Join your hosts, Anton Chuvakin and Timothy Peacock, as they talk with industry experts about some of the most interesting areas of cloud security. If you like having threat models questioned and a few bad puns, please tune in!
EP66 Is This Binary Legit? How Google Uses Binary Authorization and Code Provenance
Guest:
Sandra Guo, Product Manager in Security, Google Cloud
25:23
Topics covered:
We have a really interesting problem here: if we make great investments in our use of trusted repositories, and great investments in doing code review on every change, and securing our build systems, and having reproducible builds, how do we know that all of what we did upstream is actually what gets deployed to production?
What are the realistic threats that Binary Authorization handles? Are there specific organizations that are more at risk from those?
What’s the Google inspiration for this work, both development and adoption?
How do we make this work in practice at a real organization that is not Google?
Where do you see organizations “getting it wrong” and where do you see organizations “getting it right”?
We’ve had a lot of conversations about rolling out zero-trust for enterprise applications, how do those lessons (start small, be visible, plan plan plan) translate into deploying Binauthz into blocking mode?
Iman Ghanizada, Global Head of Autonomic Security Operations at Google Cloud.
34:57
Topics covered:
It’s been a few months since we launched Autonomic Security Operations (ASO) and it seems like the whitepaper has been going viral in the industry. Tell us what ASO is about?
How was the ASO story received by your customers? Any particular reactions?
Will the ASO narrative inspire the next generation of practitioners? Where do you envision the market headed?
ASO is about transforming the SOC, and that often involves culture change. How do you change the culture and deeper approaches common in security operations?
What else can we do to evolve SOC faster than the threats and assets grow?
Could you explain briefly why identity is so important in the cloud?
A skeptic on cloud security once told us that “in the cloud, we are one identity mistake from a breach.” Is this true?
For listeners who aren’t familiar with GCP, could you give us the 30 second story on “what is a service account.” How is it different from a regular IAM account?
What are service account impersonations?
How can I see if my service accounts can be impersonated? How do I detect it?
How can I better secure my organization from impersonation attacks?
You had posted a blog analyzing the whitehouse ZT a memo on the federal government’s transition to “zero trust”, what caught your eye about the Zero Trust memo and why did you decide to write about it?
What’s behind the federal government’s recommendations to deprecate VPNs and recommend users “authenticate to applications, not networks”?
What do these recommendations mean for cloud security, today and in the future?
What do you think would be the hardest things to implement in real US Federal IT environments?
Are there other recommendations in the memo to think about as organizations design zero trust strategies for their infrastructure?
What are some of the challenges of implementing zero trust in general?
EP58 SOC is Not Dead: How to Grow and Develop Your SOC for Cloud and Beyond
Guests:
Alexi Wiemer, Senior Manager at Deloitte Cyber Detection and Response Practice
Dan Lauritzen, Senior Manager at Deloitte Cloud Security Practice.
25:25
Topics covered:
What is your key learning about the state of SOC today? What one SOC trend are you hearing the most or most interested in?
What is your best advice to SOCs that are permanently and woefully understaffed?
Many SOC analysts are drowning in manual work, and it is easy to give advice that “they need to automate.” What does this actually entail, in real life?
What is, in your view, the most critical technology for a modern SOC? Is it SIEM? Is it SOAR? Is it EDR?
What is the best advice for a SOC that was handed cloud on a platter and was told to monitor it for threats?
Occasionally, we hear that “SOC is dead.” What is your response to such dire SOCless predictions?