Cloud Security Podcast by Google

EP153 Kevin Mandia on Cloud Breaches: New Threat Actors, Old Mistakes, and Lessons for All

Dec 18, 2023

Kevin Mandia, CEO at Mandiant, discusses surprising cloud breaches in 2023 and the lessons learned from them. He explains the differences between cloud breaches and on-prem breaches. Mandia also highlights the mistakes and risks that led to cloud breaches and shares insights on how organizations can limit the impact. The episode emphasizes the importance of preparing for cloud breaches and detecting threats effectively. The hosts conclude by asking for advice on handling cloud breaches and recommend reading materials for CISOs.

28:41

Creator website

Episode guests

Kevin Mandia

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Improved credential management and identity security are crucial in detecting and responding to cloud-based attacks.

Organizations need to prioritize strong governance and careful management of credentials to mitigate the primary focus on credential harvesting and commodity threats in cloud-based intrusions.

Deep dives

Cloud Breaches of 2023

Kevin Mandia discusses the most surprising cloud breaches of 2023, focusing on the case of Storm 558, a Microsoft attack that accessed consumer-grade keys for the enterprise email system. He highlights the importance of detecting and responding to cloud-based attacks, emphasizing the need for improved credential management and identity security in the cloud.

Introduction

2min

The Evolution of Mandian and Learning from Breaches

18min

Preparing for Cloud Breaches: Developing Skills, Conducting Simulations, and Testing Effectiveness

4min

The Importance of Detection and Response in Security

3min

Closing Remarks and Recommended Reading for CISOs

2min

Guest:

Kevin Mandia, CEO at Mandiant, part of Google Cloud

Topics:

When you look back, what were the most surprising cloud breaches in 2023, and what can we learn from them? How were they different from the “old world” of on-prem breaches?
For a long time it’s felt like incident response has been an on-prem specialization, and that adversaries are primarily focused on compromising on-prem infrastructure. Who are we seeing go after cloud environments? The same threat actors or not?
Could you share a bit about the mistakes and risks that you saw organizations make that made their cloud breaches possible or made them worse? Conversely, what ended up being helpful to organizations in limiting the blast radius or making response easier?
Tim’s mother worked in a network disaster recovery team for a long time–their motto was “preparing for the inevitable.” What advice do you have for helping security teams and IT teams get ready for cloud breaches? Especially for recent cloud entrants?
Anton tells his “2000 IDS story” (need to listen for details!) and asks: what approaches for detecting threats actually detects threats today?

Resources:

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

Cloud Security Podcast by Google

EP153 Kevin Mandia on Cloud Breaches: New Threat Actors, Old Mistakes, and Lessons for All

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Cloud Breaches of 2023

Who is Going after Cloud Infrastructure?

Preparing for Cloud Breaches

Remember Everything You Learn from Podcasts