Season 1 · Episode 78
EP78 Classic SOC Meets Cloud: What Changes? What Stays the Same?
Cloud Security Podcast by Google · Anton A Chuvakin
August 8, 202228m 25s
Audio is streamed directly from the publisher (traffic.libsyn.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
Guest:
- Gorka Sadowski, Chief Strategy Officer @ Exabeam
Topics:
- How do we get a legacy SOC team to think about the cloud?
- How to think about cloud threat detection, in general? What is different … threats, the environment, what else? What is the same?
- How do we know which TTPs are relevant for the new environments? What to bring with us to the cloud?
- Do content/rules and detection engines need to be different to cover the cloud detection use cases?
- What cases are appropriate for machine learning (ML) in the cloud? Does cloud threats drive the need for new ML detections?
Resources:
- "11 Strategies of a World-Class Cybersecurity Operations Center" paper
- "Autonomic Security Operations: How to 10X Your SOC" paper
- "Indicators Of Compromise Vs. Tactics, Techniques, And Procedures" blog
- "How to Build and Operate a Modern Security Operations Center" (Gartner subscription required)
- "A SOC Tried To Detect Threats in the Cloud … You Won't Believe What Happened Next" blog