Oct 16, 2023
Guests:
Topics:
It seems that in many cases the challenge with cloud configuration weaknesses is not their detection, but remediation, is that true?
As far as remediation scope, do we need to cover traditional vulnerabilities (in stock and custom code), configuration weaknesses and other issues too?
One of us used to cover vulnerability management at Gartner, and in many cases the remediation failures [on premise] were due to process, not technology, breakdowns. Is this the same in the cloud? If still true, how can any vendor technology help resolve it?
Why is cloud security remediation such a headache for so many organizations?
Is the friction real between security and engineering teams? Do they have any hope of ever becoming BFFs?
Doesn’t every CSPM (and now ASPM too?) vendor say they do automated remediation today? How should security pros evaluate solutions for prioritizing, triaging, and fixing issues?
Resources:
EP67 Cyber Defense Matrix and Does Cloud Security Have to DIE to Win?’
EP138 Terraform for Security Teams: How to Use IaC to Secure the Cloud
EP117 Can a Small Team Adopt an Engineering-Centric Approach to Cybersecurity?
8 Megatrends drive cloud adoption—and improve security for all