#143
October 16, 2023
EP143 Cloud Security Remediation: The Biggest Headache?
Topics covered:
- It seems that in many cases the challenge with cloud configuration weaknesses is not their detection, but remediation, is that true?
- As far as remediation scope, do we need to cover traditional vulnerabilities (in stock and custom code), configuration weaknesses and other issues too?
- One of us used to cover vulnerability management at Gartner, and in many cases the remediation failures [on premise] were due to process, not technology, breakdowns. Is this the same in the cloud? If still true, how can any vendor technology help resolve it?
- Why is cloud security remediation such a headache for so many organizations?
- Is the friction real between security and engineering teams? Do they have any hope of ever becoming BFFs?
- Doesn’t every CSPM (and now ASPM too?) vendor say they do automated remediation today? How should security pros evaluate solutions for prioritizing, triaging, and fixing issues?
View more episodes