Preview Mode Links will not work in preview mode

Cloud Security Podcast by Google


Jul 5, 2022

Guest:

  • Erik Bloch,  Senior Director of Detection and Response at Sprinklr

Topics:

  • You recently coined a concept of “output-driven Detection and Response” and even perhaps broader “output-driven security.” What is it and how does it work?
  • Detection and response is alive (obviously), but sometimes you say SOC is dead, what do you mean by that?
  • You refer to a federated approach for Detection and Response”  (“route the outcomes to the teams that need them or can address them”), but is it workable for any organization? 
  • What about the separation of duty concerns that some raise in response to this? What about the organizations that don’t have any security talent in those teams?
  • Is the approach you advocate "cloud native"? Does it only work in the cloud? Can a traditional, on-premise focused organization use it?
  • The model of “security team as a decision-maker, not an implementer” has a bit of a painful history, as this is what led to “GRC-only teams” who lack any technical knowledge. Why will this approach work this time?

Resources: