EP98 How to Cloud IR or Why Attackers Become Cloud Native Faster? - podcast episode cover

EP98 How to Cloud IR or Why Attackers Become Cloud Native Faster?

Cloud Security Podcast by Google
Nov 21, 202227 minSeason 1Ep. 98
--:--
--:--
Listen in podcast apps:
Metacast
Apple Podcasts
Spotify
Download
YouTube
Overcast
Pocket Casts
Episodes.fm
Download Metacast podcast app
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

Guests:

  • Matt Linton, Chaos Specialist @ Google
  • John Stone, Chaos Coordinator @ Office of the CISO, Google Cloud

Topics:

  • Let’s talk about security incident response in the cloud.  Back in 2014 when I [Anton] first touched on this, the #1 challenge was getting the data to investigate as cloud providers had few logs available. What are the top 2022 cloud incident response challenges?
  • Does cloud change the definition of a security incident? Is “exposed storage bucket” an incident? Is vulnerability an incident in the cloud?
  • What should I have in my incident response plans for the cloud? Should I have a separate cloud IR plan?
  • What is our advice on running incident response jointly with a CSP like us?
  • How would 3rd party firms (like, well, Mandiant) work with a client and a CSP during an investigation?
  • We all read the Threat Horizons reports, but can you remind us of the common causes for cloud incidents we observed recently? What goals do the attackers typically pursue there?

Resources:

For the best experience, listen in Metacast app for iOS or Android
Open in Metacast
EP98 How to Cloud IR or Why Attackers Become Cloud Native Faster? | Cloud Security Podcast by Google - Listen or read transcript on Metacast