EP222 From Post-IR Lessons to Proactive Security: Deconstructing Mandiant M-Trends - podcast episode cover

EP222 From Post-IR Lessons to Proactive Security: Deconstructing Mandiant M-Trends

Apr 28, 202535 minSeason 1Ep. 222
--:--
--:--
Listen in podcast apps:
Metacast
Spotify
Youtube
RSS

Episode description

Guests:

Topics:

  • What is the hardest thing about turning distinct incident reports into a fun to read and useful report like M-Trends?
  • How much are the lessons and recommendations skewed by the fact that they are all “post-IR” stories?
  • Are “IR-derived” security lessons the best way to improve security? Isn’t this a bit like learning how to build safely from fires vs learning safety engineering?
  • The report implies that F500 companies suffer from certain security issues despite their resources, does this automatically mean that smaller companies suffer from the same but more?
  • "Dwell time" metrics sound obvious, but is there magic behind how this is done? Sometimes “dwell tie going down” is not automatically the defender’s win, right?
  • What is the expected minimum dwell time? If “it depends”, then what does it  depend on?
  • Impactful outliers vs general trends (“by the numbers”), what teaches us more about security?
  • Why do we seem to repeat the mistakes so much in security?
  • Do we think it is useful to give the same advice repeatedly if the data implies that it is correct advice but people clearly do not do it?

Resources:

 

For the best experience, listen in Metacast app for iOS or Android
Open in Metacast
EP222 From Post-IR Lessons to Proactive Security: Deconstructing Mandiant M-Trends | Cloud Security Podcast by Google - Listen or read transcript on Metacast