EP75 How We Scale Detection and Response at Google: Automation, Metrics, Toil
Jul 18, 2022•27 min•Season 1Ep. 75
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more
Episode description
Guest:
- Tim Nguyen, Director of Detection and Response @ Google
Topics:
- I know we don't like to say "SOC" here, so why don't we talk about the role of automation in detection and response (D&R) at Google?
- One SRE concept we found useful in security operations is "toil" - How do we squeeze toil out of D&R practice at Google?
- A combined analyst and engineer role (just like an SRE) was critical for both increasing automation and reducing toil, how hard was it to put this into practice? Tell us about that journey?
- How do we automate security signal analysis, can you give us a few examples?
- D&R metrics have been a big pain point for many organizations, how does SRE thinking of SLOs and SLIs (and less about SLAs) helps us in our "not SOC"?
- How do we avoid falling into the "time to respond" trap that rewards fast response, sometimes at the cost of good?
Resource:
- SRE book, Chapter 5 - Eliminating Toil
- SRE book, Chapter 4 - Service Level Objectives
- "Building Secure and Reliable Systems" book
- "Achieving Autonomic Security Operations: Automation as a Force Multiplier"
- "Achieving Autonomic Security Operations: Reducing toil"
- "Taking an autonomic approach to security operations" video
- "Modern Threat Detection at Google" (ep17)
For the best experience, listen in Metacast app for iOS or Android