EP78 Classic SOC Meets Cloud: What Changes? What Stays the Same?

Topics covered:

• How do we get a legacy SOC team to think about the cloud?
• How to think about cloud threat detection, in general? What is different … threats, the environment, what else? What is the same? 
• How do we know which TTPs are relevant for the new environments? What to bring with us to the cloud?
• Do content/rules and detection engines need to be different to cover the cloud detection use cases?
• What cases are appropriate for machine learning (ML) in the cloud? Does cloud threats drive the need for new ML detections?