January 9, 2023

EP103 Security Incident Response and Public Cloud - Exploring with Mandiant



This podcast opens our 2023 - first episode of our Season 3!

Subscribe at Google Podcasts.

Subscribe at Spotify.

Subscribe at Apple Podcasts.

Topics covered:

  • Could we start with a story of a cloud incident response (IR) failure and where things went wrong? 
  • What should that team have done to get it right? 
  • Are there skills that matter more in cloud incidents than they do for on-prem incidents? Are there on-prem instincts that will lead incident responders astray in cloud?
  • What 3 things an IR team leader needs to do to prepare his team for IR in the cloud?
  • Are there on-premise tools that can stay on prem and not join us in the cloud?
  • What processes should we leave behind? Keep with us?
  • What logs and context should we prepare for cloud IR?  What access should we have behind “break glass”?
  • While doing IR, what things should we look at in the cloud logs (which logs, also?) to expedite the investigation?

Do you have something cool to share? Some questions? Let us know:

View more episodes