO Walks Into the Cloud: Frustrations, Successes, Lessons ... And Is My Data Secure?…
C
Cloud Security Podcast by Google
1 EP207 Slaying the Ransomware Dragon: Can a Startup Succeed? 32:55
32:55 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi32:55
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Bob Blakley , Co-founder and Chief Product Officer of Mimic Topics: Tell us about the ransomware problem - isn't this a bit of old news? Circa 2015, right? What makes ransomware a unique security problem? What's different about ransomware versus other kinds of malware? What do you make of the “RansomOps” take (aka “ransomware is not malware”)? Are there new ways to solve it? Is this really a problem that a startup is positioned to solve? Aren’t large infrastructure owners better positioned for this? In fact, why haven't existing solutions solved this? Is this really a symptom of a bigger problem? What is that problem? What made you personally want to get into this space, other than the potential upside of solving the problem? Resources: EP206 Paying the Price: Ransomware's Rising Stakes in the Cloud EP89 Can We Escape Ransomware by Migrating to the Cloud? EP45 VirusTotal Insights on Ransomware Business and Technology EP204 Beyond PCAST: Phil Venables on the Future of Resilience and Leading Indicators EP7 No One Expects the Malware Inquisition Anderson Report (July 1972) “The Innovator Dilemma” book “Odyssey” book (yes, really) Crowdstrike External Technical Root Cause Analysis — Channel File 291 (yes, that one)…
C
Cloud Security Podcast by Google
1 EP206 Paying the Price: Ransomware's Rising Stakes in the Cloud 33:01
33:01 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi33:01
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Allan Liska , CSIRT at Recorded Future, now part of Mastercard Topics: Ransomware has become a pervasive threat. Could you provide us with a brief overview of the current ransomware landscape? It's often said that ransomware is driven by pure profit. Can you remind us of the business model of ransomware gangs, including how they operate, their organizational structures, and their financial motivations? Ransomware gangs are becoming increasingly aggressive in their extortion tactics. Can you shed some light on these new tactics, such as data leaks, DDoS attacks, and threats to contact victims' customers or partners? What specific challenges and considerations arise when dealing with ransomware in cloud environments, and how can organizations adapt their security strategies to mitigate these risks? What are the key factors to consider when deciding whether or not to pay the ransom? What is the single most important piece of advice you would give to organizations looking to bolster their defenses against ransomware? Resources: Video ( LinkedIn , YouTube ) 2024 Data Breach Investigations Report EP89 Can We Escape Ransomware by Migrating to the Cloud? EP45 VirusTotal Insights on Ransomware Business and Technology EP29 Future of EDR: Is It Reason-able to Suggest XDR? EP204 Beyond PCAST: Phil Venables on the Future of Resilience and Leading Indicators…
C
Cloud Security Podcast by Google
1 EP205 Cybersecurity Forecast 2025: Beyond the Hype and into the Reality 28:19
28:19 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi28:19
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Andrew Kopcienski , Principal Intelligence Analyst, Google Threat Intelligence Group Questions: You have this new Cybersecurity Forecast 2025 report , what’s up with that? We are getting a bit annoyed about the fear-mongering on “oh, but attackers will use AI.” You are a threat analyst, realistically, how afraid are you of this? The report discusses the threat of compromised identities in hybrid environments (aka “no matter what you do, and where, you are hacked via AD”). What steps can organizations take to mitigate the risk of a single compromised identity leading to a significant security breach? Is this expected to continue? Is zero-day actually growing? The report seems to imply that, but aren’t “oh-days” getting more expensive every day? Many organizations still lag with detection, in your expertise, what approaches to detection actually work today? It is OK to say ”hire Managed Defense ”, BTW :-) We read the risk posed by the "Big Four" sections and they (to us) read like “hackers hack” and “APTs APT.” What is genuinely new and interesting here? Resources: Cybersecurity Forecast 2025 report Google Cloud Cybersecurity Forecast 2025 webinar EP147 Special: 2024 Security Forecast Report EP171 GenAI in the Wrong Hands: Unmasking the Threat of Malicious AI and Defending Against the Dark Side EP153 Kevin Mandia on Cloud Breaches: New Threat Actors, Old Mistakes, and Lessons for All Staying a Step Ahead: Mitigating the DPRK IT Worker Threat…
C
Cloud Security Podcast by Google
1 EP204 Beyond PCAST: Phil Venables on the Future of Resilience and Leading Indicators 30:32
30:32 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi30:32
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Phil Venables , Vice President, Chief Information Security Officer (CISO) @ Google Cloud Topics Why is our industry suddenly obsessed with resilience? Is this ransomware’s doing? How did the PCAST report come to be? Can you share the backstory and how it was created? The PCAST report emphasizes the importance of leading indicators for security and resilience. How can organizations effectively shift their focus from lagging indicators to these leading indicators? The report also emphasizes the importance of "Cyber-Physical Modularity" - this sounds mysterious to us, and probably our listeners! What is it and how does this concept contribute to enhancing the resilience of critical infrastructure? The report advocates for regular and rigorous stress testing. How can organizations effectively implement such stress testing to identify vulnerabilities and improve their resilience? In your opinion, what are the most critical takeaways from our PCAST-related paper for organizations looking to improve their security and resilience posture today? What are some of the challenges organizations might face when implementing the PCAST recommendations, and how can they overcome these challenges? Do organizations get resilience benefits “for free” by using Google Cloud? Resources: 10 ways to make cyber-physical systems more resilient “Cyber-Physical Resilience and the Cloud: Putting the White House PCAST report into practice” report Megatrends drive cloud adoption—and improve security for all EP163 Cloud Security Megatrends: Myths, Realities, Contentious Debates and Of Course AI Advising The President On Cyber-Physical Resilience - Philip Venables (at PSW) EP201 Every CTO Should Be a CSTO (Or Else!) - Transformation Lessons from The Hoff EP171 GenAI in the Wrong Hands: Unmasking the Threat of Malicious AI and Defending Against the Dark Side…
C
Cloud Security Podcast by Google
1 EP203 Cloud Shared Responsibility: Beyond the Blame Game with Rich Mogull 37:13
37:13 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi37:13
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Rich Mogull , SVP of Cloud Security at Firemon and CEO at Securosis Topics: Let’s talk about cloud security shared responsibility. How to separate the blame? Is there a good framework for apportioning blame? You've introduced the Cloud Shared Irresponsibilities Model , stating cloud providers will be considered partially responsible for breaches even if due to customer misconfigurations. How do you see this impacting the relationship between cloud providers and their customers? Will it lead to more collaboration or more friction? We both know the Jay Heiser 2015 classic “cloud is secure, but you not using it securely.” In your view, what does “use cloud securely” mean for various organizations today? Here is a very painful question: how to decide what cloud security should be free with cloud and what security can be paid? You dealt with cloud security for a long time, what is your #1 lesson so far on how to make the cloud more secure or use the cloud more securely? What is the best way to learn how to cloud? What is this CloudSLAW thing? Resources: EP201 Every CTO Should Be a CSTO (Or Else!) - Transformation Lessons from The Hoff The Cloud Shared Irresponsibilities Model 2002 Trustworthy computing memo Use Cloud Securely? What Does This Even Mean?! EP145 Cloud Security: Shared Responsibility, Shared Fate, Shared Faith? No Snow, No Flakes: Pondering Cloud Security Shared Responsibility, Again! Cloud Security Lab a Week (S.L.A.W) Megatrends drive cloud adoption—and improve security for all Shared fate main page Defining the Journey—the Four Cloud Adoption Patterns Celebrating 200 Episodes of Cloud Security Podcast by Google and Thanks for all the Listens!…
C
Cloud Security Podcast by Google
1 EP202 Beyond Tiered SOCs: Detection as Code and the Rise of Response Engineering 37:09
37:09 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi37:09
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Amine Besson , Tech Lead on Detection Engineering, Behemoth Cyberdefence Topics: What is your best advice on detection engineering to organizations who don’t want to engineer anything in security? What is the state of art when it comes to SOC ? Who is doing well? What on Earth is a fusion center? Why classic “tiered SOCs” fall flat when dealing with modern threats? Let’s focus on a correct definition of detection as code. Can you provide yours? Detection x response engineering - is there a thing called “response engineering”? Should there be? What are your lessons learned to fuse intel, detections, and hunting ops? What is this SIEMless yet SOARful detection architecture? What’s next with OpenTIDE 2.0 ? Resources: Guide your SOC Leaders to More Engineering Wisdom for Detection (Part 9) and other parts linked there Hack.lu 2023: TIDeMEC : A Detection Engineering Platform Homegrown At The EC video OpenTIDE · GitLab OpenTIDE 1.0 Release blog SpectreOps blog series ‘on detection’ Does your SOC have NOC DNA? presentation Kill SOC Toil, Do SOC Eng blog ( tame version ) The original ASO paper (2021, still epic!) Behind the Scenes with Red Canary's Detection Engineering Team The DFIR Report – Real Intrusions by Real Attackers, The Truth Behind the Intrusion Site Reliability Engineering (SRE) | Google Cloud…
C
Cloud Security Podcast by Google
1 EP201 Every CTO Should Be a CSTO (Or Else!) - Transformation Lessons from The Hoff 36:57
36:57 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi36:57
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Chris Hoff , Chief Secure Technology Officer at Last Pass Topics: I learned that you have a really cool title that feels very “now” - Chief Secure Technology Officer? What’s the story here? Weirdly, I now feel that every CTO better be a CSTO or quit their job :-) After, ahem, not-so-recent events you had a chance to rebuild a lot of your stack, and in the process improve security. Can you share how it went, and what security capabilities are now built in? How much of a culture change did that require? Was it purely a technological transformation or you had to change what people do and how they do it? Would you recommend this to others (not the “recent events experience”, but the rebuild approach)? What benefits come from doing this before an incident occurs? Are there any? How are you handling telemetry collection and observability for security in the new stack? I am curious how this was modernized Cloud is simple , yet also complex, I think you called it “simplex.” How does this concept work? Resources: Video ( LinkedIn , YouTube ) EP189 How Google Does Security Programs at Scale: CISO Insights EP104 CISO Walks Into the Cloud: And The Magic Starts to Happen! EP80 CISO Walks Into the Cloud: Frustrations, Successes, Lessons ... And Does the Risk Change? EP93 CISO Walks Into the Cloud: Frustrations, Successes, Lessons ... And Is My Data Secure?…
C
Cloud Security Podcast by Google
1 EP200 Zero Touch Prod, Security Rings, and Foundational Services: How Google Does Workload Security 27:38
27:38 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi27:38
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Michael Czapinski , Security & Reliability Enthusiast, Google Topics: “How Google protects its production services” paper covers how Google's infrastructure balances several crucial aspects, including security, reliability, development speed, and maintainability. How do you prioritize these competing demands in a real-world setting? What attack vectors do you consider most critical in the production environment, and how has Google’s defenses against these vectors improved over time? Can you elaborate on the concept of Foundational services and their significance in Google's security posture? How does your security approach adapt to this vast spectrum of sensitivity and purpose of our servers and services, actually? How do you implement this principle of zero touch prod for both human and service accounts within our complex infrastructure? Can you talk us through the broader approach you take through Workload Security Rings and how this helps? Resources: “How Google protects its production services” paper (deep!) SLSA framework EP189 How Google Does Security Programs at Scale: CISO Insights EP109 How Google Does Vulnerability Management: The Not So Secret Secrets! EP176 Google on Google Cloud: How Google Secures Its Own Cloud Use EP75 How We Scale Detection and Response at Google: Automation, Metrics, Toil SREcon presentation on zero touch prod. The SRS book (free access)…
C
Cloud Security Podcast by Google
1 EP199 Your Cloud IAM Top Pet Peeves (and How to Fix Them) 29:26
29:26 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi29:26
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuests: Michele Chubirka , Staff Cloud Security Advocate, Google Cloud Sita Lakshmi Sangameswaran , Senior Developer Relations Engineer, Google Cloud Topics: What is your reaction to “in the cloud you are one IAM mistake away from a breach”? Do you like it or do you hate it? Or do you "it depends" it? :-) Everyone's talking about how "identity is the new perimeter" in the cloud. Can you break that down in simple terms? A lot of people say “in the cloud, you must do IAM ‘right’”. What do you think that means? What is the first or the main idea that comes to your mind when you hear it? What’s this stuff about least-privilege and separation-of-duties being less relevant? Why do they matter in the cloud that changes rapidly? What are your IAM Top Pet Peeves? Resources: Video ( LinkedIn , YouTube ) EP127 Is IAM Really Fun and How to Stay Ahead of the Curve in Cloud IAM? EP162 IAM in the Cloud: What it Means to Do It 'Right' with Kat Traxler IAM: There and back again using resource hierarchies IAM so lost: A guide to identity in Google Cloud I Hate IAM: but I need it desperately EP33 Cloud Migrations: Security Perspectives from The Field EP176 Google on Google Cloud: How Google Secures Its Own Cloud Use EP177 Cloud Incident Confessions: Top 5 Mistakes Leading to Breaches from Mandiant EP188 Beyond the Buzzwords: Identity's True Role in Cloud and SaaS Security “Identity Crisis: The Biggest Prize in Security” paper “Learn to love IAM: The most important step in securing your cloud infrastructure“ Next presentation…
C
Cloud Security Podcast by Google
1 EP198 GenAI Security: Unseen Attack Surfaces & AI Pentesting Lessons 27:22
27:22 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi27:22
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuests: Ante Gojsalic , Co-Founder & CTO at SplxAI Topics: What are some of the unique challenges in securing GenAI applications compared to traditional apps? What current attack surfaces are most concerning for GenAI apps, and how do you see these evolving in the future? Do you have your very own list of top 5 GenAI threats? Everybody seem to! What are the most common security mistakes you see clients make with GenAI? Can you explain the main goals when trying to add automation to pentesting for next-gen GenAI apps? What are your AI testing lessons from clients so far? Resources: EP171 GenAI in the Wrong Hands: Unmasking the Threat of Malicious AI and Defending Against the Dark Side EP135 AI and Security: The Good, the Bad, and the Magical EP185 SAIF-powered Collaboration to Secure AI: CoSAI and Why It Matters to You SAIF.google Next SAIF presentation with top 5 AI security issues Our Security of AI Papers and Blogs Explained…
C
Cloud Security Podcast by Google
1 EP197 SIEM (Decoupled or Not), and Security Data Lakes: A Google SecOps Perspective 29:34
29:34 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi29:34
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Travis Lanham , Uber Tech Lead (UTL) for Security Operations Engineering, Google Cloud Topics: There’s been a ton of discussion in the wake of the three SIEM week about the future of SIEM-like products. We saw a lot of takes on how this augurs the future of disassembled or decoupled SIEMs . Can you explain what these disassembled SIEMs are all about? What are the expected upsides of detaching your SIEM interface and security capabilities from your data backend? Tell us about the early days of SecOps (nee Chronicle) and why we didn’t go with this approach? What are the upsides of a tightly coupled datastore + security experience for a SIEM? Are there more risks or negatives of the decoupled/decentralized approach? Complexity and the need to assemble “at home” are on the list, right? One of the 50 things Google knew to be true back in the day was that product innovation comes from technical innovation, what’s the technical innovation driving decoupled SIEMs? So what about those security data lakes? Any insights? Resources: EP139 What is Chronicle? Beyond XDR and into the Next Generation of Security Operations EP190 Unraveling the Security Data Fabric: Need, Benefits, and Futures EP184 One Week SIEM Migration: Fact or Fiction? Hacking Google video series Decoupled SIEM: Brilliant or …. Not :-) UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion So, Why Did I Join Chronicle Security? (2019)…
C
Cloud Security Podcast by Google
1 EP196 AI+TI: What Happens When Two Intelligences Meet? 28:08
28:08 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi28:08
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Vijay Ganti , Director of Product Management, Google Cloud Security Topics: What have been the biggest pain points for organizations trying to use threat intelligence (TI)? Why has it been so difficult to convert threat knowledge into effective security measures in the past? In the realm of AI, there's often hype (and people who assume “it’s all hype”). What's genuinely different about AI now, particularly in the context of threat intelligence? Can you explain the concept of "AI-driven operationalization" in Google TI? How does it work in practice? What's the balance between human expertise and AI in the TI process? Are there specific areas where you see the balance between human and AI involvement shifting in a few years? Google Threat Intelligence aims to be different. Why are we better from client PoV? Resources: Google Threat Intel website “Future of Brain” book by Gary Marcus et al Detection engineering blog (Part 9) and the series Detect engineering blogs by David French The pyramid of pain blog , the classic “Scaling Up Malware Analysis with Gemini 1.5 Flash” and “From Assistant to Analyst: The Power of Gemini 1.5 Pro for Malware Analysis” blogs on Gemini for security…
C
Cloud Security Podcast by Google
1 EP195 Containers vs. VMs: The Security Showdown! 41:16
41:16 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi41:16
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiCross-over hosts: Kaslin Fields , co-host at Kubernetes Podcast Abdel Sghiouar , co-host at Kubernetes Podcast Guest: Michele Chubirka , Cloud Security Advocate, Google Cloud Topics: How would you approach answering the question ”what is more secure, container or a virtual machine (VM)?” Could you elaborate on the real-world implications of this for security, and perhaps provide some examples of when one might be a more suitable choice than the other? While containers boast a smaller attack surface (what about the orchestrator though?), VMs present a full operating system. How should organizations weigh these factors against each other? The speed of patching and updates is a clear advantage of containers. How significant is this in the context of today's rapidly evolving threat landscape? Are there any strategies organizations can employ to mitigate the slower update cycles associated with VMs? Both containers and VMs can be susceptible to misconfigurations, but container orchestration systems introduce another layer of complexity. How can organizations address this complexity and minimize the risk of misconfigurations leading to security vulnerabilities? What about combining containers and VMs. Can you provide some concrete examples of how this might be implemented? What benefits can organizations expect from such an approach, and what challenges might they face? How do you envision the security landscape for containers and VMs evolving in the coming years? Are there any emerging trends or technologies that could significantly impact the way we approach security for these two technologies? Resources: Container Security, with Michele Chubrika (the same episode - with extras! - at our peer podcast, “Kubernetes Podcast from Google” ) EP105 Security Architect View: Cloud Migration Successes, Failures and Lessons EP54 Container Security: The Past or The Future? DORA 2024 report Container Security: It’s All About the Supply Chain - Michele Chubirka Software composition analysis (SCA) DevSecOps Decisioning Principles Kubernetes CIS Benchmark Cloud-Native Consumption Principles State of WebAssembly outside the Browser - Abdel Sghiouar Why Perfect Compliance Is the Enemy of Good Kubernetes Security - Michele Chubirka - KubeCon NA 2024…
C
Cloud Security Podcast by Google
1 EP194 Deep Dive into ADR - Application Detection and Response 30:55
30:55 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi30:55
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Daniel Shechter , Co-Founder and CEO at Miggo Security Topics: Why do we need Application Detection and Response (ADR)? BTW, how do you define it? Isn’t ADR a subset of CDR (for cloud)? What is the key difference that sets ADR apart from traditional EDR and CDR tools? Why can’t I just send my application data - or eBPF traces - to my SIEM and achieve the goals of ADR that way? We had RASP and it failed due to instrumentation complexities. How does an ADR solution address these challenges and make it easier for security teams to adopt and implement? What are the key inputs into an ADR tool? Can you explain how your ADR correlates cloud, container, and application contexts to provide a better view of threats? Could you share real-world examples of types of badness solved for users? How would ADR work with other application security technologies like DAST/SAST, WAF and ASPM? What are your thoughts on the evolution of ADR? Resources: EP157 Decoding CDR & CIRA: What Happens When SecOps Meets Cloud EP143 Cloud Security Remediation: The Biggest Headache? Miggo research re: vulnerability ALBeast “WhatDR or What Detection Domain Needs Its Own Tools?” blog “Making Sense of the Application Security Product Market” blog “Effective Vulnerability Management: Managing Risk in the Vulnerable Digital Ecosystem“ book…
C
Cloud Security Podcast by Google
1 EP193 Inherited a Cloud? Now What? How Do I Secure It? 30:41
30:41 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi30:41
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuests: Taylor Lehmann , Director at Office of the CISO, Google Cloud Luis Urena , Cloud Security Architect, Google Cloud Topics There is a common scenario where security teams are brought in after a cloud environment is already established . From your experience, how does this late involvement typically impact the organization's security posture and what are the immediate risks they face? Upon hearing this, many experts suggest that “burn the environment with fire” or “nuke it from orbit” are the only feasible approaches? What is your take on that suggestion? On the opposite side, what if business demands you don't touch anything but “make it secure” regardless? Could you walk us through some of the first critical steps you do after “inheriting a cloud” and why they are prioritized in this way? Why not just say “add MFA everywhere”? What may or will blow up? We also say “address overly permissive users and roles” and this sounds valuable, but also tricky. How do we go about it? What are the chances that the environment is in fact compromised already? When is Compromise Assessment the right call, it does cost money, right? How do you balance your team’s current priorities when you’ve just adopted an insecure cloud environment. How do you make tradeoffs among your existing stack and this new one? Resources: “Confetti cannons or fire extinguishers? Here’s how to secure cloud surprises” EP179 Teamwork Under Stress: Expedition Behavior in Cybersecurity Incident Response IAM Recommender “TM" book by Adam Shostack “Checklist Manifesto” book “Moving shields into position: How you can organize security to boost digital transformation” (with a new paper!)…
C
Cloud Security Podcast by Google
1 EP192 Confidential + AI: Can AI Keep a Secret? 33:04
33:04 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi33:04
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Nelly Porter , Director of PM, Cloud Security at Google Cloud Topics: Share your story and how you ended here doing confidential AI at Google? What problem does confidential compute + AI solve and for what clients? What are some specific real-world applications or use cases where you see the combination of AI and confidential computing making the most significant impact? What about AI in confidential vs AI on prem? Should those people just do on-prem AI instead? Which parts of the AI lifecycle need to be run in Confidential AI: Training? Data curation? Operational workloads? What are the performance (and thus cost) implications of running AI workloads in a confidential computing environment? Are there new risks that arise out of confidential AI? Resources: Video EP48 Confidentially Speaking 2: Cloudful of Secrets EP1 Confidentially Speaking “To securely build AI on Google Cloud, follow these best practices“ blog ( paper )…
C
Cloud Security Podcast by Google
1 EP191 Why Aren't More Defenders Winning? Defender’s Advantage and How to Gain it! 23:36
23:36 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi23:36
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Dan Nutting , Manager - Cyber Defense, Google Cloud Topics: What is the Defender’s Advantage and why did Mandiant decide to put this out there? This is the second edition. What is different about DA-II? Why do so few defenders actually realize their Defender’s Advantage? The book talks about the importance of being "intelligence-led" in cyber defense. Can you elaborate on what this means and how organizations can practically implement this approach? Detection engineering is presented as a continuous cycle of adaptation. How can organizations ensure their detection capabilities remain effective and avoid fatigue in their SOC? Many organizations don’t seem to want to make detections at all, what do we tell them? What is this thing called “Mission Control”- it sounds really cool, can you explain it? Resources: Defender’s Advantage book The Defender's Advantage: Using Artificial Intelligence in Cyber Defense supplemental paper “Threat-informed Defense Is Hard, So We Are Still Not Doing It!” blog Mandiant blog…
C
Cloud Security Podcast by Google
1 EP190 Unraveling the Security Data Fabric: Need, Benefits, and Futures 30:00
30:00 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi30:00
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Josh Liburdi , Staff Security Engineer, Brex Topics: What is this “security data fabric”? Can you explain the technology? Is there a market for this? Is this same as security data pipelines? Why is this really needed? Won’t your SIEM vendor do it? Who should adopt it? Or, as Tim says, what gets better once you deploy it? Is reducing cost a big part of the security data fabric story? Does the data quality improve with the use of security data fabric tooling? For organizations considering a security data fabric solution, what key factors should they prioritize in their evaluation and selection process? What is the connection between this and federated security data search ? What is the likely future for this technology? Resources: BSidesSF 2024 - Reinventing ETL for Detection and Response Teams (Josh Liburdi) “How to Build Your Own Security Data Pipeline (and why you shouldn’t!)” blog “Decoupled SIEM: Brilliant or Stupid?” blog “Security Correlation Then and Now: A Sad Truth About SIEM” blog (my #1 popular post BTW) “Log Centralization: The End Is Nigh?” blog “20 Years of SIEM: Celebrating My Dubious Anniversary” blog “Navigating the data current: Exploring Cribl.Cloud analytics and customer insights” report OCSF…
C
Cloud Security Podcast by Google
1 EP189 How Google Does Security Programs at Scale: CISO Insights 30:23
30:23 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi30:23
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Royal Hansen , CISO, Alphabet Topics: What were you thinking before you took that “Google CISO” job? Google's infrastructure is vast and complex, yet also modern. How does this influence the design and implementation of your security programs compared to other organizations? Are there any specific challenges or advantages that arise from operating at such a massive scale? What has been most surprising about Google’s internal security culture that you wish you could export to the world at large? What have you learned about scaling teams in the Google context? How do you design effective metrics for your teams and programs? So, yes, AI. Every organization is trying to weigh the risks and benefits of generative AI–do you have advice for the world at large based on how we’ve done this here? Resources: EP75 How We Scale Detection and Response at Google: Automation, Metrics, Toil CISA Secure by Design EP20 Security Operations, Reliability, and Securing Google with Heather Adkins EP91 “Hacking Google”, Op Aurora and Insider Threat at Google “ Delivering Security at Scale: From Artisanal to Industrial ” SRE book: CHapter 5: Toil Elimination SRS book: Security as an Emergent Property What are Security Invariants? EP185 SAIF-powered Collaboration to Secure AI: CoSAI and Why It Matters to You “ Against the Gods - Remarkable Story of Risk” book…
C
Cloud Security Podcast by Google
1 EP188 Beyond the Buzzwords: Identity's True Role in Cloud and SaaS Security 29:28
29:28 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi29:28
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Dor Fledel , Founder and CEO of Spera Security, now Sr Director of Product Management at Okta Topics: We say “identity is the new perimeter,” but I think there’s a lof of nuance to it. Why and how does it matter specifically in cloud and SaaS security? How do you do IAM right in the cloud? Help us with the acronym soup - ITDR, CIEM also ISPM (ITSPM?), why are new products needed? What were the most important challenges you found users were struggling with when it comes to identity management? What advice do you have for organizations with considerable identity management debt? How should they start paying that down and get to a better place? Also: what is “identity management debt”? Can you answer this from both a technical and organizational change management perspective? It’s one thing to monitor how User identities, Service accounts and API keys are used, it’s another to monitor how they’re set up. When you were designing your startup, how did you pick which side of that coin to focus on first? What’s your advice for other founders thinking about the journey from zero to 1 and the journey from independent to acquisition? Resources: EP162 IAM in the Cloud: What it Means to Do It 'Right' with Kat Traxler EP127 Is IAM Really Fun and How to Stay Ahead of the Curve in Cloud IAM? EP166 Workload Identity, Zero Trust and SPIFFE (Also Turtles!) EP182 ITDR: The Missing Piece in Your Security Puzzle or Yet Another Tool to Buy? “Secrets of power negotiating“ book…
C
Cloud Security Podcast by Google
1 EP187 Conquering SOC Challenges: Leadership, Burnout, and the SIEM Evolution 29:41
29:41 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi29:41
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Nicole Beckwith , Sr. Security Engineering Manager, Threat Operations @ Kroger Topics: What are the most important qualities of a successful SOC leader today? What is your approach to building and maintaining a high-functioning SOC team? How do you approach burnout in a SOC team? What are some of the biggest challenges facing SOC teams today? Can you share some specific examples of how you have built and - probably more importantly! - maintained a high-functioning SOC team? What are your thoughts on the current state of SIEM technology? Still a core of SOC or not? What advice would you give to someone who inherited a SOC? What should his/her 7/30/90 day plan include? Resources: EP180 SOC Crossroads: Optimization vs Transformation - Two Paths for Security Operations Center EP181 Detection Engineering Deep Dive: From Career Paths to Scaling SOC Teams EP58 SOC is Not Dead: How to Grow and Develop Your SOC for Cloud and Beyond EP64 Security Operations Center: The People Side and How to Do it Right EP73 Your SOC Is Dead? Evolve to Output-driven Detect and Respond! EP26 SOC in a Large, Complex and Evolving Organization “The first 90 days” book…
C
Cloud Security Podcast by Google
1 EP186 Cloud Security Tools: Trust the Cloud Provider or Go Third-Party? An Epic Debate, Anton vs Tim 27:18
27:18 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi27:18
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuests: A debate between Tim and Anton, no guests Debate positions: You must buy the majority of cloud security tools from a cloud provider, here is why. You must buy the majority of cloud security tools from a 3rd party security vendor, here is why. Resources: EP74 Who Will Solve Cloud Security: A View from Google Investment Side EP22 Securing Multi-Cloud from a CISO Perspective, Part 3 EP176 Google on Google Cloud: How Google Secures Its Own Cloud Use “The cloud trust paradox: To trust cloud computing more, you need the ability to trust it less” blog “Snowcrash” book VMTD…
C
Cloud Security Podcast by Google
1 EP185 SAIF-powered Collaboration to Secure AI: CoSAI and Why It Matters to You 24:27
24:27 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi24:27
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: David LaBianca , Senior Engineering Director, Google Topics: The universe of AI risks is broad and deep. We’ve made a lot of headway with our SAIF framework: can you give us a) a 90 second tour of SAIF and b) share how it’s gotten so much traction and c) talk about where we go next with it? The Coalition for Secure AI (CoSAI) is a collaborative effort to address AI security challenges. What are Google's specific goals and expectations for CoSAI, and how will its success be measured in the long term? Something we love about CoSAI is that we involved some unexpected folks, notably Microsoft and OpenAI. How did that come about? How do we plan to work with existing organizations, such as Frontier Model Forum (FMF) and Open Source Security Foundation (OpenSSF) ? Does this also complement emerging AI security standards? AI is moving quickly. How do we intend to keep up with the pace of change when it comes to emerging threat techniques and actors in the landscape? What do we expect to see out of CoSAI work and when? What should people be looking forward to and what are you most looking forward to releasing from the group? We have proposed projects for CoSAI, including developing a defender's framework and addressing software supply chain security for AI systems. How can others use them? In other words, if I am a mid-sized bank CISO, do I care? How do I benefit from it? An off-the-cuff question, how to do AI governance well? Resources: CoSAI site, CoSAI 3 projects SAIF main site Gen AI governance: 10 tips to level up your AI program “Securing AI: Similar or Different?” paper Our Security of AI Papers and Blogs Explained…
C
Cloud Security Podcast by Google
1 EP184 One Week SIEM Migration: Fact or Fiction? 24:45
24:45 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi24:45
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Manan Doshi , Senior Security Engineer @ Etsy Questions: In your experience, what are the biggest challenges organizations face when migrating to a new SIEM platform? How did you solve them? Many SIEM projects have problems, but a decent chunk of these problems are not about the tool being broken. How did you decide to migrate? When is it time to go? Specifically, how to avoid constant change from product to product, each time blaming the tool for what are essentially process failures? How did you handle detection content during migration? Was AI involved? How did you test for this: “Which platform will best enable our engineering team to build what we need?” Tell us more about the Detection as Code pipeline you use? “Completed SIEM migration in a single week!” Is this for real? Resources: Google Cloud Security Summit (August 20, 2024) and “Etsy and the art of SIEM Migration” presentation “Ancillary Justice” book StreamAlert SIEM migration blog ( spicy version / vanilla version / long detailed version ) Can We Have “Detection as Code”? Google SecOps EP117 Can a Small Team Adopt an Engineering-Centric Approach to Cybersecurity?…
C
Cloud Security Podcast by Google
1 EP183 Cloud Security Journeys: Improve, Evolve, Transform with Cloud Customers 30:15
30:15 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi30:15
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuests: Jaffa Edwards , Senior Security Manager @ Google Cloud Lyka Segura , Cloud Security Engineer @ Google Cloud Topics: Security transformation is hard , do you have any secret tricks or methods that actually make it happen? Can you share a story about a time when you helped a customer transform their cloud security posture? Not just improve, but actually transform! What is your process for understanding their needs and developing a security solution that is tailored to them? What to do if a customer does not want to share what is necessary or does not know themselves? What are some of the most common security mistakes that you see organizations make when they move to the cloud? What about the customers who insist on practicing in the cloud the same way they did on-premise? What do you tell the organizations that insist that “cloud is just somebody else’s computer” and they insist on doing security the old-fashioned way? What advice would you give to organizations that are just starting out on their cloud security journey? What are the first three cloud security steps you recommend that work for a cloud environment they inherited? References EP86 How to Apply Lessons from Virtualization Transition to Make Cloud Transformation Better For a successful cloud transformation, change your culture first Building security guardrails for developers with Google Cloud Google Cloud Consulting…
C
Cloud Security Podcast by Google
1 EP182 ITDR: The Missing Piece in Your Security Puzzle or Yet Another Tool to Buy? 28:20
28:20 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi28:20
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Adam Bateman , Co-founder and CEO, Push Security Topics: What is Identity Threat Detection and Response ( ITDR )? How do you define it? What gets better at a client organization once ITDR is deployed? Do we also need “ISPM” (parallel to CDR/CSPM), and what about CIEM? Workload identity ITDR vs human identity ITDR? Do we need both? Are these the same? What are the alternatives to using ITDR? Can’t SIEM/UEBA help - perhaps with browser logs? What are some of the common types of identity-based threats that ITDR can help detect? What advice would you give to organizations that are considering implementing ITDR? Resources: ITDR Definition ITDR blog by Push / solve problem…
C
Cloud Security Podcast by Google
1 EP181 Detection Engineering Deep Dive: From Career Paths to Scaling SOC Teams 30:32
30:32 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi30:32
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Zack Allen , Senior Director of Detection & Research @ Datadog, creator of Detection Engineering Weekly Topics: What are the biggest challenges facing detection engineers today? What do you tell people who want to consume detections and not engineer them? What advice would you give to someone who is interested in becoming a detection engineer at her organization? So, what IS a detection engineer? Do you need software skills to be one? How much breadth and depth do you need? What should a SOC leader whose team totally lacks such skills do? You created Detection Engineering Weekly . What motivated you to start this publication, and what are your goals for it? What are the learnings so far? You work for a vendor, so how should customers think of vendor-made vs customer-made detections and their balance? What goes into a backlog for detections and how do you inform it? Resources: Video ( LinkedIn , YouTube ) Zacks’s newsletter: https://detectionengineering.net EP75 How We Scale Detection and Response at Google: Automation, Metrics, Toil EP117 Can a Small Team Adopt an Engineering-Centric Approach to Cybersecurity? The SRE book “Detection Spectrum” blog “Delivering Security at Scale: From Artisanal to Industrial” blog (and this too ) “Detection Engineering is Painful — and It Shouldn’t Be (Part 1)” blog series “Detection as Code? No, Detection as COOKING!” blog “Practical Threat Detection Engineering: A hands-on guide to planning, developing, and validating detection capabilities” book SpecterOps blog…
C
Cloud Security Podcast by Google
1 EP180 SOC Crossroads: Optimization vs Transformation - Two Paths for Security Operations Center 28:09
28:09 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi28:09
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuests: Mitchell Rudoll , Specialist Master, Deloitte Alex Glowacki , Senior Consultant, Deloitte Topics: The paper outlines two paths for SOCs: optimization or transformation . Can you elaborate on the key differences between these two approaches and the factors that should influence an organization's decision on which path to pursue? The paper also mentions that alert overload is still a major challenge for SOCs. What are some of the practices that work in 2024 for reducing alert fatigue and improving the signal-to-noise ratio in security signals? You also discuss the importance of automation for SOCs. What are some of the key areas where automation can be most beneficial, and what are some of the challenges of implementing automation in SOCs? Automation is often easier said than done… What specific skills and knowledge will be most important for SOC analysts in the future that people didn’t think of 5-10 years ago? Looking ahead, what are your predictions for the future of SOCs? What emerging technologies do you see having the biggest impact on how SOCs operate? Resources: “Future of the SOC: Evolution or Optimization —Choose Your Path” paper and highlights blog “Meet the Ghost of SecOps Future” video based on the paper EP58 SOC is Not Dead: How to Grow and Develop Your SOC for Cloud and Beyond The original Autonomic Security Operations (ASO) paper (2021) “New Paper: “Future of the SOC: Forces shaping modern security operations” (Paper 1 of 4)” “New Paper: “Future of the SOC: SOC People — Skills, Not Tiers” (Paper 2 of 4)” “New Paper: “Future Of The SOC: Process Consistency and Creativity: a Delicate Balance” (Paper 3 of 4)”…
C
Cloud Security Podcast by Google
1 EP179 Teamwork Under Stress: Expedition Behavior in Cybersecurity Incident Response 23:28
23:28 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi23:28
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuests: Robin Shostack , Security Program Manager, Google Jibran Ilyas , Managing Director Incident Response, Mandiant, Google Cloud Topics: You talk about “teamwork under adverse conditions” to describe expedition behavior (EB). Could you tell us what it means? You have been involved in response to many high profile incidents, one of the ones we can talk about publicly is one of the biggest healthcare breaches at this time. Could you share how Expedition Behavior played a role in our response? Apart from during incident response which is almost definitionally an adverse condition, how else can security teams apply this knowledge? If teams are going to embrace an expeditionary behavior mindset, how do they learn it? It’s probably not feasible to ship every SOC team member off to the Okavango Delta for a NOLS course . Short of that, how do we foster EB in a new team? How do we create it in an existing team or an under-performing team? Resources: EP174 How to Measure and Improve Your Cloud Incident Response Readiness: A New Framework EP103 Security Incident Response and Public Cloud - Exploring with Mandiant EP98 How to Cloud IR or Why Attackers Become Cloud Native Faster? “Take a few of these: Cybersecurity lessons for 21st century healthcare professionals” blog Getting More by Stuart Diamond book Who Moved My Cheese by Spencer Johnson book…
C
Cloud Security Podcast by Google
1 EP178 Meet Brandon Wood: The Human Side of Threat Intelligence: From Bad IP to Trafficking Busts 32:09
32:09 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi32:09
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Brandon Wood, Product Manager for Google Threat Intelligence Topics: Threat intelligence is one of those terms that means different things to everyone–can you tell us what this term has meant in the different contexts of your career? What do you tell people who assume that “TI = lists of bad IPs”? We heard while prepping for this show that you were involved in breaking up a human trafficking ring: tell us about that! In Anton’s experience, a lot of cyber TI is stuck in “1. Get more TI 2. ??? 3. Profit!” How do you move past that? One aspect of threat intelligence that’s always struck me as goofy is the idea that we can “monitor the dark web” and provide something useful. Can you change my mind on this one? You told us your story of getting into sales, you recently did a successful rotation into the role of Product Manager,, can you tell us about what motivated you to do this and what the experience was like? Are there other parts of your background that inform the work you’re doing and how you see yourself at Google? How does that impact our go to market for threat intelligence, and what’re we up to when it comes to keeping the Internet and broader world safe? Resources: Video EP175 Meet Crystal Lister: From Public Sector to Google Cloud Security and Threat Horizons EP128 Building Enterprise Threat Intelligence: The Who, What, Where, and Why EP112 Threat Horizons - How Google Does Threat Intelligence Introducing Google Threat Intelligence: Actionable threat intelligence at Google scale A Requirements-Driven Approach to Cyber Threat Intelligence…
C
Cloud Security Podcast by Google
1 EP177 Cloud Incident Confessions: Top 5 Mistakes Leading to Breaches from Mandiant 30:07
30:07 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi30:07
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuests: Omar ElAhdan , Principal Consultant, Mandiant, Google Cloud Will Silverstone , Senior Consultant, Mandiant, Google Cloud Topics: Most organizations you see use both cloud and on-premise environments. What are the most common challenges organizations face in securing their hybrid cloud environments? You do IR so in your experience, what are top 5 mistakes organizations make that lead to cloud incidents? How and why do organizations get the attack surface wrong? Are there pillars of attack surface? We talk a lot about how IAM matters in the cloud. Is that true that AD is what gets you in many cases even for other clouds? What is your best cloud incident preparedness advice for organizations that are new to cloud and still use on-prem as well? Resources: Next 2024 LIVE Video of this episode / LinkedIn version (sorry for the audio quality!) “Lessons Learned from Cloud Compromise” podcast at The Defender’s Advantage “Cloud compromises: Lessons learned from Mandiant investigations” in 2023 from Next 2024 EP174 How to Measure and Improve Your Cloud Incident Response Readiness: A New Framework EP103 Security Incident Response and Public Cloud - Exploring with Mandiant EP162 IAM in the Cloud: What it Means to Do It 'Right' with Kat Traxler…
C
Cloud Security Podcast by Google
1 EP176 Google on Google Cloud: How Google Secures Its Own Cloud Use 27:00
27:00 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi27:00
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Seth Vargo , Principal Software Engineer responsible for Google's use of the public cloud, Google Topics: Google uses the public cloud, no way, right? Which one? Oh, yeah, I guess this is obvious: GCP, right? Where are we like other clients of GCP? Where are we not like other cloud users? Do we have any unique cloud security technology that we use that others may benefit from? How does our cloud usage inform our cloud security products? So is our cloud use profile similar to cloud natives or traditional companies? What are some of the most interesting cloud security practices and controls that we use that are usable by others? How do we make them work at scale? Resources: EP12 Threat Models and Cloud Security (previous episode with Seth) EP66 Is This Binary Legit? How Google Uses Binary Authorization and Code Provenance EP75 How We Scale Detection and Response at Google: Automation, Metrics, Toil EP158 Ghostbusters for the Cloud: Who You Gonna Call for Cloud Forensics IAM Deny Seth Vargo blog “Attention Is All You Need” paper (yes, that one)…
C
Cloud Security Podcast by Google
1 EP175 Meet Crystal Lister: From Public Sector to Google Cloud Security and Threat Horizons 26:43
26:43 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi26:43
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Crystal Lister , Technical Program Manager, Google Cloud Security Topics: Your background can be sheepishly called “public sector”, what’s your experience been transitioning from public to private? How did you end up here doing what you are doing? We imagine you learned a lot from what you just described – how’s that impacted your work at Google? How have you seen risk management practices and outcomes differ? You now lead Google Threat Horizons reports , do you have a vision for this? How does your past work inform it? Given the prevalence of ransomware attacks, many organizations are focused on external threats. In your experience, does the risk of insider threats still hold significant weight? What type of company needs a dedicated and separate insider threat program? Resources: Video on YouTube Google Cybersecurity Action Team Threat Horizons Report #9 Is Out! Google Cybersecurity Action Team site for previous Threat Horizons Reports EP112 Threat Horizons - How Google Does Threat Intelligence Psychology of Intelligence Analysis by Richards J. Heuer The Coming Wave by Mustafa Suleyman Visualizing Google Cloud: 101 Illustrated References for Cloud Engineers and Architects…
C
Cloud Security Podcast by Google
1 EP174 How to Measure and Improve Your Cloud Incident Response Readiness: A New Framework 21:33
21:33 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi21:33
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Angelika Rohrer, Sr. Technical Program Manager , Cyber Security Response at Alphabet Topics: Incident response (IR) is by definition “reactive”, but ultimately incident prep determines your IR success. What are the broad areas where one needs to prepare? You have created a new framework for measuring how ready you are for an incident, what is the approach you took to create it? Can you elaborate on the core principles behind the Continuous Improvement (CI) Framework for incident response? Why is continuous improvement crucial for effective incident response, especially in cloud environments? Can’t you just make a playbook and use it? How to overcome the desire to focus on the easy metrics and go to more valuable ones? What do you think Google does best in this area? Can you share examples of how the CI Framework could have helped prevent or mitigate a real-world cloud security incident? How can other organizations practically implement the CI Framework to enhance their incident response capabilities after they read the paper? Resources: “How do you know you are "Ready to Respond"? paper EP75 How We Scale Detection and Response at Google: Automation, Metrics, Toil EP103 Security Incident Response and Public Cloud - Exploring with Mandiant EP158 Ghostbusters for the Cloud: Who You Gonna Call for Cloud Forensics EP98 How to Cloud IR or Why Attackers Become Cloud Native Faster?…
C
Cloud Security Podcast by Google
1 EP173 SAIF in Focus: 5 AI Security Risks and SAIF Mitigations 33:16
33:16 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi33:16
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Shan Rao , Group Product Manager, Google Topics: What are the unique challenges when securing AI for cloud environments, compared to traditional IT systems? Your talk covers 5 risks, why did you pick these five? What are the five, and are these the worst? Some of the mitigation seems the same for all risks. What are the popular SAIF mitigations that cover more of the risks? Can we move quickly and securely with AI? How? What future trends and developments do you foresee in the field of securing AI for cloud environments, and how can organizations prepare for them? Do you think in 2-3 years AI security will be a separate domain or a part of … application security? Data security? Cloud security? Resource: Video ( LinkedIn , YouTube ) [live audio is not great in these] “A cybersecurity expert's guide to securing AI products with Google SAIF“ presentation SAIF Site “To securely build AI on Google Cloud, follow these best practices” (paper) “Secure AI Framework (SAIF): A Conceptual Framework for Secure AI Systems” resources Corey Quinn on X (long story why this is here… listen to the episode)…
C
Cloud Security Podcast by Google
1 EP172 RSA 2024: Separating AI Signal from Noise, SecOps Evolves, XDR Declines? 27:20
27:20 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi27:20
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuests: None Topics: What have we seen at RSA 2024? Which buzzwords are rising (AI! AI! AI!) and which ones are falling (hi XDR)? Is this really all about AI? Is this all marketing? Security platforms or focused tools, who is winning at RSA? Anything fun going on with SecOps? Is cloud security still largely about CSPM? Any interesting presentations spotted? Resources: EP171 GenAI in the Wrong Hands: Unmasking the Threat of Malicious AI and Defending Against the Dark Side (RSA 2024 episode 1 of 2) “From Assistant to Analyst: The Power of Gemini 1.5 Pro for Malware Analysis” blog “Decoupled SIEM: Brilliant or Stupid?” blog “Introducing Google Security Operations: Intel-driven, AI-powered SecOps” blog “Advancing the art of AI-driven security with Google Cloud” blog…
C
Cloud Security Podcast by Google
1 EP171 GenAI in the Wrong Hands: Unmasking the Threat of Malicious AI and Defending Against the Dark Side 27:03
27:03 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi27:03
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Elie Bursztein , Google DeepMind Cybersecurity Research Lead, Google Topics: Given your experience, how afraid or nervous are you about the use of GenAI by the criminals (PoisonGPT, WormGPT and such)? What can a top-tier state-sponsored threat actor do better with LLM? Are there “extra scary” examples, real or hypothetical? Do we really have to care about this “dangerous capabilities” stuff (CBRN)? Really really? Why do you think that AI favors the defenders? Is this a long term or a short term view? What about vulnerability discovery? Some people are freaking out that LLM will discover new zero days, is this a real risk? Resources: “How Large Language Models Are Reshaping the Cybersecurity Landscape” RSA 2024 presentation by Elie (May 6 at 9:40AM) “Lessons Learned from Developing Secure AI Workflows” RSA 2024 presentation by Elie (May 8, 2:25PM) EP50 The Epic Battle: Machine Learning vs Millions of Malicious Documents EP40 2021: Phishing is Solved? EP135 AI and Security: The Good, the Bad, and the Magical EP170 Redefining Security Operations: Practical Applications of GenAI in the SOC EP168 Beyond Regular LLMs: How SecLM Enhances Security and What Teams Can Do With It PyRIT LLM red-teaming tool Accelerating incident response using generative AI Threat Actors are Interested in Generative AI, but Use Remains Limited OpenAI’s Approach to Frontier Risk…
C
Cloud Security Podcast by Google
1 EP170 Redefining Security Operations: Practical Applications of GenAI in the SOC 27:48
27:48 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi27:48
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Payal Chakravarty , Director of Product Management, Google SecOps, Google Cloud Topics: What are the different use cases for GenAI in security operations and how can organizations prioritize them for maximum impact to their organization? We’ve heard a lot of worries from people that GenAI will replace junior team members–how do you see GenAI enabling more people to be part of the security mission? What are the challenges and risks associated with using GenAI in security operations? We’ve been down the road of automation for SOCs before–UEBA and SOAR both claimed it–and AI looks a lot like those but with way more matrix math-what are we going to get right this time that we didn’t quite live up to last time(s) around? Imagine a SOC or a D&R team of 2029. What AI-based magic is routine at this time? What new things are done by AI? What do humans do? Resources: Live video ( LinkedIn , YouTube ) [live audio is not great in these] Practical use cases for AI in security operations , Cloud Next 2024 session by Payal EP168 Beyond Regular LLMs: How SecLM Enhances Security and What Teams Can Do With It EP169 Google Cloud Next 2024 Recap: Is Cloud an Island, So Much AI, Bots in SecOps 15 must-attend security sessions at Next '24…
C
Cloud Security Podcast by Google
1 EP169 Google Cloud Next 2024 Recap: Is Cloud an Island, So Much AI, Bots in SecOps 27:36
27:36 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi27:36
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuests: no guests ( just us !) Topics: What are some of the fun security-related launches from Next 2024 (sorry for our brief “marketing hat” moment!)? Any fun security vendors we spotted “in the clouds”? OK, what are our favorite sessions? Our own, right? Anything else we had time to go to? What are the new security ideas inspired by the event (you really want to listen to this part! Because “freatures”...) Any tricky questions at the end? Resources: Live video ( LinkedIn , YouTube ) [live audio is not great in these] 15 must-attend security sessions at Next '24 Cloud CISO Perspectives: 20 major security announcements from Next ‘24 EP137 Next 2023 Special: Conference Recap - AI, Cloud, Security, Magical Hallway Conversations (last year!) EP136 Next 2023 Special: Building AI-powered Security Tools - How Do We Do It? EP90 Next Special - Google Cybersecurity Action Team: One Year Later! A cybersecurity expert's guide to securing AI products with Google SAIF Next 2024 session How AI can transform your approach to security Next 2024 session…
C
Cloud Security Podcast by Google
1 EP168 Beyond Regular LLMs: How SecLM Enhances Security and What Teams Can Do With It 33:18
33:18 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi33:18
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuests: Umesh Shankar , Distinguished Engineer, Chief Technologist for Google Cloud Security Scott Coull , Head of Data Science Research, Google Cloud Security Topics: What does it mean to “teach AI security”? How did we make SecLM? And also: why did we make SecLM? What can “security trained LLM” do better vs regular LLM? Does making it better at security make it worse at other things that we care about? What can a security team do with it today? What are the “starter use cases” for SecLM? What has been the feedback so far in terms of impact - both from practitioners but also from team leaders? Are we seeing the limits of LLMs for our use cases? Is the “LLM is not magic” finally dawning? Resources: “How to tackle security tasks and workflows with generative AI” (Google Cloud Next 2024 session on SecLM) EP136 Next 2023 Special: Building AI-powered Security Tools - How Do We Do It? EP144 LLMs: A Double-Edged Sword for Cloud Security? Weighing the Benefits and Risks of Large Language Models Supercharging security with generative AI Secure, Empower, Advance: How AI Can Reverse the Defender’s Dilemma? Considerations for Evaluating Large Language Models for Cybersecurity Tasks Introducing Google’s Secure AI Framework Deep Learning Security and Privacy Workshop Security Architectures for Generative AI Systems ACM Workshop on Artificial Intelligence and Security Conference on Applied Machine Learning in Information Security…
C
Cloud Security Podcast by Google
1 EP167 Stolen Cards and Fake Accounts: Defending Google Cloud Against Abuse 25:24
25:24 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi25:24
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiSpeakers: Maria Riaz , Cloud Counter-Abuse, Engineering Lead, Google Cloud Topics: What is “counter abuse”? Is this the same as security? What does counter-abuse look like for GCP? What are the popular abuse types we face? Do people use stolen cards to get accounts to then violate the terms with? How do we deal with this, generally? Beyond core technical skills, what are some of the relevant competencies for working in this space that would appeal to a diverse set of audience? You have worked in academia and industry. What similarities or differences have you observed? Resources / reading: Video EP165 Your Cloud Is Not a Pet - Decoding 'Shifting Left' for Cloud Security P161 Cloud Compliance: A Lawyer - Turned Technologist! - Perspective on Navigating the Cloud “Art of War” by Sun Tzu “Dare to Lead” by Brene Brown "Multipliers" by Liz Wiseman…
C
Cloud Security Podcast by Google
1 EP166 Workload Identity, Zero Trust and SPIFFE (Also Turtles!) 30:06
30:06 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi30:06
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuests: Evan Gilman , co-founder CEO of Spirl Eli Nesterov , co-founder CTO of Spril Topics: Today we have IAM, zero trust and security made easy. With that intro, could you give us the 30 second version of what a workload identity is and why people need them? What’s so spiffy about SPIFFE anyway? What’s different between this and micro segmentation of your network–why is one better or worse? You call your book “ solving the bottom turtle ” could you tell us what that means? What are the challenges you’re seeing large organizations run into when adopting this approach at scale? Of all the things a CISO could prioritize, why should this one get added to the list? What makes this, which is so core to our internal security model–ripe for the outside world? How people do it now, what gets thrown away when you deploy SPIFFE? Are there alternative? SPIFFE is interesting, yet can a startup really “solve for the bottom turtle”? Resources: SPIFFE and Spirl “Solving the Bottom Turtle” book [PDF, free] “Surely You're Joking, Mr. Feynman!” book [also, one of Anton’s faves for years!] “Zero Trust Networks” book Workload Identity Federation in GCP…
C
Cloud Security Podcast by Google
1 EP165 Your Cloud Is Not a Pet - Decoding 'Shifting Left' for Cloud Security 24:34
24:34 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi24:34
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Ahmad Robinson , Cloud Security Architect, Google Cloud Topics: You’ve done a BlackHat webinar where you discuss a Pets vs Cattle mentality when it comes to cloud operations. Can you explain this mentality and how it applies to security? What in your past led you to these insights? Tell us more about your background and your journey to Google. How did that background contribute to your team? One term that often comes up on the show and with our customers is 'shifting left.' Could you explain what 'shifting left' means in the context of cloud security? What’s hard about shift left, and where do orgs get stuck too far right? A lot of “cloud people” talk about IaC and PaC but the terms and the concepts are occasionally confusing to those new to cloud. Can you briefly explain Policy as Code and its security implications? Does PaC help or hurt security? Resources: “No Pets Allowed - Mastering The Basics Of Cloud Infrastructure” webinar EP33 Cloud Migrations: Security Perspectives from The Field EP126 What is Policy as Code and How Can It Help You Secure Your Cloud Environment? EP138 Terraform for Security Teams: How to Use IaC to Secure the Cloud…
C
Cloud Security Podcast by Google
1 EP164 Quantum Computing: Understanding the (very serious) Threat and Post-Quantum Cryptography 31:23
31:23 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi31:23
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Jennifer Fernick , Senor Staff Security Engineer and UTL, Google Topics: Since one of us (!) doesn't have a PhD in quantum mechanics, could you explain what a quantum computer is and how do we know they are on a credible path towards being real threats to cryptography? How soon do we need to worry about this one? We’ve heard that quantum computers are more of a threat to asymmetric/public key crypto than symmetric crypto. First off, why? And second, what does this difference mean for defenders? Why (how) are we sure this is coming? Are we mitigating a threat that is perennially 10 years ahead and then vanishes due to some other broad technology change? What is a post-quantum algorithm anyway? If we’re baking new key exchange crypto into our systems, how confident are we that we are going to be resistant to both quantum and traditional cryptanalysis? Why does NIST think it's time to be doing the PQC thing now? Where is the rest of the industry on this evolution? How can a person tell the difference here between reality and snakeoil? I think Anton and I both responded to your initial email with a heavy dose of skepticism, and probably more skepticism than it deserved, so you get the rare on-air apology from both of us! Resources: Securing tomorrow today: Why Google now protects its internal communications from quantum threats How Google is preparing for a post-quantum world NIST PQC standards PQ Crypto conferences “Quantum Computation & Quantum Information” by Nielsen & Chuang book “Quantum Computing Since Democritus” by Scott Aaronson book EP154 Mike Schiffman: from Blueboxing to LLMs via Network Security at Google…
C
Cloud Security Podcast by Google
1 EP163 Cloud Security Megatrends: Myths, Realities, Contentious Debates and Of Course AI 25:54
25:54 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi25:54
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Phil Venables, Vice President, Chief Information Security Officer (CISO) @ Google Cloud Topics: You had this epic 8 megatrends idea in 2021, where are we now with them? We now have 9 of them , what made you add this particular one (AI)? A lot of CISOs fear runaway AI. Hence good governance is key! What is your secret of success for AI governance? What questions are CISOs asking you about AI? What questions about AI should they be asking that they are not asking? Which one of the megatrends is the most contentious based on your presenting them worldwide? Is cloud really making the world of IT simpler (megatrend #6)? Do most enterprise cloud users appreciate the software-defined nature of cloud (megatrend #5) or do they continue to fight it? Which megatrend is manifesting the most strongly in your experience? Resources: Megatrends drive cloud adoption—and improve security for all and infographic “Keynote | The Latest Cloud Security Megatrend: AI for Security” “Lessons from the future: Why shared fate shows us a better cloud roadmap” blog and shared fate page SAIF page “Spotlighting ‘shadow AI’: How to protect against risky AI practices” blog EP135 AI and Security: The Good, the Bad, and the Magical EP47 Megatrends, Macro-changes, Microservices, Oh My! Changes in 2022 and Beyond in Cloud Security Secure by Design by CISA…
C
Cloud Security Podcast by Google
1 EP162 IAM in the Cloud: What it Means to Do It 'Right' with Kat Traxler 28:09
28:09 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi28:09
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Kat Traxler , Security Researcher, TrustOnCloud Topics: What is your reaction to “in the cloud you are one IAM mistake away from a breach”? Do you like it or do you hate it? A lot of people say “in the cloud, you must do IAM ‘right’”. What do you think that means? What is the first or the main idea that comes to your mind when you hear it? How have you seen the CSPs take different approaches to IAM? What does it mean for the cloud users? Why do people still screw up IAM in the cloud so badly after years of trying? Deeper, why do people still screw up resource hierarchy and resource management? Are the identity sins of cloud IAM users truly the sins of the creators? How did the "big 3" get it wrong and how does that continue to manifest today? Your best cloud IAM advice is “assign roles at the lowest resource-level possible”, please explain this one? Where is the magic? Resources: Video ( Linkedin , YouTube ) Kat blog “Diving Deeply into IAM Policy Evaluation” blog “Complexity: a Guided Tour” book EP141 Cloud Security Coast to Coast: From 2015 to 2023, What's Changed and What's the Same? EP129 How CISO Cloud Dreams and Realities Collide…
C
Cloud Security Podcast by Google
1 EP161 Cloud Compliance: A Lawyer - Turned Technologist! - Perspective on Navigating the Cloud 27:38
27:38 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi27:38
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Victoria Geronimo , Cloud Security Architect, Google Cloud Topics: You work with technical folks at the intersection of compliance, security, and cloud. So what do you do, and where do you find the biggest challenges in communicating across those boundaries? How does cloud make compliance easier? Does it ever make compliance harder? What is your best advice to organizations that approach cloud compliance as they did for the 1990s data centers and classic IT? What has been the most surprising compliance challenge you’ve helped teams debug in your time here? You also work on standards development –can you tell us about how you got into that and what’s been surprising in that for you? We often say on this show that an organization’s ability to threat model is only as good as their team’s perspectives are diverse: how has your background shaped your work here? Resources: Video ( YouTube ) EP14 Making Compliance Cloud-native EP25 Beyond Compliance: Cloud Security in Europe Fordham University Law and Technology site IAPP site…
C
Cloud Security Podcast by Google
1 EP160 Don't Cloud Your Judgement: Security and Cloud Migration, Again! 27:32
27:32 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi27:32
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Merritt Baer , Field CTO, Lacework, ex-AWS, ex-USG Topics: How can organizations ensure that their security posture is maintained or improved during a cloud migration? Is cloud migration a risk reduction move? What are some of the common security challenges that organizations face during a cloud migration? Are there different gotchas between the three public clouds? What advice would you give to those security leaders who insist on lift/shift or on lift/shift first ? How should security and compliance teams approach their engineering and DevOps colleagues to make sure things are starting on the right foot? In your view, what is the essence of a cloud-native approach to security? How can organizations ensure that their security posture scales as their cloud usage grows? Resources: Video ( LinkedIn , YouTube ) EP69 Cloud Threats and How to Observe Them EP138 Terraform for Security Teams: How to Use IaC to Secure the Cloud EP67 Cyber Defense Matrix and Does Cloud Security Have to DIE to Win? 9 Megatrends drive cloud adoption—and improve security for all Darknet Diaries podcast…
C
Cloud Security Podcast by Google
1 EP159 Workspace Security: Built for the Modern Threat. But How? 25:31
25:31 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi25:31
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuests: Emre Kanlikilicer , Senior Engineering Manager @ Google Sophia Gu , Engineering Manager at Google Topics Workspace makes the claim that unlike other productivity suites available today, it’s architectured for the modern threat landscape. That’s a big claim! What gives Google the ability to make this claim? Workspace environments would have many different types of data, some very sensitive. What are some of the common challenges with controlling access to data and protecting data in hybrid work? What are some of the common mistakes you see customers making with Workspace security? What are some of the ways context aware access and DLP (now SDP) help with this? What are the cool future plans for DLP and CAA ? Resources: Google Workspace blog & Workspace Update blog EP99 Google Workspace Security: from Threats to Zero Trust CISA Zero Trust Maturity Model 2.0…
C
Cloud Security Podcast by Google
1 EP158 Ghostbusters for the Cloud: Who You Gonna Call for Cloud Forensics 21:33
21:33 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi21:33
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Jason Solomon , Security Engineer, Google Topics: Could you share a bit about when you get pulled into incidents and what are your goals when you are? How does that change in the cloud? How do you establish a chain of custody and prove it for law enforcement, if needed? What tooling do you rely on for cloud forensics and is that tooling available to "normal people"? How do we at Google know when it’s time to call for help, and how should our customers know that it’s time? Can I quote Ray Parker Jr and ask, who you gonna call? What’s your advice to a security leader on how to “prepare for the inevitable” in this context? Cloud forensics - is it easier or harder than the 1990s classic forensics? Resource: EP157 Decoding CDR & CIRA: What Happens When SecOps Meets Cloud EP98 How to Cloud IR or Why Attackers Become Cloud Native Faster? EP103 Security Incident Response and Public Cloud - Exploring with Mandiant Google SRE Workbook (Ch 9) GRR Cloud Logging LibCloudForensics , Turbinia , Timesketch tools…
C
Cloud Security Podcast by Google
1 EP157 Decoding CDR & CIRA: What Happens When SecOps Meets Cloud 25:27
25:27 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi25:27
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Arie Zilberstein , CEO and Co-Founder at Gem Security Topics: How does Cloud Detection and Response (CDR) differ from traditional, on-premises detection and response? What are the key challenges of cloud detection and response? Often we lift and shift our teams to Cloud, and not always for bad reasons, so what’s your advice on how to teach the old dogs new tricks: “on-premise-trained” D&R teams and cloud D&R? What is this new CIRA thing that Gartner just cooked up? Should CIRA exist as a separate market or technology or is this just a slice of CDR or even SIEM perhaps? What do you tell people who say that “SIEM is their CDR”? What are the key roles and responsibilities of the CDR team? How is the cloud D&R process related to DevOps and cloud-style IT processes? Resources: Video version of this episode Cloud breaches databases EP98 How to Cloud IR or Why Attackers Become Cloud Native Faster? EP103 Security Incident Response and Public Cloud - Exploring with Mandiant EP76 Powering Secure SaaS … But Not with CASB? Cloud Detection and Response? 9 Megatrends drive cloud adoption—and improve security for all “Emerging Tech: Security — Cloud Investigation and Response Automation (CIRA) Offers Transformation Opportunities” (Gartner access required) “Does the World Need Cloud Detection and Response (CDR)?” blog…
C
Cloud Security Podcast by Google
1 EP156 Living Off the Land and Attacking Critical Infrastructure: Mandiant Incident Deep Dive 25:12
25:12 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi25:12
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Sandra Joyce , VP at Mandiant Intelligence Topics: Could you give us a brief overview of what this power disruption incident was about? This incident involved both Living Off the Land and attacks on operational technology (OT). Could you explain to our audience what these mean and what the attacker did here? We also saw a wiper used to hide forensics, is that common these days? Did the attacker risk tipping their hand about upcoming physical attacks? If we’d seen this intrusion earlier, might we have understood the attacker’s next moves? How did your team establish robust attribution in this case, and how they do it in general? How sure are we, really? Could you share how this came about and maybe some of the highlights in our relationship helping defend that country? Resources: Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology | Mandiant Andy Greenberg’s book Sandworm EP155 Cyber, Geopolitics, AI, Cloud - All in One Book?…
C
Cloud Security Podcast by Google
1 EP155 Cyber, Geopolitics, AI, Cloud - All in One Book? 38:36
38:36 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi38:36
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuests: Derek Reveron , Professor and Chair of National Security at the US Naval War College John Savage , An Wang Professor Emeritus of Computer Science of Brown University Topics: You wrote a book on cyber and war , how did this come about and what did you most enjoy learning from the other during the writing process? Is generative AI going to be a game changer in international relations and war, or is it just another tool? You also touch briefly on lethal autonomous weapons systems and ethics–that feels like the genie is right in the very neck of the bottle right now, is it too late? Aside from this book, and the awesome course you offered at Brown that sparked Tim’s interest in this field, how can we democratize this space better? How does the emergence and shift to Cloud impact security in the cyber age? What are your thoughts on the intersection of Cloud as a set of technologies and operating model and state security (like sovereignty)? Does Cloud make espionage harder or easier? Resources: “Security in the Cyber Age” book (and their other books ’) “Thinking, Fast and Slow” book “No Shortcuts: Why States Struggle to Develop a Military Cyber-Force” book “The Perfect Weapon: War, Sabotage, and Fear in the Cyber Age“ book “Active Cyber Defense: Applying Air Defense to the Cyber Domain” EP141 Cloud Security Coast to Coast: From 2015 to 2023, What's Changed and What's the Same? EP145 Cloud Security: Shared Responsibility, Shared Fate, Shared Faith?…
C
Cloud Security Podcast by Google
1 EP154 Mike Schiffman: from Blueboxing to LLMs via Network Security at Google 35:41
35:41 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi35:41
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Mike Schiffman, Network Security “UTL” Topics: Given your impressive and interesting history, tell us a few things about yourself? What are the biggest challenges facing network security today based on your experience? You came to Google to work on Network Security challenges. What are some of the surprising ones you’ve uncovered here? What lessons from Google's approach to network security absolutely don’t apply to others? Which ones perhaps do? If you have to explain the difference between network security in the cloud and on-premise, what comes to mind first? How do we balance better encryption with better network security monitoring and detection? Speaking of challenges in cryptography, we’re all getting fired up about post-quantum and network security. Could you give us the maybe 5 minute teaser version of this because we have an upcoming episode dedicated to this? I hear you have some interesting insight on LLMs, something to do with blueboxing or something. What is that about? Resources: Video EP113 Love it or Hate it, Network Security is Coming to the Cloud EP122 Firewalls in the Cloud: How to Implement Trust Boundaries for Access Control “A History of Fake Things on the Internet” by WALTER J. SCHEIRER Why Google now protects its internal communications from quantum threats How Google is preparing for a post-quantum world NIST on PQC “Smashing The Stack For Fun And Profit” (yes, really)…
C
Cloud Security Podcast by Google
1 EP153 Kevin Mandia on Cloud Breaches: New Threat Actors, Old Mistakes, and Lessons for All 28:41
28:41 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi28:41
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Kevin Mandia , CEO at Mandiant, part of Google Cloud Topics: When you look back, what were the most surprising cloud breaches in 2023, and what can we learn from them? How were they different from the “old world” of on-prem breaches? For a long time it’s felt like incident response has been an on-prem specialization, and that adversaries are primarily focused on compromising on-prem infrastructure. Who are we seeing go after cloud environments? The same threat actors or not? Could you share a bit about the mistakes and risks that you saw organizations make that made their cloud breaches possible or made them worse? Conversely, what ended up being helpful to organizations in limiting the blast radius or making response easier? Tim’s mother worked in a network disaster recovery team for a long time–their motto was “preparing for the inevitable.” What advice do you have for helping security teams and IT teams get ready for cloud breaches? Especially for recent cloud entrants? Anton tells his “2000 IDS story” (need to listen for details!) and asks: what approaches for detecting threats actually detects threats today? Resources: EP148 Decoding SaaS Security: Demystifying Breaches, Vulnerabilities, and Vendor Responsibilities "Microsoft lost its keys, and the government got hacked" news article SEC Charges SolarWinds and Chief Information Security Officer with Fraud, Internal Control Failures (must read by every CISO!)…
C
Cloud Security Podcast by Google
1 EP152 Trust, Security and Google's Annual Transparency Report 26:03
26:03 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi26:03
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Michee Smith , Director, Product Management for Global Affairs Works, Google Topics: What is Google Annual Transparency Report and how did we get started doing this? Surely the challenge of a transparency report is that there are things we can’t be transparent about, how do we balance this? What are those? Is it a safe question? What Access Transparency Logs are and if they are connected to the report –other than in Tim's mind and your career? Beyond building the annual transparency report, you also work on our central risk data platform. Every business has a problem managing risk–what’s special here? Do we have any Google magic here? Could you tell us about your path in Product Management here? You have been here eight years, and recently became Director. Do you have any advice for the ambitious Google PMs listening to the show? Resources: Google Annual Transparency report Access Transparency Logs “Digital Asset Valuation and Cyber Risk Measurement: Principles of Cybernomics“ book Keyun Ruan “Trapped in a frame: Why leaders should avoid security framework traps” blog…
C
Cloud Security Podcast by Google
1 EP151 Cyber Insurance in the Cloud Era: Balancing Protection, Data and Risks 26:06
26:06 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi26:06
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Monica Shokrai , Head Of Business Risk and Insurance For Google Cloud Topics: Could you give us the 30 second run down of what cyber insurance is and isn't? Can you tie that to clouds? How does the cloud change it? Is it the case that now I don't need insurance for some of the "old school" cyber risks? What challenges are insurers facing with assessing cloud risks? On this show I struggle to find CISOs who "get" cloud, are there insurers and underwriters who get it? We recently heard about an insurer reducing coverage for incidents caused by old CVEs! What's your take on this? Effective incentive structure to push orgs towards patching operational excellence or someone finding yet another way not to pay out? Is insurance the magic tool for improving security? Doesn't cyber insurance have a difficult reputation with clients? “Will they even pay?” “Will it be enough?” “Is this a cyberwar exception?” type stuff? How do we balance our motives between selling more cloud and providing effective risk underwriting data to insurers? How soon do you think we will have actuarial data from many clients re: real risks in the cloud? What about the fact that risks change all the time unlike say many “non cyber” risks? Resources: Video ( LinkedIn , YouTube ) Google Cloud Risk Protection program “Cyber Insurance Policy” by Josephine Wolff InsureSec…
C
Cloud Security Podcast by Google
1 EP150 Taming the AI Beast: Threat Modeling for Modern AI Systems with Gary McGraw 26:17
26:17 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi26:17
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Dr Gary McGraw , founder of the Berryville Institute of Machine Learning Topics: Gary, you’ve been doing software security for many decades, so tell us: are we really behind on securing ML and AI systems? If not SBOM for data or “DBOM”, then what? Can data supply chain tools or just better data governance practices help? How would you threat model a system with ML in it or a new ML system you are building? What are the key differences and similarities between securing AI and securing a traditional, complex enterprise system? What are the key differences between securing the AI you built and AI you buy or subscribe to? Which security tools and frameworks will solve all of these problems for us? Resources: EP135 AI and Security: The Good, the Bad, and the Magical Gary McGraw books “An Architectural Risk Analysis Of Machine Learning Systems: Toward More Secure Machine Learning“ paper “What to think about when you’re thinking about securing AI” Annotated ML Security bibliography Tay bot story (2016) “Can you melt eggs?” “Microsoft AI researchers accidentally leak 38TB of company data” “Random number generator attack” “Google's AI Red Team: the ethical hackers making AI safer” Introducing Google’s Secure AI Framework…
C
Cloud Security Podcast by Google
1 EP149 Canned Detections: From Educational Samples to Production-Ready Code 28:37
28:37 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi28:37
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuests: John Stoner , Principal Security Strategist, Google Cloud Security Dave Herrald , Head of Adopt Engineering, Google Cloud Security Topics: In your experience, past and present, what would make clients trust vendor detection content? Regarding “canned”, default or “out-of-the-box” detections, how to make them more production quality and not merely educational samples to learn from? What is more important, seeing the detection or being able to change it, or both? If this is about seeing the detection code/content, what about ML and algorithms? What about the SOC analysts who don't read the code? What about “tuning” - is tuning detections a bad word now in 2023? Everybody is obsessed about “false positives,” what about the false negatives? How are we supposed to eliminate them if we don’t see detection logic? Resources: Video ( Linkedin , YouTube ) Github rules for Chronicle DetectionEngineering.net by Zack Allen “On Trust and Transparency in Detection” blog “Detection as Code? No, Detection as COOKING!” blog EP64 Security Operations Center: The People Side and How to Do it Right EP108 How to Hunt the Cloud: Lessons and Experiences from Years of Threat Hunting EP75 How We Scale Detection and Response at Google: Automation, Metrics, Toil Why is Threat Detection Hard? Detection Engineering is Painful — and It Shouldn’t Be (Part 1 , 2 , 3 , 4 , 5 )…
C
Cloud Security Podcast by Google
1 EP148 Decoding SaaS Security: Demystifying Breaches, Vulnerabilities, and Vendor Responsibilities 29:44
29:44 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi29:44
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Adrian Sanabria , Director of Valence Threat Labs at Valence Security , ex-analyst Topics: When people talk about “cloud security” they often forget SaaS, what should be the structured approach to using SaaS securely or securing SaaS? What are the incidents telling us about the realistic threats to SaaS tools? Is the Microsoft 365 breach a SaaS breach, a cloud breach or something else? Do we really need CVEs for SaaS vulnerabilities? What are the least understood aspects of securing SaaS? What do you tell the organizations who assume that “SaaS vendor takes care of all SaaS security”? Isn’t CASB the answer to all SaaS security issues? We also have SSPM now too? Do we really need more tools? Resources: VIdeo ( LinkedIn , YouTube ) EP76 Powering Secure SaaS … But Not with CASB? Cloud Detection and Response? Valence 2023 State of SaaS Security report DHS Launches First-Ever Cyber Safety Review Board Enterprise Security Weekly podcast CloudVulnDb and another cloud vulnerability list Cyber Safety Review Board (CSRB) by CISA…
C
Cloud Security Podcast by Google
1 EP147 Special: 2024 Google Cloud Security Forecast Report 22:51
22:51 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi22:51
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Kelli Vanderlee , Senior Manager, Threat Analysis, Mandiant at Google Cloud Topics: Can you really forecast threats? Won’t the threat actors ultimately do whatever they want? How can clients use the forecast? Or as Tim would say it, what gets better once you read it? What is the threat forecast for cloud environments? It says “Cyber attacks targeting hybrid and multi-cloud environments will mature and become more impactful“ - what does it mean? Of course AI makes an appearance as well: “LLMs and other gen AI tools will likely be developed and offered as a service to assist attackers with target compromises.” Do we really expect attacker-run LLM SaaS? What models will they use? Will it be good? There are a number of significant elections scheduled for 2024, are there implications for cloud security? Based on the threat information, tell me about something that is going well, what will get better in 2024? Resources: 2024 Google Cloud Security Forecast Report EP112 Threat Horizons - How Google Does Threat Intelligence EP135 AI and Security: The Good, the Bad, and the Magical How to Stop a Ransomware Attack Sophisticated StripedFly Spy Platform Masqueraded for Years as Crypto Miner…
C
Cloud Security Podcast by Google
1 EP146 AI Security: Solving the Problems of the AI Era: A VC's Insights 24:27
24:27 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi24:27
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Wei Lien Dang , GP at Unusual Ventures Topics: We have a view at Google that AI for security and security for AI are largely separable disciplines. Do you feel the same way? Is this distinction a useful one for you? What are some of the security problems you're hearing from AI companies that are worth solving? AI is obviously hot, and as always security is chasing the hotness. Where are we seeing the focus of market attention for AI security? Does this feel like an area that's going to have real full products or just a series of features developed by early stage companies that get acquired and rolled up into other orgs? What lessons can we draw on from previous platform shifts, e.g. cloud security, to inform how this market will evolve? Resources: “What to think about when you’re thinking about securing AI” blog / paper EP135 AI and Security: The Good, the Bad, and the Magical EP136 Next 2023 Special: Building AI-powered Security Tools - How Do We Do It? EP144 LLMs: A Double-Edged Sword for Cloud Security? Weighing the Benefits and Risks of Large Language Models Introducing Google’s Secure AI Framework OWASP Top 10 for Large Language Model Applications Unusual VC Startup Field Guide Demystifing LLMs and Threats by Caleb Sima…
C
Cloud Security Podcast by Google
1 EP145 Cloud Security: Shared Responsibility, Shared Fate, Shared Faith? 20:36
20:36 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi20:36
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Jay Thoden van Velzen , Strategic Advisor to the CSO, SAP Topics: What are the challenges with shared responsibility for cloud security? Can you explain "shared" vs "separated" responsibility? In your article , you mention “shared faith”, we have “shared fate” , but we never heard of shared faith. What is this? Can you explain? What about the cloud models (SaaS, PaaS, IaaS), how does this sharing model differ? While at it, what is cloud, really? [yes, we really did ask this!] Resources: LinkedIn post and Blog EP132 Chaos Engineering for Security: How to Improve Software Resilience with Kelly Shortridge “Security Chaos Engineering” book Shared responsibility failures blog Shared fate at Google Cloud (also see blogs one and two ) National Cyber Security strategy…
C
Cloud Security Podcast by Google
1 EP144 LLMs: A Double-Edged Sword for Cloud Security? Weighing the Benefits and Risks of Large Language Models 29:04
29:04 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi29:04
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Kathryn Shih , Group Product Manager, LLM Lead in Google Cloud Security Topics: Could you give our audience the quick version of what is an LLM and what things can they do vs not do? Is this “baby AGI” or is this a glorified “autocomplete”? Let’s talk about the different ways to tune the models, and when we think about tuning what are the ways that attackers might influence or steal our data? Can you help our security listener leaders have the right vocabulary and concepts to reason about the risk of their information a) going into an LLM and b) getting regurgitated by one? How do I keep the output of a model safe, and what questions do I need to ask a vendor to understand if they’re a) talking nonsense or b) actually keeping their output safe? Are hallucinations inherent to LLMs and can they ever be fixed? So there are risks to data and new opportunities for attacks and hallucinations. How do we know good opportunities in the area given the risks? Resources: Retrieval Augmented Generation (or go ask Bard about it) “New Paper: “Securing AI: Similar or Different?“” blog…
C
Cloud Security Podcast by Google
1 EP143 Cloud Security Remediation: The Biggest Headache? 25:58
25:58 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi25:58
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuests: Tomer Schwartz, Dazz CTO Topics: It seems that in many cases the challenge with cloud configuration weaknesses is not their detection, but remediation, is that true? As far as remediation scope, do we need to cover traditional vulnerabilities (in stock and custom code), configuration weaknesses and other issues too? One of us used to cover vulnerability management at Gartner, and in many cases the remediation failures [on premise] were due to process, not technology, breakdowns. Is this the same in the cloud? If still true, how can any vendor technology help resolve it? Why is cloud security remediation such a headache for so many organizations? Is the friction real between security and engineering teams? Do they have any hope of ever becoming BFFs? Doesn’t every CSPM (and now ASPM too?) vendor say they do automated remediation today? How should security pros evaluate solutions for prioritizing, triaging, and fixing issues? Resources: Video ( YouTube , LinkedIn ) Cloud Security Remediation for Dummies EP3 Automate and/or Die? EP67 Cyber Defense Matrix and Does Cloud Security Have to DIE to Win? ’ EP54 Container Security: The Past or The Future? EP138 Terraform for Security Teams: How to Use IaC to Secure the Cloud EP117 Can a Small Team Adopt an Engineering-Centric Approach to Cybersecurity? A Guide to Building a Secure SDLC 8 Megatrends drive cloud adoption—and improve security for all…
C
Cloud Security Podcast by Google
1 EP142 Cloud Security Podcast Ask Me Anything #AMA 2023 32:46
32:46 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi32:46
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiHost: Stephanie Wong , Product Manager, Google Cloud Guests (yes, really, we are the guests!): Anton Chuvakin Tim Peacock Topics: Could you tell us how you ended up in security? What was the moment you realized that Cloud security was different from well, regular, security? Anton is always asking this “3AM test”, where did that come from? How do you source topics for the podcast? What advice would you give to folks who are interested in getting into security? … and other fun questions! Resources: Video ( LinkedIn , YouTube ) Cloud Security Podcast by Google / Twitter / LinkedIn…
C
Cloud Security Podcast by Google
1 EP141 Cloud Security Coast to Coast: From 2015 to 2023, What's Changed and What's the Same? 25:28
25:28 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi25:28
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Jeremiah Kung , Global Head of Information Security, AppLovin Topics: Before we dive into all of the awesome cloud migrations you’ve experienced and your learnings there, could we start with a topic of East vs West CISO mentality? We are talking to more and more CISOs who see the cloud as a net win for security. What’s your take on whether the cloud improves security? We talked about doing some “big” cloud migrations, could you talk about what you learned back in 2015 about the “right” way to do a cloud migration and how you’ve applied those lessons since? How are you approaching securing clouds differently in 2023 (vs the dark past of 2015)? What advice would you give your peers to get out of the “saying no” mentality and into a better collaborative mode? On the topic of giving advice to people who haven’t asked for it, what advice would you give to teams who are stuck in 1990s thinking when it comes to lift and shifting their security technology stack to cloud? Resources: EP104 CISO Walks Into the Cloud: And The Magic Starts to Happen! EP129 How CISO Cloud Dreams and Realities Collide EP104 CISO Walks Into the Cloud: And The Magic Starts to Happen! EP11 Preparing for Cloud Migrations from a CISO Perspective, Part 2 “How CISOs need to adapt their mental models for cloud security” blog “Superforecasting” book “American Generalship” book…
C
Cloud Security Podcast by Google
1 EP140 System Hardening at Google Scale: New Challenges, New Solutions 27:18
27:18 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi27:18
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Andrew Hoying , Senior Security Engineering Manager @ Google Topics: What is different about system hardening today vs 20 years ago? Also, what is special about hardening systems at Google massive scale? Can I just apply CIS templates and be done with it? Part of hardening has to be following up with developers after they have un-hardened things – how do we operationalize that at scale without getting too much in the way of productivity? A part of hardening has got to be responding to new regulation and compliance regimes, how do you incorporate new controls and stay responsive to the changing world around us? Are there cases where we have taken lessons from hardening at scale and converted those into product improvements? What metrics do you track to keep your teams moving, and what metrics do your leads look at to understand how you’re doing? [Spoiler: the answer here is VERY fun!] Resources: “Why Shared Fate is a Better Way to Manage Cloud Risk” article (and this too ) CIS for GCP GCP IAM Deny CloudSecList by Marco Lancini…
C
Cloud Security Podcast by Google
1 EP139 What is Chronicle? Beyond XDR and into the Next Generation of Security Operations 24:15
24:15 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi24:15
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Chris Corde , Sr Director of Product Management - Security Operations, Google Cloud Topics: You cover many products, but let’s focus on Chronicle today. An easy question: Chronicle isn’t an XDR, so what is it? Since you’ve joined the team, what’re you most proud of shipping to clients? Could you share more about the Mandiant acquisition, what’s been a happy surprise and what are you looking forward to making available to customers? Some believe that good security operations success is mostly about process, yet we are also building these amazing products. What is your view of how much security ops success hinges on products vs practices? When it comes to building out Chronicle’s position in the market, how are we leveraging the depth of expertise that people have with other SIEM tools compared to ours? What advice do you have for security professionals who want to transition into product management? Resources: EP44 Evolving a SIEM for the Future While Learning from the Past EP82 Mega-confused by XDR? You Are Not Alone! This XDR Skeptic Clarifies!…
C
Cloud Security Podcast by Google
1 EP138 Terraform for Security Teams: How to Use IaC to Secure the Cloud 30:13
30:13 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi30:13
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Rosemary Wang , Developer Advocate at HashiCorp Topics: Could you give us a 2 minute picture on what Terraform is, what stages of the cloud lifecycle it is relevant for, and how it intersects with security teams? How can Terraform be used for security automation? How should security teams work with DevOps teams to use it? What are some of the obvious and not so obvious security challenges of using Terraform? How can security best practices be applied to infrastructure instantiated via Terraform? What is the relationship between Terraform and policy as code (PaC)? How do you get started with all this? What do you tell the security teams who want to do cloud security the “old way” and not the cloud-native way? Resources: Video ( LinkedIn , YouTube ) “EP126 What is Policy as Code and How Can It Help You Secure Your Cloud Environment?” Policy as Code with HashiCorp Sentinel or Open Policy Agent (OPA) for Terraform “Terraform Cloud adds Vault-backed dynamic credentials” blog Google Cloud Provider for Terraform Security & Authentication Providers for Terraform “Sloth’s Guide to Mindfulness” book…
C
Cloud Security Podcast by Google
1 EP137 Next 2023 Special: Conference Recap - AI, Cloud, Security, Magical Hallway Conversations 23:31
23:31 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi23:31
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuests: no guests, all banter, all very fun :-) Topics: How is Google Next this year? What is new in cloud security? Is Google finally a security vendor? What are some of the fun security presentations we've seen, including our own? Any impactful launches in security? What was the most interesting overall? Resources: “Next 2023 Special: Building AI-powered Security Tools - How Do We Do It?” (ep136) “RSA 2023 - What We Saw, What We Learned, and What We're Excited About” (ep119) “Cyber Defense Matrix and Does Cloud Security Have to DIE to Win?” (ep67) “Detecting, investigating, and responding to threats in your Google Cloud environment” at Cloud Next 2023 by Anton “Prevent cloud compromises: Learn how Uber discovers cyber risks and remediates threats” at Cloud Next 2023 by Tim “Generative AI for defenders with Sec-PaLM 2 and Duet AI” at Cloud Next 2023 by Eric Doerr ( his episode ) “A blueprint for modern security operations” at Cloud Next 2023 by our future guest, Chris… Kevin Mandia at Next keynote (start at 1:15:00) “New AI capabilities that can help address your security challenges” blog…
C
Cloud Security Podcast by Google
1 EP136 Next 2023 Special: Building AI-powered Security Tools - How We Do It? 21:31
21:31 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi21:31
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Eric Doerr , VP of Engineering, Google Cloud Security Topics: You have a Next presentation on AI , what is the most exciting part for you? We care both about securing AI and using AI for security. How do you organize your thinking about it? Executive surveys imply that trusting an AI (for business) is still an issue. How can we trust AI for security? What does it mean to “trust AI” in this context? How should defenders think about threat modeling AI systems? Back to using AI for security, what are the absolute worst security use cases for GenAI? Think “generate code and run it on prod” or something like that? What does it mean to “teach AI security” like we did with Sec-PALM2 ? What is actually involved in this? What were some surprising challenges we ran into here? Resources: “Generative AI for defenders with Sec-PaLM 2 and Duet AI” presentation at Google Cloud Next 2023 “The Prompt: What to think about when you’re thinking about securing AI” and a new paper on securing AI “AI and Security: The Good, the Bad, and the Magical” (ep135) Monitor and secure Vertex AI “Introducing Google’s Secure AI Framework” blog “Project Hail Mary” book…
C
Cloud Security Podcast by Google
1 EP135 AI and Security: The Good, the Bad, and the Magical 25:51
25:51 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi25:51
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Phil Venables ( @philvenables ), Vice President, Chief Information Security Officer (CISO) @ Google Cloud Topics: Why is AI a game-changer for security? Can we even have game-changers in cyber security? Is it more detection or is it more reducing toil and making humans more productuve? What are you favorite AI for security use cases? What “AI + security” issue makes you - a classic CISO question here - lose sleep at night? Does AI help defenders or attackers more? Won’t attackers adopt faster because they don’t have as many rules (but yes, they have bosses and budgets too )? Aren’t there cases where defenders benefit a lot more and gain a superpower with AI while attackers are faced with defeat? Is securing AI more similar or more different from securing other enterprise systems? Does shared fate apply to AI? Resources: “Securing AI: Similar or Different?” paper by Office of the CISO at Google Cloud “Secure AI Framework Approach" Supercharge security with AI Board of Directors Insights Hub “Lessons from the future: Why shared fate shows us a better cloud roadmap” blog “Megatrends, Macro-changes, Microservices, Oh My! Changes in 2022 and Beyond in Cloud Security” (ep47) “Securing Multi-Cloud from a CISO Perspective, Part 3” (ep22) “Google Cybersecurity Action Team: What's the Story?” (ep37) “Google Cybersecurity Action Team: One Year Later!” (ep90)…
C
Cloud Security Podcast by Google
1 EP134 How to Prioritize UX and Security in the Cloud: UX as a Security Capability 26:04
26:04 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi26:04
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Steph Hay , Director of UX, Google Cloud Security Topics: The importance of User Experience (UX) in security is so obvious – though it isn’t to a lot of people! Could we talk about the importance of UX in security? UX and security in general have an uneasy relationship, and security is harmed by bad UX, it also feels like bad UX can be a security issue. What is your take on this? How do you think about prioritizing your team’s time between day zero vs day n experiences for users of security tools? Some say that cloud security should be invisible, but does this mean no UX at all? What are the intersections between UX for security and invisible security? Can you think of what single UX change in Cloud Security’s portfolio made the biggest impact to actual security outcomes? We have this new tool/approach for planning called Jobs To Be Done (JTBD) - give us the value, and the history? In the world of JTBD planning, what gets better? Resources: JTBD Framework GCP IAM Recommender Recaptha Enterprise…
C
Cloud Security Podcast by Google
1 EP133 The Shared Problem of Alerting: More SRE Lessons for Security 35:58
35:58 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi35:58
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Steve McGhee , Reliability Advocate at Google Cloud Aron Eidelman , Developer Relations Engineer at Google Cloud Topics: What is the shared problem for SRE and security when it comes to alerting? Why is there reluctance to reduce noise? How do SREs, security practitioners, and other stakeholders define “incident” and “risk”? How does involving an “adversary” change the way people think about an incident, even if the impact is identical? Which SRE alerting lessons do NOT apply at all for security? Resources: Video ( LinkedIn , YouTube ) “Deploy Security Capabilities at Scale: SRE Explains How” (ep85) Steve talk about probability and SLO math at SLOconf Why Focus on Symptoms, Not Causes? Learning from incidents (LFI) science How to measure anything in cyber security risk book Security chaos engineering book The SRS Book Ch 1 The SRE book Ch 4…
C
Cloud Security Podcast by Google
1 EP132 Chaos Engineering for Security: How to Improve Software Resilience with Kelly Shortridge 36:27
36:27 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi36:27
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Kelly Shortridge , Senior Principal Engineer in the Office of the CTO at Fastly Topics: So what is Security Chaos Engineering? “Chapter 5. Operating and Observing” is Anton’s favorite. One thing that mystifies me, however, is that you outline how to fail with alerts (send too many), but it is not entirely clear how to practically succeed with them? How does chaos engineering help security alerting / detection? How chaos engineering (or is it really about software resilience?) intersects with Cloud security - is this peanut butter and chocolate or more like peanut butter and pickles? How can organizations get started with chaos engineering for software resilience and security? What is your favorite chaos engineering experiment that you have ever done? We often talk about using the SRE lessons for security, and yet many organizations do security the 1990s way. Are there ways to use chaos engineering as a forcing function to break people out of their 1990s thinking and time warp them to 2023? Resources: Video ( LinkedIn , YouTube ) “Security Chaos Engineering: Sustaining Resilience in Software and Systems” by Kelly Shortridge, Aaron Rinehart “Cybersecurity Myths and Misconceptions” book “Designing Data-Intensive Applications: The Big Ideas Behind Reliable, Scalable, and Maintainable Systems“ book “Normal Accidents: Living with High-Risk Technologies” book “Deploy Security Capabilities at Scale: SRE Explains How” (ep85) “The Good, the Bad, and the Epic of Threat Detection at Scale with Panther” (ep123) “Can a Small Team Adopt an Engineering-Centric Approach to Cybersecurity?” (ep117) IKEA Effect “Modernizing SOC ... Introducing Autonomic Security Operations” blog…
C
Cloud Security Podcast by Google
1 EP131 A Deep Dive into Google's Assured OSS: How Google Secures the Software You Use 26:06
26:06 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi26:06
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuests: Himanshu Khurana, Engineering Manager, Google Cloud Rahul Gupta, Product Manager for Assured OSS, Google Cloud Topics: For the software you’re supporting in Assured Open Source your team discovered 50% of the CVEs reported in them this year. How did that happen? So what is Assured Open Source ? Do we really guarantee its security? What does “guarantee” here mean? What’re users actually paying for here? What’s the Google magic here and why are we doing this? Do we really audit all code and fuzz for security issues? What’s a supply chain attack and then we’ll talk about how this is plugging into those gaps? Resources: Assured Open Source Software page “SBOMs: A Step Towards a More Secure Software Supply Chain” (ep116) “Linking Up The Pieces: Software Supply Chain Security at Google and Beyond” (ep24) SLSA.dev blog Open Source Security Podcast Mandiant M-Trends 2023…
C
Cloud Security Podcast by Google
1 EP130 Cloud is Secure: Are you Using It Securely - True or False? 34:26
34:26 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi34:26
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Steve Riley , Field CTO, Netskope, ex-Gartner Research VP Topics: Analysts (well, like Steve and Anton in the past?) say that “cloud is secure, but clients just aren’t using it securely”, what is your reaction to this today? When clients hear “use cloud securely”, what do you think comes to their minds? How would you approach planning for secure use of the cloud or using cloud securely? What is your view of cloud defense in depth (DiD) or layered defenses? How do you suggest clients think about it? What about DiD for SaaS? What are your thoughts on the evolution of zero trust? How has it changed since its introduction back in 2010? Awareness of and interest in SSE and SASE is growing. But at the same time, plenty of folks seem deeply perplexed by these. How would you explain them to someone not deeply immersed in the details? Resources: Video ( LinkedIn , YouTube ) Bruce Schneier books Netskope blog “Deploy Security Capabilities at Scale: SRE Explains How” (ep85) “Zero Trust: Fast Forward from 2010 to 2021” (ep8) “Powering Secure SaaS … But Not with CASB? Cloud Detection and Response?” (ep76) “How to Approach Cloud in a Cloudy Way, not As Somebody Else’s Computer?” (ep115) "Use Cloud Securely? What Does This Even Mean?!" "How to Solve the Mystery of Cloud Defense in Depth?"…
C
Cloud Security Podcast by Google
1 EP129 How CISO Cloud Dreams and Realities Collide 31:16
31:16 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi31:16
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Rick Doten , VP, Information Security at Centene Corporation, CISO Carolina Complete Health Topics: What are the realistic cloud risks today for an organization using public cloud? Is the vendor lock-in on that list? What other risks everybody thinks are real, but they are not? What do you tell people who in 2023 still think “they can host Exchange better themselves” and have silly cloud fears? What do you tell people who insist on “copy/pasting” all their security technology stack from data centers to the cloud? Cloud providers have greater opportunity not only to see issues, but to learn how to react well. Do you think this argument holds water? What are the most challenging security issues for multi-cloud and hybrid cloud security? How does security chasm (between security haves and have-notes) affect cloud security? Your best cloud security advice for an organization with a security team of 0 FTEs and no CISO? Resources: Video ( LinkedIn , YouTube ) Rick Doten on YouTube Defining Cloud Security by Rick Doten Cloud Security Alliance materials Mandiant M-Trends 2023…
C
Cloud Security Podcast by Google
1 EP128 Building Enterprise Threat Intelligence: The Who, What, Where, and Why 27:01
27:01 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi27:01
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: John Doyle , Principle Intelligence Enablement Consultant at Mandiant / Google Cloud Topics: You have created a new intelligence class focused on building enterprise threat intelligence capability , so what is the profile of an organization and profile for a person that benefits the most from the class? There are many places to learn threat intel (TI), what is special about your new class? You talk about country cyber operations in the class, so what is the defender - relevant difference between, say, DPRK and Iran cyber doctrines? More generally, how do defenders benefit from such per country intel? Can you really predict what the state-affiliated attackers would do to your organization based on the country doctrine? In many minds, TI is connected to attribution. What is your best advice on attribution to CISOs of well-resourced organizations? What about mainstream organizations? Overall we see a lot of organizations still failing to operationalize TI, especially strategic TI, how does this help them? Resources: The new class “Inside the Mind of APT” “Navigating Tradeoffs of Attribution” paper Sands Casino hack 2014 "Threat Horizons - How Google Does Threat Intelligence" (ep112)…
C
Cloud Security Podcast by Google
1 EP127 Is IAM Really Fun and How to Stay Ahead of the Curve in Cloud IAM? 30:05
30:05 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi30:05
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Ian Glazer , founder at Weave Identity, ex-Gartner, ex-SVP of Products at Salesforce, co-founder of IDPro Topics: OK, tell us why Identity and Access Management (IAM) is exciting (is it exciting?) Could you also explain why IAM is even more exciting in the cloud? Are you really “one IAM mistake away from a breach” in the cloud? What advice would you give to someone new to IAM? How to not just “learn IAM in the cloud” but to keep learning IAM? Is what I know about IAM in AWS the same as knowing IAM for GCP? What advice do you have for teams operating in a multi-cloud world? What are the top cloud IAM mistakes? How to avoid them? Resources: Video ( LinkedIn , YouTube ) IDPro association and BoK SCIM v2 standard EP60 Impersonating Service Accounts in GCP and Beyond: Cloud Security Is About IAM? EP76 Powering Secure SaaS … But Not with CASB? Cloud Detection and Response? EP94 Meet Cloud Security Acronyms with Anna Belak…
C
Cloud Security Podcast by Google
1 EP126 What is Policy as Code and How Can It Help You Secure Your Cloud Environment? 31:43
31:43 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi31:43
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuests: Dominik Richter , the founder and head of product at Mondoo Cooked questions: What is a policy, is that the same as a control, or is there a difference? And what’s the gap between a policy and a guardrail? We have IaC, so what is this Policy as Code? Is this about security policy or all policies for cloud? Who do I hire to write and update my policy as code? Do I need to be a coder to create policy now? Who should own the implementation of Policy as Code? Is Policy as Code something that security needs to be driving? Is it the DevOps or Platform Engineering teams? How do organizations grow into safely rolling out new policy as code code? You [Mondoo] say that "cnspec assesses your entire infrastructure's security and compliance" and this problem has been unsolved for as long as the cloud existed. Will your toolset change this? There are other frameworks that exist for security testing like HashiCorp’s sentinel, Open Policy Agent, etc and you are proposing a new one with MQL. Why do we need another security framework? What are some of the success metrics when adopting Policy as Code? Resources: Live video ( LinkedIn , YouTube ) “Why Infrastructure as Code Is Setting You up to Make Bad Things Faster” blog…
C
Cloud Security Podcast by Google
1 EP125 Will SIEM Ever Die: SIEM Lessons from the Past for the Future 29:43
29:43 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi29:43
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: David Swift, Security Strategist at Netenrich Topics: Which old Security Information and Event Management (SIEM) lessons apply today? Which old SIEM lessons absolutely do not apply today and will harm you? What are the benefits and costs of SIEM in 2023? What are the top cloud security use cases for SIEM in 2023? What are your favorite challenges with SIEM in 2023 special in the cloud? Are they different from, say, 2013 or perhaps 2003? Do you think SIEM can ever die? Resources: Live video ( LinkedIn , YouTube ) “Debating SIEM in 2023, Part 1” and “Debating SIEM in 2023, Part 2” blogs “Detection as Code? No, Detection as COOKING!” blog “ A Process for Continuous Security Improvement Using Log Analysis ” (old but good) “UEBA, It's Just a Use Case” blog “ Situational Awareness Is Key to Faster, Better Threat Detection” blog and other SIEM reading MITRE 15 detection techniques paper…
C
Cloud Security Podcast by Google
1 EP124 Safe Browsing: Lessons from How Google Secures Five Billion Devices at Low False Positive Rates 25:03
25:03 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi25:03
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Panos Mavrommatis , Senior Engineering Director at Google Cloud Topics: Could you give us the 30 second overview of our favorite “billion user security product” - SafeBrowsing - and, since you were there, how did it get started? SafeBrowsing is a consumer and business product – are you mitigating the same threats and threat models on each side? Making this work at scale can’t be easy, anytime we’re talking about billion device protection, there are massive scale questions. How did we make it work at such a scale? Talk to us about the engineering and scaling magic behind the low false positive rate for blocking? Resources: “Foundryside” book…
C
Cloud Security Podcast by Google
1 EP123 The Good, the Bad, and the Epic of Threat Detection at Scale with Panther 39:24
39:24 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi39:24
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Jack Naglieri , Founder and CEO at Panther Topics: What is good detection, defined at micro-level for a rule or a piece of detection content? What is good detection, defined at macro-level for a program at a company? How to reliably produce good detection content at scale? What is a detection content lifecycle that reliably produces good detections at scale? What is the purpose of a SIEM today? Where do you stand on a classic debate on vendor-written vs customer-created detection content? Resources: “Essentialism” book “The 5 AM Club” book “Good to Great” book “Why Is Threat Detection Hard” blog “Think Like a Detection Engineer, Pt. 2: Rule Writing” blog “Detection as Code? No, Detection as COOKING!” blog Open Cybersecurity Schema Framework (OCSF)…
C
Cloud Security Podcast by Google
1 EP122 Firewalls in the Cloud: How to Implement Trust Boundaries for Access Control 34:06
34:06 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi34:06
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Michele Chubirka , Senior Cloud Security Advocate, Google Cloud Topics: So, if somebody wakes you up at 3AM (“Anton’s 3AM test”) and asks “Do we need firewalls in the cloud?” what would you say? Firewalls (=virtual appliances in the cloud or routing cloud traffic through physical firewalls) vs firewalling (=controlling network access) in the cloud, do they match the cloud-native realities? How do you implement trust boundaries for access control with cloud-native options? Can you imagine a modern cloud native security architecture that includes a firewall? Can you imagine a modern cloud native security architecture that excludes any firewalling? Firewall, NIDS, NIPS, NGFW …. How do these other concepts map to the cloud? How do you build a "traditional-like" network visibility layer in the cloud (and do we need to)? Resources: Video version of this episode: LinkedIn or YouTube “Security Architect View: Cloud Migration Successes, Failures and Lessons” (ep105) “Love it or Hate it, Network Security is Coming to the Cloud” with Martin Roesch (ep113) Gartner Bimodal IT definition Ross Anderson “Security Engineering” book The New Stack blog Trireme tool CNCF site security landscape Google Cloud Firewall…
C
Cloud Security Podcast by Google
1 EP121 What Happens Here Stays Here: Confidential City (and Space) 31:22
31:22 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi31:22
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuests: Nelly Porter , Group Product Manager, Google Cloud Rene Kolga , Senior Product Manager, Google Cloud Topics: Could you remind our listeners what confidential computing is? What threats does this stop? Are these common at our clients? Are there other use cases for this technology like compliance or sovereignty? We have a new addition to our Confidential Computing family - Confidential Space . Could you tell us how it came about? What new use cases does this bring for clients? Resources: “Confidentially Speaking” (ep1) “Confidentially Speaking 2: Cloudful of Secrets” (ep48) “Introducing Confidential Space to help unlock the value of secure data collaboration” Confidential Space security overview “The Is How They Tell Me The World Ends” by Nicole Perlroth NIST 800-233 “High-Performance Computing (HPC) Security: Architecture, Threat Analysis, and Security Posture”…
C
Cloud Security Podcast by Google
1 EP120 Building Secure Cloud and Building Security Products: Finding the Balance 26:00
26:00 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi26:00
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Jeff Reed, VP of Product, Cloud Security @ Google Cloud Topics: You’ve had a long career in software and security, what brought you to Google Cloud Security for this role? How do you balance the needs of huge global financials that often ask for esoteric controls (say EKM with KAJ ) vs the needs of SMBs that want easy yet effective, invisibility security ? We’ve got an interesting split within our security business: some of our focus is on making Google Cloud more secure, while some of our focus is on selling security products. How are you thinking about the strategy and allocation between these functions for business growth? What aspects of Cloud security have you seen cloud customers struggle with the most? What’s been the most surprising or unexpected security challenge you’ve seen with our users? “Google named a Leader in Forrester Wave™ IaaS Platform Native Security” - can you share a little bit about how this came to be and what was involved in this? Is cloud migration a risk reduction move? Resources: “Google named a Leader in Forrester Wave™ IaaS Platform Native Security” “Sunil Potti on Building Cloud Security at Google” (ep102) Books by Haruki Murakami We are hiring product managers !…
C
Cloud Security Podcast by Google
1 EP119 RSA 2023 - What We Saw, What We Learned, and What We're Excited About 24:59
24:59 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi24:59
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Connie Fan , Senior Product and Business Strategy Lead, Google Cloud Topics: We were at RSA 2023, what did we see that was notable and surprising? Cloud security showed up with three startups with big booths, and one big player with a small demo station. What have we learned here? What visitors might have seen at the Google Cloud booth that we're really excited about? Could you share why we chose these two AI cases - generation of code and summarization of complex content - out of all the possibilities and the sometimes zany things we saw elsewhere on the floor? Could you share a story or two that highlights how we came to this AI launch and what it looked like under the surface? Resources: “RSA 2023 - How to Protect Your Organization from Cyberattacks in Time of Political Turmoil” (ep118) “RSA 2022 Reflections - Securing the Past vs Securing the Future” (ep70) “How We Attack AI? Learn More at Our RSA Panel!” (ep68) “Security Operations, Reliability, and Securing Google with Heather Adkins” (ep20)…
C
Cloud Security Podcast by Google
1 EP118 RSA 2023 - How to Protect Your Organization from Cyberattacks in a Time of Political Turmoil 27:10
27:10 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi27:10
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuests: Shanyn Ronis , Head of the Mandiant Communication Center John Miller , Head of Mandiant Intelligence Analysis Topics: It seems like we’re seeing more cyber activity taking place in the context of geopolitical events. A lot of organizations struggle to figure out if/how to respond to these events and any related cyber activity. What advice do you have for these organizations and their leadership? A lot of threat intel (TI) suffers from “What does this event mean for threats to our organization?” - sort of how to connect CNN to your IDS? What is your best advice on this to a CISO? TI also suffers from “1. Get TI 2. ??? 3. Profit!” - how does your model help organizations avoid this trap? Surely there are different levels of granularity here to TI and its relevance. Is what a CISO needs different from what an IR member needs? Do you differentiate your feed along those axes? What does success look like? How will organizations know when they’re successful? What are good KPIs for these types of threat intelligence? In other words, how would customers know they benefit from it? Is there anything unique that cloud providers can do in this process? Resources: RSA 2023 Session “Intelligently Managing the Geopolitics and Security Interplay” on Wed Apr 26 9:40AM “Sandworm” by Andy Greenberg “Reading Mandiant M-Trends 2023”…
C
Cloud Security Podcast by Google
1 EP117 Can a Small Team Adopt an Engineering-Centric Approach to Cybersecurity? 27:08
27:08 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi27:08
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Maxime Lamothe-Brassard , Founder @ LimaCharlie Topics: What does an engineering-centric approach to cybersecurity mean? What to tell people who want to "consume" rather than "engineer" security? Is “engineering-centric” approach the same as evidence-based or provable? In practical terms, what does it mean to adopt an "engineering-centric approach" to cybersecurity for an organization? How will it differ from what we have today? What will it enable? Can you practice this with a very small team? How about a very small team of “non engineers”? You seem to say that tomorrow's cybersecurity will look a lot like software engineering. Where do we draw the line between these two? Resources: Atomic Red Team Sigma rules/content LimaCharlie blog 8 Megatrends drive cloud adoption—and improve security for all The Cybersecurity Defenders Podcast…
C
Cloud Security Podcast by Google
1 EP116 SBOMs: A Step Towards a More Secure Software Supply Chain 29:50
29:50 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi29:50
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Isaac Hepworth , PM focused on Software Supply Chain Security @ Google Cooked questions: Why is everyone talking about SBOMs all of a sudden? Why does this matter to a typical security leader? Some software vendors don’t want SBOM, and this reminds us of the food safety rules debates in the past, how does this analogy work here? One interesting challenge in the world of SBOMs and unintended consequences is that large well resourced organizations may be better equipped to produce SBOMs than small independent and open source projects. Is that a risk? Is the SBOM requirement setting the government up to be overly reliant on megacorps and are we going to unintentionally ban open source from the government? What is the relationship between SBOM and software liability? Is SBOM a step to this? Won’t software liability kill open source? How does Google prepare for EO internally; how do we use SBOM and other related tools? To come back to the food analogy, SBOMs are all well and good, but the goal is not that consumers know they’re eating lead, but rather that our food becomes healthier. Where are we heading in the next five years to improve software supply chain "health and safety"? Resources: Full video of this episode ( YouTube / LinkedIn ) “Executive Order on Improving the Nation’s Cybersecurity” “M-22-18 Memorandum For The Heads of Executive Departments and Agencies“ SLSA.dev “How to SLSA Part 3 - Putting it all together” Assured Open Source Software NIST Secure Software Development Framework (SSDF) “Linking Up The Pieces: Software Supply Chain Security at Google and Beyond” (ep24) “2022 Accelerate State of DevOps Report and Software Supply Chain Security” (ep100)…
C
Cloud Security Podcast by Google
1 EP115 How to Approach Cloud in a Cloudy Way, not As Somebody Else’s Computer? 35:09
35:09 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi35:09
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Rafal Los , Head of Services Strategy @ Extrahop and Founder of Down the Security Rabbit Hole podcast Topics: You had a very fun blog where you reminded the world that many organizations still approach cloud as a rented data center, do you still see it now? Do you think this will persist for 3, 5, 10 years? Other than microservices, what’re the most important differences between public cloud and a rented data center for a CISO to keep in mind? Analysts say that “cloud is secure, but clients just aren’t using it securely”, what is your reaction to this? Actually, how do you define “use cloud securely”? Have you met any CISOs who are active cloud fans who prefer cloud for security reasons? You also work for an NDR vendor , do you think NDR in the cloud has a future? Resources: Full video of this episode ( YouTube / LinkedIn ) Down the Security Rabbithole Podcast (DtSR) podcast “A Little Truth About the Cloud” “Megatrends drive cloud adoption—and improve security for all” “CISO Walks Into the Cloud: And The Magic Starts to Happen!” (ep104) “Threat Models and Cloud Security” (ep12) “Security Architect View: Cloud Migration Successes, Failures and Lessons” (ep105) “Patrolling Cyberspace” book (2006)…
C
Cloud Security Podcast by Google
1 EP114 Minimal Viable Secure Product (MVSP) - Is That a Thing? 28:11
28:11 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi28:11
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Chris John Riley , Senior Security Engineer and a Technical Debt Corrector @ Google Topics: We’ve heard of MVP, what is MVSP or Minimal Viable Secure Product? What problem is MVSP trying to solve for the industry, community, planet, etc? How does MVSP actually help anybody? Who is the MVSP checklist for? Leaders or engineers? How does MVSP differ from compliance standards like ISO 27001, or even SOC 2? How does Google use MVSP? Has it improved our security in some way? How to balance the dynamic nature of security with minimal security basics? The working group has recently completed a control refresh for 2022, what are some highlights? Resources: Mvsp.dev SLSA Levels MVSP (Minimum Viable Secure Product) Compliance “Phantoms in the Brain” book ”Strengthen Basic Security Hygiene With a Two-Pronged Security Architecture Approach” FIRST Impressions podcast…
C
Cloud Security Podcast by Google
1 EP113 Love it or Hate it, Network Security is Coming to the Cloud 28:01
28:01 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi28:01
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Martin Roesch , CEO at Netography , creator of Snort Topics: What is the role of network security in the public cloud? Networks used to be the perimeter, now we have an API and identity driven perimeter. Are networks still relevant as a layer of defense? We often joke that “you don’t need to get your firewalls with you to the cloud”, is this really true? How do you do network access control if not with firewalls? What about the NIDS? Does NIDS have a place in the cloud? So we agree that some network security things drop off in the cloud, but are there new network security threats and challenges? There’s cloud architecture and then there’s multi cloud and hybrid architectures–how does this story change if we open the aperture to network security for multi cloud and hybrid? Should solutions that provide cloud network security be in the cloud themselves? Is this an obvious question? Resources: Book “Who: The A Method for Hiring” by Geoff Smart, Randy Street Netography resources Snort ““Hacking Google”, Op Aurora and Insider Threat at Google” (ep91) “Zero Trust: Fast Forward from 2010 to 2021” (ep8) “Gathering Data for Zero Trust” (ep4)…
C
Cloud Security Podcast by Google
1 EP112 Threat Horizons - How Google Does Threat Intelligence 28:57
28:57 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi28:57
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Charles DeBeck , Cyber Threat Intel Expert @ Google Cloud Topics: What is unique about Google Cloud approach to threat intelligence? Is it the sensor coverage? Size of the team? Other things? Why is Threat Horizons report unique among the threat reports released by other organizations? Based on your research, what are the realistic threats to cloud environments today? What threats are prevalent and what threats are most damaging? Where do you see things in 2023? What should companies look for? What’s one thing that surprised you when preparing the report? What do you think will surprise audiences? What is the most counter-intuitive hardening and operational advice can we glean from this Threat Horizons report ? What's most important to know when it comes to understanding OT and cloud? Resources: Google Threat Horizons Reports One , Two , Three , Four , Five “Demystifying ‘shared Fate’ - A New Approach To Understand Cybersecurity” Corey Quinn on cloud billing alerts…
C
Cloud Security Podcast by Google
1 EP111 How to Solve the Mystery of Application Security in the Cloud? 23:43
23:43 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi23:43
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Brandon Evans , Infosec Consultant and Certified Instructor and Course Author at SANS Topics: What got you interested in security and motivated you to make this your area of focus? You came from a developer background, right? Occasionally, we hear the sentiment that “developers don’t care about security,” how would you counter it (and would you?)? How do we encourage developers and operations to use the appropriate security controls and settings in the cloud? Is “encourage” the right word? Can we really do “secure by default” but for developers? What do you think are the main application security issues that developers need to deal with in the cloud? You mentioned software supply chain security, do you treat this as a part of application security? How important is this, realistically, for an average organization and its developers? Going to our favorite subject of threat detection, how do you think we can better encourage developers to supply the logs necessary for our detection and response teams to act upon? Resources: “Cloud Security: Making Cloud Environments a Safer Place” ebook by SANS SANS.org/cloud site “The Phoenix Project” book by Gene Kim et al “The Unicorn Project” book by Gene Kim “Next Special - Log4j Reflections, Software Dependencies and Open Source Security” (EP87) “2022 Accelerate State of DevOps Report and Software Supply Chain Security” (EP100) “Linking Up The Pieces: Software Supply Chain Security at Google and Beyond” (EP24)…
C
Cloud Security Podcast by Google
1 EP110 Detection and Response in a High Velocity and High Complexity Environment 27:52
27:52 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi27:52
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: David Seidman , Head of Detection and Response @ Robinhood Toipics: Tell us about joining Robinhood and prioritizing focus areas for detection in your environment? Tim and Anton argue a lot about what kind of detection is best - fully bespoke and homemade, or scalable off-the-shelf. First, does our framework here make sense, and second, looking at your suite of detection capabilities, how have you chosen to prioritize detection development and detection triage? You're operating in AWS: there are a lot of vendors doing detection in AWS, including AWS themselves. How have you thought about choosing your detection approaches and data sources? Finding people with as much cloud expertise as you can't be easy: how are you structuring your organization to succeed despite cloud detection and response talent being hard to find? What matters more: detection skills or cloud skills? What has been effective in ramping up your D&R team in the cloud? What are your favorite data sources for detection in the cloud? Resources: “Detection as Code? No, Detection as COOKING!” “On Threat Detection Uncertainty” “Radical Candor” by Kim Scott “Daring Greatly” by Brene Brown “Extreme Ownership” by Jocko Willink “Drive” by Daniel Pink…
C
Cloud Security Podcast by Google
1 EP109 How Google Does Vulnerability Management: The Not So Secret Secrets! 27:37
27:37 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi27:37
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Ana Oprea , Staff Security Engineer, European Lead of Vulnerability Coordination Center @ Google Topics: What is the scope for the vulnerability management program at Google? Does it cover OS, off-the-shelf applications, custom code we wrote … or all of the above? Our vulnerability prioritization includes a process called “impact assessment.” What does our impact assessment for a vulnerability look like? How do we prioritize what to remediate? How do we decide on the speed of remediation needed? How do we know if we’ve done a good job? When we look backwards, what are our critical metrics (SLIs and SLOs) and how high up the security stack is the reporting on our progress? What of the “Google Approach” should other companies not try to emulate? Surely some things work because of Google being Google, so what are the weird or surprising things that only work for us? Resources: SRS Book , Chapter 20: Understanding Roles and Responsibilities and Chapter 21: Building a Culture of Security and Reliability Why Google Stores Billions of Lines of Code in a Single Repository SRE book and SRE Workbook “How Google Secures It's Google Cloud Usage at Massive Scale” (ep107) “Is This Binary Legit? How Google Uses Binary Authorization and Code Provenance” (ep66) “How We Scale Detection and Response at Google: Automation, Metrics, Toil” (ep75)…
C
Cloud Security Podcast by Google
1 EP108 How to Hunt the Cloud: Lessons and Experiences from Years of Threat Hunting 26:10
26:10 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi26:10
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: John Stoner , Principal Security Strategist @ Google Cloud Topics: Please define threat hunting for us quickly, the term has been corrupted a bit What are your favorite beginner hunts to jump start the effort at a new team? How to incorporate hunting lessons in detection? What are the differences for hunting in the cloud? Are there specific data sources you prefer to have access to when threat hunting? In the cloud? Should every organization threat hunt? What are traits you might look for in a threat hunter? Resources: “The Who, What, Where, When, Why and How of Effective Threat Hunting” Awesome Threat Detection and Hunting “My “Aha!” Moment - Methods, Tips, & Lessons Learned in Threat Hunting” video NIST Computer Security Incident Handling Guide 800-61 “Threat Hunting Is Not for Everyone” (2020) “Formulating An Intelligence-Driven Threat Hunting Methodology” video…
C
Cloud Security Podcast by Google
1 EP 107 How Google Secures It's Google Cloud Usage at Massive Scale 28:51
28:51 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi28:51
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Karan Dwivedi , Security Engineering Manager, Enterprise Infrastructure Protection @ Google Cloud Topics: Google’s use of Google Cloud is a massive cloud environment with wildly diverse use cases. Could you share, for our listeners, a few examples of the different kinds of things we’re running in GCP? Given that we’re doing these wildly different things in GCP, how do we think about scaling the right security guardrails to the right places in our GCP org? How do you work with application engineering teams and project owner teams to make sure the right controls are there but not getting in the way of business? How do we scale this exemption management process? Are there things we do here that don’t make sense at a smaller scale? Are there emergent challenges that only we would face? How do you correctly federate security responsibilities between the central team defining policy and the constituent user teams actually using the platform? Burnout is a perennial challenge for security teams–what’re you doing to keep your people happy and engaged? Resources: “How We Scale Detection and Response at Google: Automation, Metrics, Toil” (ep75) ““Hacking Google”, Op Aurora and Insider Threat at Google” (ep91) Google Cloud security foundations guide…
C
Cloud Security Podcast by Google
1 EP106 Beyond BeyondProd - How Do You Zero Trust Your Workloads? 26:14
26:14 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi26:14
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Anoosh Saboori, former Product Manager at Google Cloud Topics: We had zero trust episodes before and definitions vary! When we say zero trust, what do we mean? What about zero trust for workloads in production? When you say “workload,” what do you mean? What is BeyondProd, for those that are unfamiliar with it? And how is this different from BeyondCorp? How has BeyondProd actually been implemented at Google? What threats does it help with? Is this real threats or compliance? Why is now a good time to be thinking about zero trust for production systems? Companies have many security tools deployed, including microsegmentation and firewalls, how does this toolset fit? Does it replace anything they have deployed? Resources: BeyondProd papers “Zero Trust: Fast Forward from 2010 to 2021” (ep8) “Gathering Data for Zero Trust” (ep4) “Google Workspace Security: from Threats to Zero Trust” (ep99) “Zero Trust: So Easy Even a Government Can Do It?” (ep59) “Is This Binary Legit? How Google Uses Binary Authorization and Code Provenance” (ep66)…
C
Cloud Security Podcast by Google
1 EP105 Security Architect View: Cloud Migration Successes, Failures and Lessons 28:45
28:45 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi28:45
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Michele Chubirka , Senior Cloud Security Advocate, Google Cloud Topics: We are here to talk about cloud migrations and we are here to talk about failures. What are your favorites? What are your favorite cloud security process failures? What are your favorite cloud security technical failures? What are your favorite cloud security container and k8s failures? Is "lift and shift" always wrong from the security point of view? Can it at least work as step 1 for a full cloud transformation? Resources: “Automate and/or Die?” (ep3) “More Cloud Migration Security Lessons” (ep18) “The Magic of Cloud Migration: Learn Security Lessons from the Field” (ep55) “Preparing for Cloud Migrations from a CISO Perspective, Part 1” (ep5) “Cloud Migrations: Security Perspectives from The Field” (ep33) "Dune" by Frank Herbert "The Science of Organizational Change" by Paul Gibbons "Servant Leadership: A Journey into the Nature of Legitimate Power and Greatness" by Robert K. Greenleaf "Finding the Sweet Spot for Change" State of Devops (DORA) Report 2022…
C
Cloud Security Podcast by Google
1 EP104 CISO Walks Into the Cloud: And The Magic Starts to Happen! 25:01
25:01 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi25:01
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Gary Hayslip , CISO at Softbank Topics: "So we're talking about your journey as a CISO migrating to Cloud. Could you give us the 30 second overview of What triggered your organization's migration to the cloud? When did you and the security organization get brought in? How did you plan your security organization's journey to the cloud? Did you take going to cloud as an opportunity to change things beyond the tools you were using? As you got going into the cloud, what was the hardest part for your organization? If that was hardest, what was most surprising? Good surprise and bad surprise? Let’s shift to some tactical gears: How did you design security controls for the cloud? Did your data security practice change? Did your detection / response practice change? How has the CISO role evolved and is evolving due to the cloud? Having covered all that tactical terrain, one final strategic question: is moving to Cloud a net risk reduction? Can it be? Resources: “CISO Desk Reference Guide” book by Gary Hayslip “The Essential Guide to Cybersecurity for SMBs” book by Gary Hayslip “Develop Your Cybersecurity Career Path” book by Gary Hayslip…
C
Cloud Security Podcast by Google
1 EP103 Security Incident Response and Public Cloud - Exploring with Mandiant 24:14
24:14 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi24:14
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Nader Zaveri , Senior Manager of IR and Remediation at Mandiant, now part of Google Cloud Topics: Could we start with a story of a cloud incident response (IR) failure and where things went wrong? What should that team have done to get it right? Are there skills that matter more in cloud incidents than they do for on-prem incidents? Are there on-prem instincts that will lead incident responders astray in cloud? What 3 things an IR team leader needs to do to prepare his team for IR in the cloud? Are there on-premise tools that can stay on prem and not join us in the cloud? What processes should we leave behind? Keep with us? What logs and context should we prepare for cloud IR? What access should we have behind “break glass”? While doing IR, what things should we look at in the cloud logs (which logs, also?) to expedite the investigation? Resources: “How to Cloud IR or Why Attackers Become Cloud Native Faster?” (ep98) “How to prepare for detection & response in the cloud” Google Cloud Next 2022 presentation “Security Incident Response in the Cloud: A Few Ideas” blog GCP Cloud Logging “Security at Scale: Logging in AWS” paper “AWS Security Incident Response Whitepaper” paper…
C
Cloud Security Podcast by Google
1 EP102 Sunil Potti on Building Cloud Security at Google 25:24
25:24 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi25:24
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Sunil Potti , VP / GM, Google Cloud Topics: One of the biggest shifts we’ve noticed is the shift from building security because we think security is good, to building security as a business. How did you make that cultural shift happen in our organization? With organizations migrating to cloud we have a set of tradeoffs between meeting security teams where they are with on-prem expectations of security vs cloud-native approaches. How do you think about investing in next generation products vs holding the hands of CISOs just stepping into the cloud? What matters more to you as a leader, secure cloud (GCP, Workspace) or security products (Chronicle SecOps, BCE, SCC, etc)? Is invisible security the same as “building security in”? Aren’t there security controls where the value is derived from them being visible to users? Mandiant brings services expertise to Google Cloud, typically not our strong area and not our DNA, how do we plan to make the most of Mandiant within Google’s culture? Resources: Simon Sinek “Start With Why” book…
C
Cloud Security Podcast by Google
1 EP101 Cloud Threat Detection Lessons from a CISO 24:42
24:42 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi24:42
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Jim Higgins , CISO at Snap, former CISO at Square Topics: You were at Google for a long time, and at Google you sat between Google security and Cloud. Now that you're leading security for a major company, how are you prioritizing your focus between your on-premise resources and your cloud resources? How are you thinking about threat detection in the Cloud? In detection, how has your technology changed? How has your process changed? What threats do you mostly focus on? Why don’t we talk about the role of automation in detection and response (D&R)? How do you approach automation and eliminating toil ? As you're scaling teams, processes and technology for your cloud footprint, what has been easiest to get right and what's been hardest to get right? How do you approach measuring security? What cloud metrics are you sharing upwards to your board? Resources: BeyondCorp Enterprise “Ghost in the Wires: My Adventures as the World's Most Wanted Hacker” book…
C
Cloud Security Podcast by Google
1 EP100 2022 Accelerate State of DevOps Report and Software Supply Chain Security 33:06
33:06 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi33:06
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuests: John Speed Meyers , Security Data Scientist, Chainguard Todd Kulesza, User Experience Researcher, Google Topics: How did you get involved with this year’s Accelerate State of DevOps Report ( DORA report )? So what is DORA and why did you decide to focus on supply chain security for the 2022 report? What are the big learnings from this year’s report ? What’s the difference between SLSA and SSDF? Is one spicy and the other savory? How’re companies adopting these and how is adoption going? Are there other areas that DevOps can be a contributor in the overall security landscape? How can CISOs rope DevOps fully into their security gang? Operationally, how should security and developers and DevOps come together to keep vulnerabilities out in the first place? How should security and developers and DevOps come together to respond quickly to vulnerabilities when they’re discovered? How do security and developers and DevOps come together to prove to their auditors and customers that they’re doing a good job of the above? Resources: 2022 Accelerate State of DevOps Report "New insights for defending the software supply chain" blog (and new report ) SLSA.dev site Secure Software Development Framework at NIST “Linking Up The Pieces: Software Supply Chain Security at Google and Beyond” (ep24) “Sharing The Mic In Cyber with STMIC Hosts Lauren and Christina: Representation, Psychological Safety, Security” (ep92) Go vulncheck tool “Reflections on Trusting Trust” paper (1984)…
C
Cloud Security Podcast by Google
1 EP99 Google Workspace Security: from Threats to Zero Trust 22:54
22:54 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi22:54
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuests: Nikhil Sinha, Group Product Manager, Workspace Security Kelly Anderson, Product Marketing Manager, Workspace Security Topics: We are talking about Google Workspace security today. What kinds of threats do we have to care about here? Are there compliance-related motivations for security here too? Is compliance in the cloud changing? How’s adoption of hardware keys for MFA going for your users, and how are you helping them? Is phishing finally solved because of that? Can you explain why hardware security FIDO/WebAuthn is such a step function compared to, say, RSA number generator tokens? Have there been assumptions in the Workspace security model we had to change because of WFH? And what changes with RTO and permanent hybrid? Resources: Google BeyondCorp Enterprise “Make zero trust a reality with Google Workspace security solutions” Next 2022 video “2021: Phishing is Solved?” (ep40) “Zero Trust: Fast Forward from 2010 to 2021” (ep8)…
C
Cloud Security Podcast by Google
1 EP98 How to Cloud IR or Why Attackers Become Cloud Native Faster? 26:58
26:58 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi26:58
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuests: Matt Linton , Chaos Specialist @ Google John Stone , Chaos Coordinator @ Office of the CISO, Google Cloud Topics: Let’s talk about security incident response in the cloud. Back in 2014 when I [Anton] first touched on this, the #1 challenge was getting the data to investigate as cloud providers had few logs available. What are the top 2022 cloud incident response challenges? Does cloud change the definition of a security incident? Is “exposed storage bucket” an incident? Is vulnerability an incident in the cloud? What should I have in my incident response plans for the cloud? Should I have a separate cloud IR plan? What is our advice on running incident response jointly with a CSP like us? How would 3rd party firms (like, well, Mandiant) work with a client and a CSP during an investigation? We all read the Threat Horizons reports , but can you remind us of the common causes for cloud incidents we observed recently? What goals do the attackers typically pursue there? Resources: “Building Secure and Reliable Systems” book (especially ch 14-16, and ch17) Google Cybersecurity Action Team Threat Horizons Report #4 Is Out! ( #3 , #2 , #1 ) “Incident Plan vs Incident Planning?” blog (2013)…
C
Cloud Security Podcast by Google
1 Special: Coordinated Release of Detection Rules for CobaltStike Abuse 20:55
20:55 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi20:55
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Greg Sinclair , Security Engineer @ Google Cloud Topics: Could you tell us a bit about your background and how you ended up here at Google? Also, tell us about your team here? We're very excited about the release of the CobaltStrike rules. Could you share more about what they are looking for and second why this is so valuable? How did CobaltStrike come to be so widely used by bad guys? When you were doing this research what was the most surprising thing you uncovered? Could you tell us about the coordinated disclosure aspects of this work? In the past you've contributed research to our Threat Horizons reports , could you tell us about that? Resources: Making CobaltStike harder for threat actors to abuse blog CobaltStrike YARA-L rules CobaltStrike site “Cobalt Strike Usage Explodes Among Cybercrooks” Google Cybersecurity Action Team Threat Horizons Report #4 Is Out! Detection as Code? No, Detection as COOKING!…
C
Cloud Security Podcast by Google
1 EP96 Cloud Security Observability for Detection and Response 32:32
32:32 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi32:32
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Jeff Bollinger , Director of Incident Response and Detection Engineering @ Linkedin Topics: Observability sounds cool (please define it for us BTW), but relating it to security has been “hand-wavy” at best. What is your opinion on the relevance of observability data for security use cases? What use cases are those, apart from saving the data for IR just in case? How can we best approach observability in the cloud, particularly around network communications, so that we improve security as a result? Are there other areas of cloud where observability might be more relevant? Does the massive shift to TLS 1.3 impact this? If the Internet is shifting towards an end-user/device centric model with everything as a service (SaaS), how does security monitoring even work anymore? Does it mean the end of both endpoint and network eras and the arrival of the application security monitoring era? Can we do deep monitoring of complex applications and app clusters for abuse or should we just focus on identity and profiling? Resources: “Instrumenting Modern Application Stack for Detection and Response” (ep34) “Crafting the InfoSec Playbook: Security Monitoring and Incident Response Master Plan” by Jeff Bollinger, Brandon Enright, Matthew Valites (book) RFC 7258 Pervasive Monitoring Is an Attack RFC 8890 Internet is for end users “(Re)building Threat Detection and Incident Response at LinkedIn” “Martian Chronicles“ by Ray Bradberry (because migrating to cloud is like flying to Mars)…
C
Cloud Security Podcast by Google
1 EP95 Cloud Security Talks Panel: Cloud Threats and Incidents 27:42
27:42 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi27:42
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuests: Alijca Cade , Director, Financial Services, Office of the CISO, Google Cloud Ken Westin , Director, Security Strategy, Cybereason Robert Wallace , Senior Director, Mandiant, now Google Cloud Topics: How are cloud environments attacked and compromised today? Is it still about the configuration mistakes? Do cryptominers represent a serious threat now that they are often mentioned as the most common threat in the cloud? Let’s look at another popular threat - ransomware or, broadly, RansomOps. Based on your research, what can we say about its likely future, especially in the cloud? Are we getting better with detection in the cloud and are we doing it fast enough? Is cloud security a misnomer? Attackers are out to get into an organization, and cloud or on-premise matters less here, right? What does it say about the interdependence of security, on and off cloud? Resources: LIVE @ Security Talks: The Cloud Security Podcast at Cloud Security Talks Q3 2022 Google Cybersecurity Action Team Threat Horizons Report #4 Is Out!…
C
Cloud Security Podcast by Google
1 EP94 Meet Cloud Security Acronyms with Anna Belak 27:32
27:32 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi27:32
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Dr Anna Belak , Director of Thought Leadership at Sysdig , former Gartner analyst Questions: Analysts (and vendors) coined a log of “C-something acronyms” for cloud security, and two of the people on this episode were directly involved in some of them. What do you make of all the cloud security acronym proliferation? What is CSPM? What gets better when you deploy it? What is CWPP? Does anything get better when you deploy it? What is CNAPP? What gets better when you deploy it? What is CIEM, Anton’s least fave acronym? Now, what about CDR? Resources: Gartner acronym glossary “Container Security: The Past or The Future?” (ep54, with Anna as well) “Automate and/or Die?” (ep3) “Impersonating Service Accounts in GCP and Beyond: Cloud Security Is About IAM?” (ep60) “Powering Secure SaaS … But Not with CASB? Cloud Detection and Response?” (ep76) “Does the World Need Cloud Detection and Response (CDR)?” “Announcing Virtual Machine Threat Detection now generally available to Cloud customers” Sysdig Threat Report Blog 2022 Sysdig Cloud-Native Threat Report Anatomy of Cloud Attacks…
C
Cloud Security Podcast by Google
1 EP93 CISO Walks Into the Cloud: Frustrations, Successes, Lessons ... And Is My Data Secure? 28:25
28:25 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi28:25
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Alicja Cade , Director for Financial Services, Office of the CISO, Google Cloud Topics: We are talking about your journey as a CISO migrating to the cloud. Could you give us the overview of … What triggered your organization's migration to the cloud? When did you and the security team get brought in? Did you take going to the cloud as an opportunity to change things beyond the tools you were using? As you got going into the cloud, what was the hardest part for your organization? If that was hardest, what was most surprising? Good surprise and bad surprise? How did you design security controls for the cloud? How do you validate and verify security controls in the cloud? How did you keep both security practitioners and the rest of your IT teams from lift-and-shift thinking? Did your data security practice change? Having covered all that tactical terrain, one final strategic question: is moving to the cloud a net risk reduction? Can it be? Resources: “CISO Walks Into the Cloud: Frustrations, Successes, Lessons ... And Does the Risk Change?” (ep80) “Visualizing Google Cloud: 101 Illustrated References for Cloud Engineers and Architects” by Priyanka Vergadia “Cyberpolitics in International Relations” book CSA CCM v4 Cyber Risk Institute “Modernize Data Security with Autonomic Data Security Approach” (ep79) and the paper on autonomic data security . "Preparing for Cloud Migrations from a CISO Perspective, Part 1" (ep5) "Preparing for Cloud Migrations from a CISO Perspective, Part 2" (ep11) “How CISOs need to adapt their mental models for cloud security” blog…
C
Cloud Security Podcast by Google
1 Special: Sharing The Mic In Cyber with STMIC Hosts Lauren and Christina: Representation, Psychological Safety, Security 22:43
22:43 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi22:43
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuests: Lauren Zabierek ( @lzxdc ), Acting Executive Director of the Belfer Center at the Harvard Kennedy School Christina Morillo ( @divinetechygirl ), Principal Security Consultant at Trimark Security Topics: We are so excited to have you on the show today talking about your awesome effort, Share The Mic in Cyber. I love that we are Sharing our Mic with you today. Could you please introduce yourself to our listeners? Let's talk about representation and what that means, and why it's especially relevant in cyber security? Psychological safety is super important for so many reasons, including in cyber. Could you share a definition of what it is, and why it is important? Can we talk about how psychological safety and representation intersect? Let’s bring things back to talk about the #ShareTheMicInCyber / #STMIC project. Could you tell us about one of your favorite things that's come from the project? Any surprises? Lessons? Plans? Futures? How can our listeners help with #ShareTheMicInCyber ? Where to learn more? Resources: #ShareTheMicInCyber site and @ShareInCyber on social Lauren Zabierek ( @lzxdc ), #ShareTheMic in Cyber co-founder Camille Stewart Gloster ( @camilleesq ), #ShareTheMic in Cyber co-founder “Missing Diversity Hurts Your Security” (ep42) NEXT Special - Cloud Security and DEI: Being an Ally! (ep36)…
C
Cloud Security Podcast by Google
1 EP91 “Hacking Google”, Op Aurora and Insider Threat at Google 26:07
26:07 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi26:07
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Mike Sinno , Security Engineering Director, Detection and Response @ Google Topics: You recently were featured in “ Hacking Google” videos , can you share a bit about this effort and what role you played? How long have you been at Google? What were you doing before, if you can remember after all your time here? What brought you to Google? We hear you now focus on insider threats. Insider threat is back in the news, do you find this surprising? A classic insider question is about “malicious vs well-meaning insiders" and which type is a bigger risk. What is your take here? Trust is the most important thing when people think about Google, we protect their correspondence, their photos, their private thoughts they search for. What role does detection and response play in protecting user trust? One fun thing about working at Google is our tech stack. Your team uses one of our favorite tools in the D&R org! Can you tell us about BrainAuth and how it finds useful things? We talked about Google D&R ( ep 17 and ep 75 ) and the role of automation came up many times. And automation is a key topic for a lot of our cloud customers. What do you automate in your domain of D&R? Resources: “Hacking Google” videos ( EP00 with Mike ) The Secure Reliable Systems book The CERT Guide to Insider Threats book Common Sense Guide to Mitigating Insider Threats book Insider Threats (Cornell Studies in Security Affairs) Foreign Espionage in Cyberspace from the NCSC “How We Scale Detection and Response at Google: Automation, Metrics, Toil” (ep75) “Modern Threat Detection at Google” (ep17)…
C
Cloud Security Podcast by Google
1 Next 2022 Google Cybersecurity Action Team: One Year Later! 29:36
29:36 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi29:36
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Phil Venables , Vice President and CISO at Google Cloud Topics: Google Cybersecurity Action Team is your brainchild and it is 1 year old, what comes to mind first when we reflect on this anniversary? The team is primarily about helping clients with security, what did we learn doing this for a year? What challenges have we (Google Cybersecurity Action Team) faced in our first year? We released 4 Threat Horizons reports this year, what is the future for this research here? We often hear that in the cloud we need to move away from products towards solutions, how does that work in security? Your famous 8 megatrends post is several months old - any new thoughts or changes coming to this concept? Recently you had a very interesting blog “Crucial Questions from CISOs and Security Teams” , with a list of questions, can you share some of your thinking here? Resources: Security at Google Cloud Next 2022 Next Special - Log4j Reflections, Software Dependencies and Open Source Security Next Special - Improving Browser Security in the New Era of Work Next Special - Can We Escape Ransomware by Migrating to the Cloud? NEXT Special - Google Cybersecurity Action Team: What's the Story? (Next 2021 special episode) Modernizing SOC ... Introducing Autonomic Security Operations How autonomic data security can help define cloud’s future Google Cloud Threat Horizons Report #1 #2 #3 #4 8 Megatrends drive cloud adoption—and improve security for all “Demystify Data Sovereignty and Sovereign Cloud Secrets at Google Cloud” (ep81) Crucial Questions from CISOs and Security Teams Google Cybersecurity Action Team…
C
Cloud Security Podcast by Google
1 Next 2022 Can We Escape Ransomware by Migrating to the Cloud? 18:54
18:54 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi18:54
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Nelly Kassem , Security and Compliance Specialist @ Google Cloud Topics: Why did ransomware attacks become so popular? What type of organizations are targeted by ransomware? Do these affect mostly the organizations with sub-par security? Ransomware has been raging since 2015 and shows few signs of subsiding. Why are these attacks still successful? Do we see ransomware in the cloud? Does migrating to the cloud protect you from ransomware? Which of Google Cloud tools are useful to fight ransomware? Resources: Security at Google Cloud Next 2022 Next Special - Log4j Reflections, Software Dependencies and Open Source Security Next Special - Improving Browser Security in the New Era of Work “Future of EDR: Is It Reason-able to Suggest XDR?” (ep29) “2021: Phishing is Solved?” (ep40) Mandiant M-Trends 2022 Google Cloud Threat Horizons Report #1 #2 #3 #4…
C
Cloud Security Podcast by Google
1 Next 2022 Improving Browser Security in the New Era of Work 20:58
20:58 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi20:58
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Fletcher Oliver , Chrome Browser Customer Engineer, Google Topics: What is browser security? Isn’t it just application security by another name? Why is browser security more important now than ever? Do we have statistical measures or data that tell us if we’re succeeding at browser security? Do we know if we’re doing a good job at making this better? What are the components of modern browser security? How does this work with an enterprise’s existing stack? In fact, how does this work with the rest of Google’s tooling? Resources: Security at Google Cloud Next 2022 NEXT Special - Log4j Reflections, Software Dependencies and Open Source Security Chrome releases blog Chrome Enterprise…
C
Cloud Security Podcast by Google
1 Next 2022 Log4j Reflections, Software Dependencies and Open Source Security 26:36
26:36 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi26:36
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Dr Nicky Ringland , Product Manager for Open Source Insights , Google Topics: Let's talk Open Source Software - are all these dependencies dependable? Why was log4j such a big thing - at a whole ecosystem level? Was it actually a Java / Maven problem? Are other languages “better” or more secure? Is another log4j inevitable? What can organizations to minimise their own risks? Resources: Google Cloud Next 2022 Open Source Insights at deps.dev Blog at blog.deps.dev with posts on Understanding the Impact of Apache Log4j Vulnerability and what happens After the Advisory Assured Open Source Software service…
C
Cloud Security Podcast by Google
1 EP86 How to Apply Lessons from Virtualization Transition to Make Cloud Transformation Better 23:28
23:28 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi23:28
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Thiébaut Meyer , Director at Office of the CISO, Google Cloud Topics: Virtualization's arrival caused a major IT upheaval 20 years ago. What can we learn from that revolution for our current cloud transformation? We talk about our three legged security stool of people/process/technology. How do we balance the technical issues (new technology stack, etc.) with the new processes (agile, etc) and the skills? What are the cultural and people transformation differences between the virtualization and cloud revolutions? We do recall how PCI DSS was disrupted by virtualization . So, how does regulation play into this change - back then and now with the cloud? How do we change the minds of regulators who still think that cloud is a risk to mitigate, rather than a way to mitigate others risks better? Resources: “8 Megatrends drive cloud adoption—and improve security for all” blog “Demystifying ‘shared Fate’ - A New Approach To Understand Cybersecurity” Transform with Google Cloud Google Cybersecurity Action Team…
C
Cloud Security Podcast by Google
1 EP85 Deploy Security Capabilities at Scale: SRE Explains How 30:50
30:50 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi30:50
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Steve McGhee , Reliability Advocate, Google Cloud Topics: What can security teams learn from the Site Reliability Engineering (SRE) art of rapid and safe deployment? Is this all about the process or do SREs possess some magical technology to do this? What is SRE approach to automation? What are the pillars / components of SRE approach to deployment? SRE is also about scaling. Some security teams have to manage 1000s of detection rules, how can this be done in a manner that does not conflict or cause other problems? Resources: Google SRE book A companion Google SRE workbook “How We Scale Detection and Response at Google: Automation, Metrics, Toil” (ep75) “Achieving Autonomic Security Operations: Why metrics matter (but not how you think)” blog “Achieving Autonomic Security Operations: Reducing toil” blog.…
C
Cloud Security Podcast by Google
1 EP84 How to Secure Artificial Intelligence (AI): Threats, Approaches, Lessons So Far 26:29
26:29 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi26:29
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Alex Polyakov , CEO of Adversa.ai Topics: You did research by analyzing 2000 papers on AI attacks released in the previous decade. What are the main insights? How do you approach discovering the relevant threat models for various AI systems and scenarios? Which threats are real today vs in a few years? What are the common attack vectors? What do you see in the field of supply chain attacks on AI, software supply, data? All these reported cyberphysical attacks on computer vision, how real are they, and what are the possible examples of exploitation? Are they a real danger to people? What are the main differences between protecting AI vs protecting traditional enterprise applications? Who should be responsible for Securing AI? What about for building trustworthy AI? Given that the machinery of AI is often opaque, how to go about discovering vulnerabilities? Is there responsible disclosure for AI vulnerabilities, such as in open-source models and in public APIs? What should companies do first, when embarking on an AI security program? Who should have such a program? Resources: “EP52 Securing AI with DeepMind CISO” (ep52) “EP68 How We Attack AI? Learn More at Our RSA Panel!” (ep68) Adversarial AI attacks work on Humans (!) “Maverick* Research: Your Smart Machine Has Been Conned! Now What?” (2015) “The Road to Secure and Trusted AI” by Adversa AI “Towards Trusted AI Week 37 – What are the security principles of AI and ML?” Adversa AI blog AIAAIC Repository Machine Learning Security Evasion Competition at MLSec…
C
Cloud Security Podcast by Google
1 EP83 What Does reCAPTCHA Actually Do and How Does It Do it? Product Manager Explains 27:17
27:17 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi27:17
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Badr Salmi , Product Manager for reCAPTCHA Topics: What is reCAPTCHA ? Aren’t you guys the super annoying 'click on the busses' thing? What is account defender? Why was this a natural next step for you? What are the actual threats that this handles - and handles well? Specific web attacks? Web fraud? Let’s talk about account fraud, what do these attacks look like and how do bad guys monetize today? What about payment fraud? Could you score a payment session as well as a login session risk, or is that different? How does this work with multi factor authentication? Recommended reading: “Code” book Recapcha page “Protect your users’ accounts with reCAPTCHA Enterprise’s account defender” blog “Double-clicking, but not on fire hydrants, with bot fighters” (ep19)…
C
Cloud Security Podcast by Google
1 EP82 Mega-confused by XDR? You Are Not Alone! This XDR Skeptic Clarifies! 28:00
28:00 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi28:00
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Dimitri McKay , Principal Security Strategist @ Splunk Topics: How do you define that "XDR thing" that you are so skeptical about? So within that definition of XDR, you think it’s not so great, why? If you have to argue pro-XDR, what would you say? Two main XDR camps are “XDR as EDR+” and “XDR as SIEM-”, which camp do you think is more right? Are both wrong? What approach do you think is more useful as a lens to understand the potential upsides/downsides of XDR? What about the cloud? "Cloud XDR" seems a bit illogical, but what do you think is the future of D&R in the cloud? Resources: “Anton and The Great XDR Debate, Part 1” “Anton and The Great XDR Debate, Part 2” “Anton and The Great XDR Debate, Part 3” SURGe content on splunk blog “Today, You Really Want a SaaS SIEM!” Red Canary 2022 Threat Detection report Verizon DBIR 2022 report.…
C
Cloud Security Podcast by Google
1 EP81 Demystify Data Sovereignty and Sovereign Cloud Secrets at Google Cloud 26:04
26:04 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi26:04
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Christopher “CJ” Johnson , retired Fire Chief, and Global Regulated Cloud Product Lead @ Google Cloud Topics: In political science, they define sovereignty as a local monopoly on the legitimate use of force. Why are we talking about “sovereignty” in IT? What is a sovereign cloud? How much of the term is marketing vs engineering? Who cares or should care about sovereign cloud? Is this about technical controls or paper/policy controls? Or both? What is the role for encryption and key management and key access justifications (like say Google Cloud EKM with KAJ ) for sovereign cloud? Is sovereign cloud automatically more secure or at least has better data security? What threat models are considered for sovereign cloud technologies? Resources: Google Cloud External Key Manager (EKM) “Trust Google Cloud more with ubiquitous data encryption” blog “Software-Defined community cloud - a new way to “Government Cloud”” blog…
C
Cloud Security Podcast by Google
1 EP80 CISO Walks Into the Cloud: Frustrations, Successes, Lessons ... And Does the Risk Change? 29:19
29:19 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi29:19
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: David Stone , Staff Consultant at Office of the CISO, Google Cloud Topics: Speaking as a former CISO, what triggered your organization migration to the cloud? When did you and the security organization get brought in? How did you plan your security organization journey to the cloud? Did you take going to Cloud as an opportunity to change things beyond the tools you were using? As you got going into the cloud, what was the hardest part for your organization ? What was most surprising? Good surprise and bad surprise? How did you design security controls for the cloud? How do you validate and verify security controls in the cloud? How did you incorporate your cloud environment into your SOC’s responsibility Having covered all that tactical terrain, one final strategic question: is moving to Cloud a net risk reduction? Can it be? Resources: “How CISOs need to adapt their mental models for cloud security” “Megatrends drive cloud adoption—and improve security for all” “EP47 Megatrends, Macro-changes, Microservices, Oh My! Changes in 2022 and Beyond in Cloud Security“ (ep47) “CISO’s Guide to Cloud Security Transformation“ paper [PDF] Google SRE book GCAT site…
C
Cloud Security Podcast by Google
1 EP79 Modernize Data Security with Autonomic Data Security Approach 27:37
27:37 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi27:37
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: John Stone , Chaos Coordinator @ Office of the CISO, Google Cloud Topics: So what is Autonomic Data Security, described in our just released paper? What are some notorious data security issues today? Perhaps common data security mistakes security leaders commit? What never worked in data security, like say manual data classification? How should organizations think about securing the data they migrated and the data that was created in the cloud? Do you really believe the cloud can make data security better than data security in traditional environments? Resources: “Modern Data Security: A path to autonomic data security” paper (NEW) “How autonomic data security can help define cloud’s future” blog “Megatrends drive cloud adoption—and improve security for all” blog “Modernizing SOC ... Introducing Autonomic Security Operations” blog “Autonomic Security Operations: 10X Transformation of the Security Operations Center" paper “Zero Trust: Fast Forward from 2010 to 2021” (ep8) “Data Security in the Cloud” (ep2) and the resource . “Modern Data Security Approaches: Is Cloud More Secure?” (ep16) “Reflections on Trusting Trust” paper (1984).…
C
Cloud Security Podcast by Google
1 EP78 Classic SOC Meets Cloud: What Changes? What Stays the Same? 28:25
28:25 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi28:25
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Gorka Sadowski , Chief Strategy Officer @ Exabeam Topics: How do we get a legacy SOC team to think about the cloud? How to think about cloud threat detection, in general? What is different … threats, the environment, what else? What is the same? How do we know which TTPs are relevant for the new environments? What to bring with us to the cloud? Do content/rules and detection engines need to be different to cover the cloud detection use cases? What cases are appropriate for machine learning (ML) in the cloud? Does cloud threats drive the need for new ML detections? Resources: “11 Strategies of a World-Class Cybersecurity Operations Center” paper “Autonomic Security Operations: How to 10X Your SOC” paper “Indicators Of Compromise Vs. Tactics, Techniques, And Procedures” blog “How to Build and Operate a Modern Security Operations Center” (Gartner subscription required) “A SOC Tried To Detect Threats in the Cloud … You Won’t Believe What Happened Next” blog…
C
Cloud Security Podcast by Google
1 EP77 Operational Realities of SOAR: Automate and/or Enrich, Playbooks, Magic 25:06
25:06 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi25:06
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Cyrus Robinson , SOC Director and IR Team lead at Ingalls Information Security Topics: You’ve been using SOAR tools for years, so what do you think of the technology so far? What is driving SOAR adoption today? And what is inhibiting SOAR adoption? Realistically, how hard is SOAR to operationalize for a typical company? What are your favorite SOAR playbooks to start with? How to build, train and keep the SOAR team? Do they need to code to succeed? We like the SOAR maturity model approach . How would you imagine a SOAR adoption maturity model? How to implement SOAR from scratch in scaling operations? How to start? How to plan? How to not fail? Resources: “A Simple SOAR Adoption Maturity Model” blog “Planning Is Paramount When Adopting SOAR” blog Siemplify community version…
C
Cloud Security Podcast by Google
1 EP76 Powering Secure SaaS … But Not with CASB? Cloud Detection and Response? 30:16
30:16 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi30:16
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Ben Johnson , CTO/co-founder @ Obsidian Security Topics: Why is there so much attention lately on SaaS security? Doesn’t this area date back to 2015 or so ? What do you see as the primary challenges in securing SaaS? What does a SaaS threat model look like? What are the top threats you see? CASB has been the fastest growing security market and it has grown into a broad platform and many assume that “securing SaaS = using CASB”, what are they missing? Where would another technology to secure SaaS fit architecturally, inline with CASB or as another API-based system? Securing IaaS spanned a robust ecosystem of vendors (CWPP, CSPM, now CNAPP) and many of these have ambitions for securing SaaS, thus clashing with CASB. Where do you fit in this battle? For a while, you were talking more about CDR - what is it and do we really need a separate CDR technology? Resources: Obsidian Security blog and Resource Center Does the World Need Cloud Detection and Response (CDR)? blog Does the world need Cloud Detection and Response (CDR) as a new market segment? poll MITRE ATT&CK for SaaS matrix CISA SCUBA resource “Essentialism” book.…
C
Cloud Security Podcast by Google
1 EP75 How We Scale Detection and Response at Google: Automation, Metrics, Toil 26:51
26:51 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi26:51
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Tim Nguyen , Director of Detection and Response @ Google Topics: I know we don’t like to say “SOC” here, so why don’t we talk about the role of automation in detection and response (D&R) at Google? One SRE concept we found useful in security operations is “toil” - How do we squeeze toil out of D&R practice at Google? A combined analyst and engineer role (just like an SRE) was critical for both increasing automation and reducing toil, how hard was it to put this into practice? Tell us about that journey? How do we automate security signal analysis, can you give us a few examples? D&R metrics have been a big pain point for many organizations, how does SRE thinking of SLOs and SLIs (and less about SLAs) helps us in our “not SOC”? How do we avoid falling into the “time to respond” trap that rewards fast response, sometimes at the cost of good? Resource: SRE book, Chapter 5 - Eliminating Toil SRE book, Chapter 4 - Service Level Objectives “Building Secure and Reliable Systems” book “Achieving Autonomic Security Operations: Automation as a Force Multiplier” “Achieving Autonomic Security Operations: Reducing toil” “Taking an autonomic approach to security operations” video “Modern Threat Detection at Google” (ep17)…
C
Cloud Security Podcast by Google
1 EP74 Who Will Solve Cloud Security: A View from Google Investment Side 26:31
26:31 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi26:31
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: James Luo , Partner @ CapitalG Topics: You've looked at hundreds of security startups at the growth stage - what is getting funded? What is not getting funded? What is the difference? What's your view on the current market environment for security companies? Is security "recession-proof", whatever that means? How do you think about what problems are worth solving with a new venture vs existing vendors (and/or CSPs) expanding to cover the new area? Why do many cloud security vendors get funded and get high valuations while there is a wide perception that CSP (like us at Google) are doing security really well? How do we solve the challenge that many organizations are barely moving off “antivirus and firewalls” security of the 1990s? What is your best advice to cloud security startups trying to get wider adoption? Resources: “Demystifying ‘shared Fate’ - A New Approach To Understand Cybersecurity” CapitalG blog…
C
Cloud Security Podcast by Google
1 EP73 Your SOC Is Dead? Evolve to Output-driven Detect and Respond! 27:56
27:56 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi27:56
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Erik Bloch , Senior Director of Detection and Response at Sprinklr Topics: You recently coined a concept of “output-driven Detection and Response” and even perhaps broader “output-driven security.” What is it and how does it work? Detection and response is alive (obviously), but sometimes you say SOC is dead, what do you mean by that? You refer to a federated approach for Detection and Response” (“route the outcomes to the teams that need them or can address them”), but is it workable for any organization? What about the separation of duty concerns that some raise in response to this? What about the organizations that don’t have any security talent in those teams? Is the approach you advocate "cloud native"? Does it only work in the cloud? Can a traditional, on-premise focused organization use it? The model of “security team as a decision-maker, not an implementer” has a bit of a painful history , as this is what led to “GRC-only teams” who lack any technical knowledge. Why will this approach work this time? Resources: “RIP SOC. Hello D-IR” “Kill your SOC with a D-IR model” “Security De-Engineering: Solving the Problems in Information Risk Management” book “A SOCless Detection Team at Netflix” “Achieving Autonomic Security Operations: Automation as a Force Multiplier” “Start with Why: How Great Leaders Inspire Everyone to Take Action“ book “Think Like a Monk: The Secret of how to Harness the Power of Positivity and be Happy Now” book “On “Output-driven” SIEM” “SOC is Not Dead: How to Grow and Develop Your SOC for Cloud and Beyond” (ep58)…
C
Cloud Security Podcast by Google
1 EP72 What Does Good Detection and Response Look Like in the Cloud? Insights from Expel MDR 32:04
32:04 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi32:04
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuests: Dave “Merk” Merkel , CEO @ Expel Peter Silberman , CTO @ Expel Topics: Many MDRs claim to be “security from the cloud”, but they actually don’t know much about cloud security. What does good looks like for MDR in the cloud (cloud being a full range from IaaS to SaaS)? What are the key challenges for clients picking an MDR for their cloud environments? What are the questions to ask your potential MDR? Do clients want the same security outcomes done in the cloud vs on-premise? Does it mean that MSSP/MDR capabilities must be different for good coverage of the cloud? Is MDR technology different for Cloud detection and response as opposed to on-prem D&R? How do you communicate with clients about the importance and value of cloud specific detection vs detection for endpoints running in the cloud? What are the top threats against client cloud environments that you see, detect and protect from? Which clouds (IaaS?) are easiest for MDR to protect? What makes them easier to handle than the other Clouds? Resources: Who Does What In Cloud Threat Detection? How to Think about Threat Detection in the Cloud Cattle vs Pets reminder Expel Blog - Incident report: Spotting an attacker in GCP Expel Great eXpeltations 2022: Cybersecurity trends and predictions Expel Quarterly Threat Report: Q1 2022…
C
Cloud Security Podcast by Google
1 EP71 Attacking Google to Defend Google: How Google Does Red Team 22:46
22:46 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi22:46
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Stefan Friedli , Senior Security Engineer @ Google Topics: What is our “red team” testing philosophy and approach at Google? How did we evolve to this approach? What is the path from testing to making Google and our users more secure? How does our testing power the improvements we make? What is unique about red teaming at Google? Care to share some fun testing stories or examples from your experience? Resources: “Building Secure & Reliable Systems” book (free) Threat Analysis Group (TAG) blog…
C
Cloud Security Podcast by Google
1 EP70 Special - RSA 2022 Reflections - Securing the Past vs Securing the Future 22:49
22:49 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi22:49
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuests: none Topics: What have we seen at the RSA 2022 Conference ? What was the most interesting and unexpected? What was missing? Resources: “RSA 2022 Musings: The Past and The Future of Security” Google Cloud Security at RSA 2022
C
Cloud Security Podcast by Google
1 EP69 Cloud Threats and How to Observe Them 29:40
29:40 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi29:40
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: James Condon , Director of Security Research @ Lacework Topics: What are realistic and actually observed cloud threats today? How did you observe them at Lacework? Cloud threats: are they on-premise style threats to cloud assets? We hate the line “cloud is just somebody else’s computer” but apparently threats actors seem to think so? What is the 2nd most dangerous cloud issue after configuration mistakes? Why is it so common for organizations to have insecure configurations in their cloud environments? Give me a few examples of the most common mistakes organizations make, and what they can do to avoid those configurations. Cloud malware and ransomware / RansomOps, are these real risks today? Are we finally seeing the rise of Linux malware at scale (in the cloud)? As multi cloud expands in popularity, what are threat actors doing in this area? Are actors customizing their attacks on a per-cloud basis (AWS, GCP, Azure)? Resources: Lacework 2022 Cloud Threat Report “Securing DevOps: Security in the Cloud” book “Threat Models and Cloud Security” (ep12) Google Threat Horizons Report #1 Google Threat Horizons Report #2…
C
Cloud Security Podcast by Google
1 EP68 How We Attack AI? Learn More at Our RSA Panel! 28:12
28:12 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi28:12
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Nicholas Carlini , Research Scientist @ Google Topics: What is your threat model for a large-scale AI system? How do you approach this problem? How do you rank the attacks? How do you judge if an attack is something to mitigate? How do you separate realistic from theoretical? Are there AI threats that were theoretical in 2020, but may become a daily occurrence in 2025? What are the threat-derived lessons for securing AI? Do we practice the same or different approaches for secure AI and reliable AI? How does relative lack of transparency in AI helps (or hurts?) attackers and defenders? Resources: “Red Teaming AI Systems: The Path, the Prospect and the Perils” at RSA 2022 “Killed by AI Much? A Rise of Non-deterministic Security!” Books on Adversarial ML…
C
Cloud Security Podcast by Google
1 EP67 Cyber Defense Matrix and Does Cloud Security Have to DIE to Win? 25:57
25:57 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi25:57
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Sounil Yu , CISO and Head of Research at JupiterOne Topics: How does your Cyber Defense Matrix apply to cloud security? Are things easier or harder? Cloud (at least the cloudy-cloud, also called cloud native) definitely supports “Distributed Immutable Ephemeral” (DIE) - your new creation, how does that change security and CDM? Cyber resilience generates a lot of confusion, how do you define and describe it? BTW, is the cloud more or less cyber resilient based on your definition? Is invisible security a good thing? Can we ever have it? When should security be visible? Intuitively, security and safety are not the same. So, what is the difference between cyber safety and cyber security? What is cyber safety, really? Resources: Cyber Defense Matrix Security DIE Triad Container Security: The Past or The Future? (ep54) This Binary Legit? How Google Uses Binary Authorization and Code Provenance (ep66) What is the useful definition of “cyber resilience”? poll Is the cloud just somebody else’s computer? Poll Cattle vs Pets - DevOps Explained Gartner CIA-PSR model The 2022 State of Cyber Assets Report Cyber Defense Matrix: The Essential Guide to Navigating the Cybersecurity Landscape “Antifragile” book “Thinking, Fast and Slow” book “Security Chaos Engineering” book…
C
Cloud Security Podcast by Google
1 EP66 Is This Binary Legit? How Google Uses Binary Authorization and Code Provenance 24:57
24:57 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi24:57
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Sandra Guo , Product Manager in Security, Google Cloud Topics: We have a really interesting problem here: if we make great investments in our use of trusted repositories, and great investments in doing code review on every change, and securing our build systems, and having reproducible builds, how do we know that all of what we did upstream is actually what gets deployed to production? What are the realistic threats that Binary Authorization handles? Are there specific organizations that are more at risk from those? What’s the Google inspiration for this work, both development and adoption? How do we make this work in practice at a real organization that is not Google? Where do you see organizations “getting it wrong” and where do you see organizations “getting it right”? We’ve had a lot of conversations about rolling out zero-trust for enterprise applications, how do those lessons (start small, be visible, plan plan plan) translate into deploying Binauthz into blocking mode? Resources: “Binary Authorization for Borg: how Google verifies code provenance and implements code identity“ paper Binary Authorization for deploying trusted images DevOps & SRE at Google…
C
Cloud Security Podcast by Google
1 EP65 Is Your Healthcare Security Healthy? Mandiant Incident Response Insights 28:02
28:02 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi28:02
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuests: Charles Carmakal , CTO at Mandiant Taylor Lehmann , Director at Office of the CISO, Google Cloud Topics: What are the current “popular” incidents at healthcare providers that you handled? Any of them involve cloud? Do healthcare CISOs have time for anything other than ransomware? Does insider threat matter? What can incident response teach us here? How do you think the threat actors benefit from the health data they steal? Based on your IR experience, what are the more interesting ways in, other than phishing? Give us your IR-informed take on ransomware pay/not pay focused on healthcare, ideally? Resources: “The key role ‘visibility’ plays in healthcare’s cybersecurity resilience” “How healthcare can strengthen its own cybersecurity resilience” “M-Trends 2022: Cyber Security Metrics, Insights and Guidance From the Frontlines” “Future of EDR: Is It Reason-able to Suggest XDR?” (ep29) “MFA fatigue attacks: Users tricked into allowing device access due to overload of push notifications” “VS21: A Playbook for Resiliency: Contain and Remediate Ransomware Before It Can Act” “FDA Announces Fix for Pacemaker Security Flaws”…
C
Cloud Security Podcast by Google
1 EP64 Security Operations Center: The People Side and How to Do it Right 29:25
29:25 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi29:25
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Dave Herrald @ Principal Security Strategist, Google Cloud Topics: What are some tenets of good SOC training? How does this depend on the SOC model (traditional L1/L2/L3, virtual, etc)? How do you make SOC training realistic? Should training be about the toolset or should it be about the analyst’s skills? Should you primarily train for engineering skills or analysis skills? Do you need to code to succeed in a modern SOC? Are competitive events like CTFs effective for SOC training? What role does SOC training play in bringing new, perhaps under-represented people into security operations and promoting inclusivity? Resources: Chris Sanders SOC classes SANS Holiday Hack Challenges SEC450: Blue Team Fundamentals: Security Operations and Analysis SANS NetWars “Autonomic Security Operations: 10X Transformation of the Security Operations Center” paper Boss of the SOC (BOTS) Dataset…
C
Cloud Security Podcast by Google
1 EP63 State of Autonomic Security Operations: Are There Sharks in Your SOC? 34:59
34:59 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi34:59
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuests: Robert Herjavec , Founder and CEO of Herjavec Group Eric Foster , President of CYDERES Iman Ghanizada , Global Head of Autonomic Security Operations at Google Cloud. Topics: It’s been a few months since we launched Autonomic Security Operations (ASO) and it seems like the whitepaper has been going viral in the industry. Tell us what ASO is about? How was the ASO story received by your customers? Any particular reactions? Will the ASO narrative inspire the next generation of practitioners? Where do you envision the market headed? ASO is about transforming the SOC, and that often involves culture change. How do you change the culture and deeper approaches common in security operations? What else can we do to evolve SOC faster than the threats and assets grow? Resources: This episode is based on a panel from This Google Cloud Security Talks Q1 2022 Panel “All Organizations Should Pursue Autonomic Security Operations… A Fireside Chat with SOC Elites.” “All Organizations Should Pursue Autonomic Security Operations… A Fireside Chat with SOC Elites” on YouTube “Autonomic Security Operations: 10X Transformation of the Security Operations Center“ paper “Modernizing the U.S. Federal Government’s Approach to Cyber Threat Management with Autonomic Security Operations“ paper…
C
Cloud Security Podcast by Google
1 EP62 Protect Modern Applications in the Cloud: Union of APIs and Application Security 27:10
27:10 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi27:10
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Etienne De Burgh , Senior Security and Compliance Specialist, Office of the CISO @ Google Cloud Topics: Why is API security hot now? What happened that made it a priority for many? Is API security different from application security? Doesn't the first "A" in API stand for application? What are the real threats to exposed APIs? APIs are designed for automated use, so how do you tell automated use from automated abuse / attack? What are the biggest challenges that companies are having with API security? What are the components of API security? Is there a “secure by default API”? API threat detection? Just like cloud in general, API misconfigurations seem to be leading to security problems, are APIs hard to configure securely for most organizations? Resources: Google Cloud Security Summit - come see us on May 17, 2022 “Securing web applications and APIs anywhere” (at our Security Summit ) OWASP Top 10 for API Security “Best practices for securing your applications and APIs using Apigee”…
C
Cloud Security Podcast by Google
1 EP61 Anniversary Episode - What Did We Learn So Far on Cloud Security Podcast? 26:35
26:35 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi26:35
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiNo guests - just Anton and Tim Topics: Why cloud security? What do we really think about our podcast name and topic, cloud security? Can you once again explain security for the cloud, in the cloud, from the cloud? What is one thing that we learned from doing a podcast? Favorite cloud security trend that we encountered on the podcast? What did we learn about security from organization's migrating to the cloud? What are our favorite reading materials related to cloud security? What are our favorite tips from the guests on securing the cloud? Resources: “The Age of AI And Our Human Future” book “Practical Guide to Cloud Migration – Google - Site Reliability Engineering” (book, free) and other SRE books “Cloud Security podcast by Google turns 46 - Reflections and lessons!” “Cloud Security Podcast by Google — Popular Episodes by Topic” Our video trailer…
C
Cloud Security Podcast by Google
1 EP60 Impersonating Service Accounts in GCP and Beyond: Cloud Security Is About IAM? 30:31
30:31 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi30:31
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Dylan Ayrey , cofounder of Truffle Security Topics: Could you explain briefly why identity is so important in the cloud? A skeptic on cloud security once told us that “in the cloud, we are one identity mistake from a breach.” Is this true? For listeners who aren’t familiar with GCP, could you give us the 30 second story on “what is a service account.” How is it different from a regular IAM account? What are service account impersonations? How can I see if my service accounts can be impersonated? How do I detect it? How can I better secure my organization from impersonation attacks? Resources: Truffle Security blog “GCP Lateral Movement And Privileged Escalation Spill Over And Updates From Google” by Dylan Ayrey “Tutorial on privilege escalation and post exploitation tactics in Google Cloud Platform environments” blog “Kat Traxler - Taste the IAM” blogs…
C
Cloud Security Podcast by Google
1 EP59 Zero Trust: So Easy Even a Government Can Do It? 27:38
27:38 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi27:38
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Sharon Goldberg , CEO and cofounder of BastionZero and a professor at Boston University Topics: What is your favorite definition of zero trust? You had posted a blog analyzing the whitehouse ZT a memo on the federal government’s transition to “zero trust”, what caught your eye about the Zero Trust memo and why did you decide to write about it? What’s behind the federal government’s recommendations to deprecate VPNs and recommend users “authenticate to applications, not networks”? What do these recommendations mean for cloud security, today and in the future? What do you think would be the hardest things to implement in real US Federal IT environments? Are there other recommendations in the memo to think about as organizations design zero trust strategies for their infrastructure? What are some of the challenges of implementing zero trust in general? Resources: "Zero Trust: Fast Forward from 2010 to 2021" (ep8) “Moving the U.S. Government Toward Zero Trust Cybersecurity Principles” “I read the federal government’s Zero-Trust Memo so you don’t have to” “F12 isn’t hacking: Missouri governor threatens to prosecute local journalist for finding exposed state data”…
New Audio Trailer: Cloud Security Podcast by Google
C
Cloud Security Podcast by Google
1 EP58 SOC is Not Dead: How to Grow and Develop Your SOC for Cloud and Beyond 28:04
28:04 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi28:04
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuests: Alexi Wiemer, Senior Manager at Deloitte Cyber Detection and Response Practice Dan Lauritzen, Senior Manager at Deloitte Cloud Security Practice. Topics: What is your key learning about the state of SOC today? What one SOC trend are you hearing the most or most interested in? What is your best advice to SOCs that are permanently and woefully understaffed? Many SOC analysts are drowning in manual work, and it is easy to give advice that “they need to automate.” What does this actually entail, in real life? What is, in your view, the most critical technology for a modern SOC? Is it SIEM? Is it SOAR? Is it EDR? What is the best advice for a SOC that was handed cloud on a platter and was told to monitor it for threats? Occasionally, we hear that “SOC is dead.” What is your response to such dire SOCless predictions? Resources: “New Paper: “Future Of The SOC: Process Consistency and Creativity: a Delicate Balance” (Paper 3 of 4)” “New Paper: “Future of the SOC: Forces shaping modern security operations”” “New Paper: “Future of the SOC: SOC People — Skills, Not Tiers”” “New Paper: “Autonomic Security Operations — 10X Transformation of the Security Operations Center”” “A SOC Tried To Detect Threats in the Cloud … You Won’t Believe What Happened Next” “Why Your Security Data Lake Project Will FAIL!”…
C
Cloud Security Podcast by Google
1 EP57 Stop Zero Days, Save the World: Project Zero's Maddie Stone Speaks 25:24
25:24 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi25:24
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Maddie Stone , Security Researcher @ Google Topics: How do we judge the real risk of being attacked using an exploit for a zero day vulnerability? Does the zero day risk vary by company, industry, etc? What does pricing for zero days tell us, if anything? Are prices more driven by supply or demand these days? What security controls or defenses are useful against zero days including against chained zero days? Where are the cloud zero days? We get lots of attention on iOS and Android, what about the cloud platforms? So, how do we solve the paradox of zero days, are they more scary than risky or more risky than scary? Or both? Resources: Project Zero blog A walk through Project Zero metrics Threat Analysis Group (TAG) blog…
C
Cloud Security Podcast by Google
1 EP56 Rebuilding vs Forklifting and How to Secure a Data Warehouse in the Cloud 25:42
25:42 Daha Sonra Çal Daha Sonra Çal Listeler Beğen Beğenildi25:42
Daha Sonra Çal Daha Sonra Çal Listeler Beğen BeğenildiGuest: Erlander Lo , Security and Compliance Specialist @ Google Cloud Topics: Imagine you are planning a data warehouse in the cloud, how do you think about security? What are the expected threats to a large data store in the cloud? How to create your security approach for a data warehouse project? Are there regulations that force your decisions about security controls or approaches, no matter what the threats are? How do you approach data governance for this project? What controls are there to implement in Google Cloud for a secure data warehouse effort? Resources: Secure Data Warehouse blueprint (other blueprints ) Creativity Inc book “Data Governance: The Definitive Guide” book…
Player FM'e Hoş Geldiniz!
Player FM şu anda sizin için internetteki yüksek kalitedeki podcast'leri arıyor. En iyi podcast uygulaması ve Android, iPhone ve internet üzerinde çalışıyor. Aboneliklerinizi cihazlar arasında eş zamanlamak için üye olun.
Daily Deals
Cloud Security Podcast by Google benzeri
BBC Radio 5 live’s award winning gaming podcast, discussing the world of video games and games culture.
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
How does artificial intelligence change when people — not profit — truly come first? Join IRL’s host Bridget Todd, as she meets people around the world building responsible alternatives to the tech that’s changing how we work, communicate, and even listen to music.
…
continue reading
What is the internet doing to us? The Times tech columnist Kevin Roose discovers what happens when our lives move online. Unlock full access to New York Times podcasts and explore everything from politics to pop culture. Subscribe today at nytimes.com/podcasts or on Apple Podcasts and Spotify.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
S
Security Weekly Podcast Network (Audio)
1
Security Weekly Podcast Network (Audio)
Security Weekly Productions
2k3k
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
The power of Data is undeniable. And unharnessed - it’s nothing but chaos. Making data your ally. Using it to lead with confidence and clarity. Host Jess Carter is solving problems in real-time to reveal what’s possible. Helping communities and people thrive. This is Data Driven Leadership, a show brought to you by Resultant.
…
continue reading
R
Redefining AI - Artificial Intelligence with Squirro
1
Redefining AI - Artificial Intelligence with Squirro
Squirro
12k115
Redefining AI is the 2024 New York Digital Award winning tech podcast! Discover a whole new take on Artificial Intelligence in joining host Lauren Hawker Zafer, a top voice in Artificial Intelligence on LinkedIn, for insightful chats that unravel the fascinating world of tech innovation, use case exploration and AI knowledge. Dive into candid discussions with accomplished industry experts and established academics. With each episode, you'll expand your grasp of cutting-edge technologies and ...
…
continue reading
Player FM - Podcast Uygulaması
Player FM uygulamasıyla çevrimdışı Player FM !
Player FM uygulamasıyla çevrimdışı Player FM !
))
