Showing 13 episodes for Threat Intelligence
#219
April 14, 2025
EP219 Beyond the Buzzwords: Decoding Cyber Risk and Threat Actors in Asia Pacific
Topics covered:
- We've seen a shift in how boards engage with cybersecurity. From your perspective, what's the most significant misconception boards still hold about cyber risk, particularly in the Asia Pacific region, and how has that impacted their decision-making?
- Cybersecurity is rife with jargon. If you could eliminate or redefine one overused term, which would it be and why? How does this overloaded language specifically hinder effective communication and action in the region?
- The Mandiant Attack Lifecycle is a well-known model. How has your experience in the East Asia region challenged or refined this model? Are there unique attack patterns or actor behaviors that necessitate adjustments?
- Two years post-acquisition, what's been the most surprising or unexpected benefit of the Google-Mandiant combination?
- M-Trends data provides valuable insights, particularly regarding dwell time. Considering the Asia Pacific region, what are the most significant factors reducing dwell time, and how do these trends differ from global averages?
- Given your expertise in Asia Pacific, can you share an observation about a threat actor's behavior that is often overlooked in broader cybersecurity discussions?
- Looking ahead, what's the single biggest cybersecurity challenge you foresee for organizations in the Asia Pacific region over the next five years, and what proactive steps should they be taking now to prepare?
#215
March 17, 2025
EP215 Threat Modeling at Google: From Basics to AI-powered Magic
Topics covered:
- Can you walk us through Google's typical threat modeling process? What are the key steps involved?
- Threat modeling can be applied to various areas. Where does Google utilize it the most? How do we apply this to huge and complex systems?
- How does Google keep its threat models updated? What triggers a reassessment?
- How does Google operationalize threat modeling information to prioritize security work and resource allocation? How does it influence your security posture?
- What are the biggest challenges Google faces in scaling and improving its threat modeling practices? Any stories where we got this wrong?
- How can LLMs like Gemini improve Google's threat modeling activities? Can you share examples of basic and more sophisticated techniques?
- What advice would you give to organizations just starting with threat modeling?
#211
February 17, 2025
EP211 Decoding the Underground: Google's Dual-Lens Threat Intelligence Magic
Topics covered:
- Google's Threat Intelligence Group (GTIG) has a unique position, accessing both underground forum data and incident response information. How does this dual perspective enhance your ability to identify and attribute cybercriminal campaigns?
- Attributing cyberattacks with high confidence is important. Can you walk us through the process GTIG uses to connect an incident to specific threat actors, given the complexities of the threat landscape and the challenges of linking tools and actors?
- There is a difficulty of correlating publicly known tool names with the aliases used by threat actors in underground forums. How does GTIG overcome this challenge to track the evolution and usage of malware and other tools? Can you give a specific example of how this "decoding" process works?
- How does GTIG collaborate with other teams within Google, such as incident response or product security, to share threat intelligence and improve Google's overall security posture? How does this work make Google more secure?
- What does Google (and specifically GTIG) do differently than other organizations focused on collecting and analyzing threat-intelligence? Is there AI involved?
#207
January 20, 2025
EP207 Slaying the Ransomware Dragon: Can a Startup Succeed?
Topics covered:
- Tell us about the ransomware problem - isn't this a bit of old news? Circa 2015, right?
- What makes ransomware a unique security problem?
- What's different about ransomware versus other kinds of malware? What do you make of the “RansomOps” take (aka “ransomware is not malware”)?
- Are there new ways to solve it?
- Is this really a problem that a startup is positioned to solve? Aren’t large infrastructure owners better positioned for this? In fact, why haven't existing solutions solved this?
- Is this really a symptom of a bigger problem? What is that problem?
- What made you personally want to get into this space, other than the potential upside of solving the problem?
#206
January 13, 2025
EP206 Paying the Price: Ransomware's Rising Stakes in the Cloud
Guest:
- Allan Liska, CSIRT at Recorded Future, now part of Mastercard
Topics covered:
- Ransomware has become a pervasive threat. Could you provide us with a brief overview of the current ransomware landscape?
- It's often said that ransomware is driven by pure profit. Can you remind us of the business model of ransomware gangs, including how they operate, their organizational structures, and their financial motivations?
- Ransomware gangs are becoming increasingly aggressive in their extortion tactics. Can you shed some light on these new tactics, such as data leaks, DDoS attacks, and threats to contact victims' customers or partners?
- What specific challenges and considerations arise when dealing with ransomware in cloud environments, and how can organizations adapt their security strategies to mitigate these risks?
- What are the key factors to consider when deciding whether or not to pay the ransom?
- What is the single most important piece of advice you would give to organizations looking to bolster their defenses against ransomware?
#205
January 6, 2025
EP205 Cybersecurity Forecast 2025: Beyond the Hype and into the Reality
Topics covered:
- You have this new Cybersecurity Forecast 2025 report, what’s up with that?
- We are getting a bit annoyed about the fear-mongering on “oh, but attackers will use AI.” You are a threat analyst, realistically, how afraid are you of this?
- The report discusses the threat of compromised identities in hybrid environments (aka “no matter what you do, and where, you are hacked via AD”). What steps can organizations take to mitigate the risk of a single compromised identity leading to a significant security breach? Is this expected to continue?
- Is zero-day actually growing? The report seems to imply that, but aren’t “oh-days” getting more expensive every day?
- Many organizations still lag with detection, in your expertise, what approaches to detection actually work today? It is OK to say ”hire Managed Defense”, BTW :-)
- We read the risk posed by the "Big Four" sections and they (to us) read like “hackers hack” and “APTs APT.” What is genuinely new and interesting here?
#196
October 28, 2024
EP196 AI+TI: What Happens When Two Intelligences Meet?
Guest:
- Vijay Ganti, Director of Product Management, Google Cloud Security
Topics covered:
- What have been the biggest pain points for organizations trying to use threat intelligence (TI)?
- Why has it been so difficult to convert threat knowledge into effective security measures in the past?
- In the realm of AI, there's often hype (and people who assume “it’s all hype”). What's genuinely different about AI now, particularly in the context of threat intelligence?
- Can you explain the concept of "AI-driven operationalization" in Google TI? How does it work in practice?
- What's the balance between human expertise and AI in the TI process? Are there specific areas where you see the balance between human and AI involvement shifting in a few years?
- Google Threat Intelligence aims to be different. Why are we better from client PoV?
#191
September 23, 2024
EP191 Why Aren't More Defenders Winning? Defender’s Advantage and How to Gain it!
Topics covered:
- What is the Defender’s Advantage and why did Mandiant decide to put this out there?
- This is the second edition. What is different about DA-II?
- Why do so few defenders actually realize their Defender’s Advantage?
- The book talks about the importance of being "intelligence-led" in cyber defense. Can you elaborate on what this means and how organizations can practically implement this approach?
- Detection engineering is presented as a continuous cycle of adaptation. How can organizations ensure their detection capabilities remain effective and avoid fatigue in their SOC?
- Many organizations don’t seem to want to make detections at all, what do we tell them?
- What is this thing called “Mission Control”- it sounds really cool, can you explain it?
#178
June 24, 2024
EP178 Meet Brandon Wood: The Human Side of Threat Intelligence: From Bad IP to Trafficking Busts
Topics covered:
- Threat intelligence is one of those terms that means different things to everyone–can you tell us what this term has meant in the different contexts of your career? What do you tell people who assume that “TI = lists of bad IPs”?
- We heard while prepping for this show that you were involved in breaking up a human trafficking ring: tell us about that!
- In Anton’s experience, a lot of cyber TI is stuck in “1. Get more TI 2. ??? 3. Profit!” How do you move past that?
- One aspect of threat intelligence that’s always struck me as goofy is the idea that we can “monitor the dark web” and provide something useful. Can you change my mind on this one?
- You told us your story of getting into sales, you recently did a successful rotation into the role of Product Manager,, can you tell us about what motivated you to do this and what the experience was like?
- Are there other parts of your background that inform the work you’re doing and how you see yourself at Google?
- How does that impact our go to market for threat intelligence, and what’re we up to when it comes to keeping the Internet and broader world safe?
#175
June 3, 2024
EP175 Meet Crystal Lister: From Public Sector to Google Cloud Security and Threat Horizons
Topics covered:
- Your background can be sheepishly called “public sector”, what’s your experience been transitioning from public to private? How did you end up here doing what you are doing?
- We imagine you learned a lot from what you just described – how’s that impacted your work at Google?
- How have you seen risk management practices and outcomes differ?
- You now lead Google Threat Horizons reports, do you have a vision for this? How does your past work inform it?
- Given the prevalence of ransomware attacks, many organizations are focused on external threats. In your experience, does the risk of insider threats still hold significant weight? What type of company needs a dedicated and separate insider threat program?
#156
January 22, 2024
EP156 Living Off the Land and Attacking Critical Infrastructure: Mandiant Incident Deep Dive
Topics covered:
- Could you give us a brief overview of what this power disruption incident was about?
- This incident involved both Living Off the Land and attacks on operational technology (OT). Could you explain to our audience what these mean and what the attacker did here?
- We also saw a wiper used to hide forensics, is that common these days?
- Did the attacker risk tipping their hand about upcoming physical attacks? If we’d seen this intrusion earlier, might we have understood the attacker’s next moves?
- How did your team establish robust attribution in this case, and how they do it in general? How sure are we, really?
- Could you share how this came about and maybe some of the highlights in our relationship helping defend that country?
#155
January 15, 2024
EP155 Cyber, Geopolitics, AI, Cloud - All in One Book?
Guest:
- Derek Reveron, Professor and Chair of National Security at the US Naval War College
- John Savage, An Wang Professor Emeritus of Computer Science of Brown University
Topics covered:
- You wrote a book on cyber and war, how did this come about and what did you most enjoy learning from the other during the writing process?
- Is generative AI going to be a game changer in international relations and war, or is it just another tool?
- You also touch briefly on lethal autonomous weapons systems and ethics–that feels like the genie is right in the very neck of the bottle right now, is it too late?
- Aside from this book, and the awesome course you offered at Brown that sparked Tim’s interest in this field, how can we democratize this space better?
- How does the emergence and shift to Cloud impact security in the cyber age?
- What are your thoughts on the intersection of Cloud as a set of technologies and operating model and state security (like sovereignty)? Does Cloud make espionage harder or easier?
#147
November 8, 2023
EP147 Special: 2024 Security Forecast Report
Topics covered:
- Can you really forecast threats? Won’t the threat actors ultimately do whatever they want?
- How can clients use the forecast? Or as Tim would say it, what gets better once you read it?
- What is the threat forecast for cloud environments? “Cyber attacks targeting hybrid and multi-cloud environments will mature and become more impactful“ - what does it mean?
- Of course AI makes an appearance as well: “LLMs and other gen AI tools will likely be developed and offered as a service to assist attackers with target compromises.” Do we really expect attacker-run LLM SaaS? What model will they use? Will it be good?
- There are a number of significant elections scheduled for 2024, are there implications for cloud security?
- Based on the threat information, tell me about something that is going well, what will get better in 2024?
