Aug 8, 2022
Guest:
- Gorka Sadowski, Chief Strategy Officer @ Exabeam
Topics:
- How do we get a legacy SOC team to think about the cloud?
- How to think about cloud threat detection, in general? What is different … threats, the environment, what else? What is the same?
- How do we know which TTPs are relevant for the new environments? What to bring with us to the cloud?
- Do content/rules and detection engines need to be different to cover the cloud detection use cases?
- What cases are appropriate for machine learning (ML) in the cloud? Does cloud threats drive the need for new ML detections?
Resources:
- “11 Strategies of a World-Class Cybersecurity Operations Center” paper
- “Autonomic Security Operations: How to 10X Your SOC” paper
- “Indicators Of Compromise Vs. Tactics, Techniques, And Procedures” blog
- “How to Build and Operate a Modern Security Operations Center” (Gartner subscription required)
- “A SOC Tried To Detect Threats in the Cloud … You Won’t Believe What Happened Next” blog