November 21, 2022

EP98 How to Cloud IR or Why Attackers Become Cloud Native Faster?



Subscribe at Google Podcasts.

Subscribe at Spotify.

Subscribe at Apple Podcasts.

Topics covered:

  • Let’s talk about security incident response in the cloud. Back in 2013 when I [Anton] first touched on this, the #1 challenge was getting the data to investigate as cloud providers had few logs available. What are the top 2022 cloud incident response challenges?
  • Does cloud change the definition of a security incident? Is “exposed storage bucket” an incident? Is vulnerability an incident in the cloud?
  • What should I have in my incident response plans for the cloud? Should I have a separate cloud IR plan?
  • What is our advice on running incident response jointly with a CSP like us?
  • How would 3rd party firms (like, well, Mandiant) work with a client and a CSP during an investigation?
  • We all read the Threat Horizons reports, but can you remind us of the common causes for cloud incidents we observed recently? What goals do the attackers typically pursue there?

Do you have something cool to share? Some questions? Let us know:

View more episodes