Guest:

• Daniel Shechter, Co-Founder and CEO at Miggo Security

Topics:

• Why do we need Application Detection and Response (ADR)? BTW, how do you define it?
• Isn’t ADR a subset of CDR (for cloud)? What is the key difference that sets ADR apart from traditional EDR and CDR tools?
• Why can’t I just send my application data - or eBPF traces - to my SIEM and achieve the goals of ADR that way?
• We had RASP and it failed due to instrumentation complexities. How does an ADR solution address these challenges and make it easier for security teams to adopt and implement?
• What are the key inputs into an ADR tool?
• Can you explain how your ADR correlates cloud, container, and application contexts to provide a better view of threats? Could you share real-world examples of types of badness solved for users?
• How would ADR work with other application security technologies like DAST/SAST, WAF and ASPM?
• What are your thoughts on the evolution of ADR?

Resources:

• EP157 Decoding CDR & CIRA: What Happens When SecOps Meets Cloud
• EP143 Cloud Security Remediation: The Biggest Headache?
• Miggo research re: vulnerability ALBeast
• “WhatDR or What Detection Domain Needs Its Own Tools?” blog
• “Making Sense of the Application Security Product Market” blog
• “Effective Vulnerability Management: Managing Risk in the Vulnerable Digital Ecosystem“ book

Guests:

• Taylor Lehmann, Director at Office of the CISO, Google Cloud
• Luis Urena, Cloud Security Architect, Google Cloud

Topics

• There is a common scenario where security teams are brought in after a cloud environment is already established. From your experience, how does this late involvement typically impact the organization's security posture and what are the immediate risks they face?
• Upon hearing this, many experts suggest that “burn the environment with fire” or “nuke it from orbit” are the only feasible approaches? What is your take on that suggestion?
• On the opposite side, what if business demands you don't touch anything but “make it secure” regardless?
• Could you walk us through some of the first critical steps you do after “inheriting a cloud” and why they are prioritized in this way?
• Why not just say “add MFA everywhere”? What may or will blow up?
• We also say “address overly permissive users and roles” and this sounds valuable, but also tricky. How do we go about it?
• What are the chances that the environment is in fact compromised already? When is Compromise Assessment the right call, it does cost money, right?
• How do you balance your team’s current priorities when you’ve just adopted an insecure cloud environment. How do you make tradeoffs among your existing stack and this new one?

Resources:

• “Confetti cannons or fire extinguishers? Here’s how to secure cloud surprises”
• EP179 Teamwork Under Stress: Expedition Behavior in Cybersecurity Incident Response
• IAM Recommender
• “TM" book by Adam Shostack
• “Checklist Manifesto” book
• “Moving shields into position: How you can organize security to boost digital transformation” (with a new paper!)

Guest:

• Nelly Porter, Director of PM, Cloud Security at Google Cloud

Topics:

• Share your story and how you ended here doing confidential AI at Google?
• What problem does confidential compute + AI solve and for what clients?
• What are some specific real-world applications or use cases where you see the combination of AI and confidential computing making the most significant impact?
• What about AI in confidential vs AI on prem? Should those people just do on-prem AI instead?
• Which parts of the AI lifecycle need to be run in Confidential AI: Training? Data curation? Operational workloads?
• What are the performance (and thus cost) implications of running AI workloads in a confidential computing environment?
• Are there new risks that arise out of confidential AI?

Resources:

• Video
• EP48 Confidentially Speaking 2: Cloudful of Secrets
• EP1 Confidentially Speaking
• “To securely build AI on Google Cloud, follow these best practices“ blog (paper)