EP157 Decoding CDR & CIRA: What Happens When SecOps Meets Cloud

Cloud Security Podcast by Google

English - January 29, 2024 15:11 - 25 minutes - 35 MB - ★★★★★ - 33 ratings
Technology cloudsecurity cloud cybersecurity security Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed

Previous Episode: EP156 Living Off the Land and Attacking Critical Infrastructure: Mandiant Incident Deep Dive

Next Episode: EP158 Ghostbusters for the Cloud: Who You Gonna Call for Cloud Forensics

Guest:

Arie Zilberstein, CEO and Co-Founder at Gem Security

Topics:

How does Cloud Detection and Response (CDR) differ from traditional, on-premises detection and response?

What are the key challenges of cloud detection and response?

Often we lift and shift our teams to Cloud, and not always for bad reasons, so what’s your advice on how to teach the old dogs new tricks: “on-premise-trained” D&R teams and cloud D&R?

What is this new CIRA thing that Gartner just cooked up? Should CIRA exist as a separate market or technology or is this just a slice of CDR or even SIEM perhaps?

What do you tell people who say that “SIEM is their CDR”?

What are the key roles and responsibilities of the CDR team? How is the cloud D&R process related to DevOps and cloud-style IT processes?

Resources:

Video version of this episode

Cloud breaches databases

EP98 How to Cloud IR or Why Attackers Become Cloud Native Faster?

EP103 Security Incident Response and Public Cloud - Exploring with Mandiant

EP76 Powering Secure SaaS … But Not with CASB? Cloud Detection and Response?

9 Megatrends drive cloud adoption—and improve security for all

“Emerging Tech: Security — Cloud Investigation and Response Automation (CIRA) Offers Transformation Opportunities” (Gartner access required)

“Does the World Need Cloud Detection and Response (CDR)?” blog