This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
New SecOps Webinar May 14th! Learn about Gemini's generative AI within Google SecOps
Log in to ask a question

EP222 From Post-IR Lessons to Proactive Security: Deconstructing Mandiant M-Trends

Posted Wednesday
chuvakin
Staff
Reply posted on --/--/---- --:-- AM

Guest:

Topics: 

Threat Intelligence Cloud IR and Forensics

Subscribe at Spotify.

Subscribe at Apple Podcasts.

Subscribe at YouTube

Topics covered:

  • What is the hardest thing about turning distinct incident reports into a fun to read and useful report like M-Trends?
  • How much are the lessons and recommendations skewed by the fact that they are all “post-IR” stories?
  • Are “IR-derived” security lessons the best way to improve security? Isn’t this a bit like learning how to build safely from fires vs learning safety engineering?
  • The report implies that F500 companies suffer from certain security issues despite their resources, does this automatically mean that smaller companies suffer from the same but more?
  • "Dwell time" metrics sound obvious, but is there magic behind how this is done? Sometimes “dwell tie going down” is not automatically the defender’s win, right?
  • What is the expected minimum dwell time? If “it depends”, then what does it depend on?
  • Impactful outliers vs general trends (“by the numbers”), what teaches us more about security?
  • Why do we seem to repeat the mistakes so much in security?
  • Do we think it is useful to give the same advice repeatedly if the data implies that it is correct advice but people clearly do not do it?
0 0 13
0 Likes
0 REPLIES 0