EP157 Decoding CDR & CIRA: What Happens When SecOps Meets Cloud

Guest:

• Arie Zilberstein, CEO and Co-Founder at Gem Security

Topics: 

• How does Cloud Detection and Response (CDR) differ from traditional, on-premises detection and response?

• What are the key challenges of cloud detection and response?

• Often we lift and shift our teams to Cloud, and not always for bad reasons, so  what’s your advice on how to teach the old dogs new tricks: “on-premise-trained” D&R teams and cloud D&R?

• What is this new CIRA thing that Gartner just cooked up?  Should CIRA exist as a separate market or technology or is this just a slice of CDR or even SIEM perhaps?

• What do you tell people who say that “SIEM is their CDR”?

• What are the key roles and responsibilities of the CDR team? How is the cloud D&R process related to DevOps and cloud-style IT processes?

 Resources:

• Video version of this episode

• Cloud breaches databases

• EP98 How to Cloud IR or Why Attackers Become Cloud Native Faster?

• EP103 Security Incident Response and Public Cloud - Exploring with Mandiant

• EP76 Powering Secure SaaS … But Not with CASB? Cloud Detection and Response?

• 9 Megatrends drive cloud adoption—and improve security for all

• “Emerging Tech: Security — Cloud Investigation and Response Automation (CIRA) Offers Transformation Opportunities” (Gartner access required)

• “Does the World Need Cloud Detection and Response (CDR)?” blog