Join your hosts, Anton Chuvakin and Timothy Peacock, as they talk with industry experts about some of the most interesting areas of cloud security. If you like having threat models questioned and a few bad puns, please tune in!
Could you give us the 30 second overview of our favorite “billion user security product” - SafeBrowsing - and, since you were there, how did it get started?
SafeBrowsing is a consumer and business product – are you mitigating the same threats and threat models on each side?
Making this work at scale can’t be easy, anytime we’re talking about billion device protection, there are massive scale questions. How did we make it work at such a scale?
Talk to us about the engineering and scaling magic behind the low false positive rate for blocking?
So, if somebody wakes you up at 3AM (“Anton’s 3AM test”) and asks “Do we need firewalls in the cloud?” what would you say?
Firewalls (=virtual appliances in the cloud or routing cloud traffic through physical firewalls) vs firewalling (=controlling network access) in the cloud, do they match the cloud-native realities?
How do you implement trust boundaries for access control with cloud-native options?
Can you imagine a modern cloud native security architecture that includes a firewall?
Can you imagine a modern cloud native security architecture that excludes any firewalling?
Firewall, NIDS, NIPS, NGFW …. How do these other concepts map to the cloud? How do you build a "traditional-like" network visibility layer in the cloud (and do we need to)?
We’ve got an interesting split within our security business: some of our focus is on making Google Cloud more secure, while some of our focus is on selling security products. How are you thinking about the strategy and allocation between these functions for business growth?
What aspects of Cloud security have you seen cloud customers struggle with the most?
What’s been the most surprising or unexpected security challenge you’ve seen with our users?
EP119 RSA 2023 - What We Saw, What We Learned, and What We're Excited About
Guest:
Connie Fan, Senior Product and Business Strategy Lead, Google Cloud
25:25
Topics covered:
We were at RSA 2023, what did we see that was notable and surprising?
Cloud Security showed up with three startups with big booths, and one big player with a small demo station. What have we learned here?
What visitors might have seen at the Google Cloud booth that we're really excited about?
Could you share why we chose these two AI use cases - generation of code and summarization of complex content - out of all the possibilities and the sometimes zany things we saw elsewhere on the floor?
Could you share a story or two that highlights how we came to this AI launch and what it looked like under the surface?
EP118 RSA 2023 - How to Protect Your Organization from Cyberattacks in Time of Political Turmoil
Guests:
Shanyn Ronis, Head of the Mandiant Communication Center
John Miller, Head of Mandiant Intelligence Analysis
29:29
Topics covered:
It seems like we’re seeing more cyber activity taking place in the context of geopolitical events. A lot of organizations struggle to figure out if/how to respond to these events and any related cyber activity. What advice do you have for these organizations and their leadership?
A lot of threat intel (TI) suffers from “What does this event mean for threats to our organization?” - sort of how to connect CNN to your IDS? What is your best advice on this to a CISO?
TI also suffers from “1. Get TI 2. ??? 3. Profit!” - how does your model help organizations avoid this trap?
Surely there are different levels of granularity here to TI and its relevance. Is what a CISO needs different from what an IR member needs? Do you differentiate your feed along those axes?
What does success look like? How will organizations know when they’re successful? What are good KPIs for these types of threat intelligence? In other words, how would customers know they benefit from it?
Is there anything unique that cloud providers can do in this process?
EP116 SBOMs: A Step Towards a More Secure Software Supply Chain
Guest:
Isaac Hepworth, PM focused on Software Supply Chain Security @ Google
29:49
Topics covered:
Why is everyone talking about SBOMs all of a sudden? Why does this matter to a typical security leader?
Some software vendors don’t want SBOM, and this reminds us of the food safety rules debates in the past, how does this analogy work here?
One interesting challenge in the world of SBOMs and unintended consequences is that large well resourced organizations may be better equipped to produce SBOMs than small independent and open source projects. Is that a risk?
Is the SBOM requirement setting the government up to be overly reliant on megacorps and are we going to unintentionally ban open source from the government?
What is the relationship between SBOM and software liability? Is SBOM a step to this? Won’t software liability kill open source?
How does Google prepare for EO internally; how do we use SBOM and other related tools?
To come back to the food analogy, SBOMs are all well and good, but the goal is not that consumers know they’re eating lead, but rather that our food becomes healthier. Where are we heading in the next five years to improve software supply chain "health and safety"?
You had a very fun blog where you reminded the world that many organizations still approach cloud as a rented data center, do you still see it now? Do you think this will persist for 3, 5, 10 years?
Other than microservices, what’re the most important differences between public cloud and a rented data center for a CISO to keep in mind?
Analysts say that “cloud is secure, but clients just aren’t using it securely”, what is your reaction to this?
Actually, how do you define “use cloud securely”?
Have you met any CISOs who are active cloud fans who prefer cloud for security reasons?
You also work for an NDR vendor, do you think NDR in the cloud has a future?