Cloud Security Podcast by Google

EP191 Why Aren't More Defenders Winning? Defender’s Advantage and How to Gain it!

Sep 23, 2024

Dan Nutting, a manager in Cyber Defense at Google Cloud, shares his insights on the concept of the Defender's Advantage. He discusses why many defenders struggle to realize this advantage and emphasizes the importance of being intelligence-led in cyber defense. Nutting explains the continuous cycle of detection engineering and how organizations can maintain effective detection capabilities. He also introduces the intriguing idea of 'Mission Control' for proactive security management, enhancing collaboration among teams to tackle threats.

23:36

Creator website

Episode guests

Dan Nutting

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Effective cybersecurity requires collaboration between security teams to enhance proactive defense mechanisms and close security protocol gaps.

Adopting an intelligence-led approach enables organizations to anticipate threats and align their detection capabilities with actionable insights tailored to their environment.

Deep dives

The Importance of Communication Between Security Teams

Effective cybersecurity relies heavily on the collaboration between different security teams, such as detection engineering and intelligence teams. Often, these teams work in silos, leading to inefficiencies and gaps in security protocols. A framework that emphasizes communication and cooperation among teams is essential, as each team has valuable insights that can enhance overall security measures. By fostering inter-team dialogue, organizations can improve their proactive defense mechanisms and stay ahead of potential threats.

Intro

3min

Proactive Cyber Defense Strategies

14min

Understanding Mission Control and Its Role in Proactive Security Management

2min

The Role of Incident Commanders in Effective Incident Management

2min

Establishing Effective Cybersecurity Functions and the Defender's Advantage

3min

Guest:

Dan Nutting, Manager - Cyber Defense, Google Cloud

Topics:

What is the Defender’s Advantage and why did Mandiant decide to put this out there?
This is the second edition. What is different about DA-II?
Why do so few defenders actually realize their Defender’s Advantage?
The book talks about the importance of being "intelligence-led" in cyber defense. Can you elaborate on what this means and how organizations can practically implement this approach?
Detection engineering is presented as a continuous cycle of adaptation. How can organizations ensure their detection capabilities remain effective and avoid fatigue in their SOC?
Many organizations don’t seem to want to make detections at all, what do we tell them?
What is this thing called “Mission Control”- it sounds really cool, can you explain it?

Resources:

Defender’s Advantage book
The Defender's Advantage: Using Artificial Intelligence in Cyber Defense supplemental paper
“Threat-informed Defense Is Hard, So We Are Still Not Doing It!” blog
Mandiant blog

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

Cloud Security Podcast by Google

EP191 Why Aren't More Defenders Winning? Defender’s Advantage and How to Gain it!

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

The Importance of Communication Between Security Teams

Understanding the Attacker's Perspective

The Shift Toward Intelligence-Led Cyber Defense

Remember Everything You Learn from Podcasts