January 9, 2023
EP103 Security Incident Response and Public Cloud - Exploring with Mandiant
- Nader Zaveri, Senior Manager of IR and Remediation at Mandiant, now part of Google Cloud
View more episodes
- Could we start with a story of a cloud incident response (IR) failure and where things went wrong?
- What should that team have done to get it right?
- Are there skills that matter more in cloud incidents than they do for on-prem incidents? Are there on-prem instincts that will lead incident responders astray in cloud?
- What 3 things an IR team leader needs to do to prepare his team for IR in the cloud?
- Are there on-premise tools that can stay on prem and not join us in the cloud?
- What processes should we leave behind? Keep with us?
- What logs and context should we prepare for cloud IR? What access should we have behind “break glass”?
- While doing IR, what things should we look at in the cloud logs (which logs, also?) to expedite the investigation?