Season 1 · Episode 194
EP194 Deep Dive into ADR - Application Detection and Response
Cloud Security Podcast by Google · Anton A Chuvakin
October 14, 202430m 55s
Audio is streamed directly from the publisher (traffic.libsyn.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
Guest:
-
Daniel Shechter, Co-Founder and CEO at Miggo Security
Topics:
- Why do we need Application Detection and Response (ADR)? BTW, how do you define it?
- Isn't ADR a subset of CDR (for cloud)? What is the key difference that sets ADR apart from traditional EDR and CDR tools?
- Why can't I just send my application data - or eBPF traces - to my SIEM and achieve the goals of ADR that way?
- We had RASP and it failed due to instrumentation complexities. How does an ADR solution address these challenges and make it easier for security teams to adopt and implement?
- What are the key inputs into an ADR tool?
- Can you explain how your ADR correlates cloud, container, and application contexts to provide a better view of threats? Could you share real-world examples of types of badness solved for users?
- How would ADR work with other application security technologies like DAST/SAST, WAF and ASPM?
- What are your thoughts on the evolution of ADR?
Resources:
- EP157 Decoding CDR & CIRA: What Happens When SecOps Meets Cloud
- EP143 Cloud Security Remediation: The Biggest Headache?
- Miggo research re: vulnerability ALBeast
- "WhatDR or What Detection Domain Needs Its Own Tools?" blog
- "Making Sense of the Application Security Product Market" blog
- "Effective Vulnerability Management: Managing Risk in the Vulnerable Digital Ecosystem" book