Cloud Security Podcast by Google

EP177 Cloud Incident Confessions: Top 5 Mistakes Leading to Breaches from Mandiant

Jun 17, 2024

Mandiant consultants discuss top 5 mistakes in cloud incidents, challenges in securing hybrid environments, attack surface evaluation, IAM importance, and incident preparedness for organizations transitioning to the cloud.

30:07

Creator website

Episode guests

Omar ElAhdan

Will Silverstone

AI Summary

Highlights

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Proper identity management and strong multi-factor authentication are crucial for cloud security.

Understanding attack surfaces goes beyond network vulnerabilities, focusing on privileged accounts and identity controls.

Deep dives

Importance of Identity Management in Cloud Security

Ensuring proper identity management, particularly segregating privileged accounts, enforcing strong multi-factor authentication methods such as FIDO2 security keys, and restricting password reset and MFA method modifications are essential for bolstering cloud security. Identity management plays a pivotal role in preventing unauthorized access and potential security breaches.

Expanding Active Directory Tiering Model and Leveraging Tools for Attacks

01:20

Protect the Terraform job and implement trusted services chain

01:19

Intro

2min

Insights from Mandiant Consultants at a Cloud Event

2min

Challenges in Securing Cloud and On-Premise Environments

11min

Enhancing Security Measures with MFA and Service Account Credential Policies

2min

Expanding Perspectives on Cloud Attack Surface Evaluation

2min

Challenges and Strategies in Cloud Security Identity Management

10min

Best Practices for Cloud Security and Adaptability

2min

Guests:

Omar ElAhdan, Principal Consultant, Mandiant, Google Cloud
Will Silverstone, Senior Consultant, Mandiant, Google Cloud

Topics:

Most organizations you see use both cloud and on-premise environments. What are the most common challenges organizations face in securing their hybrid cloud environments?
You do IR so in your experience, what are top 5 mistakes organizations make that lead to cloud incidents?
How and why do organizations get the attack surface wrong? Are there pillars of attack surface?
We talk a lot about how IAM matters in the cloud. Is that true that AD is what gets you in many cases even for other clouds?
What is your best cloud incident preparedness advice for organizations that are new to cloud and still use on-prem as well?

Resources:

Next 2024 LIVE Video of this episode / LinkedIn version (sorry for the audio quality!)
“Lessons Learned from Cloud Compromise” podcast at The Defender’s Advantage
“Cloud compromises: Lessons learned from Mandiant investigations” in 2023 from Next 2024
EP174 How to Measure and Improve Your Cloud Incident Response Readiness: A New Framework
EP103 Security Incident Response and Public Cloud - Exploring with Mandiant
EP162 IAM in the Cloud: What it Means to Do It 'Right' with Kat Traxler

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

Cloud Security Podcast by Google

EP177 Cloud Incident Confessions: Top 5 Mistakes Leading to Breaches from Mandiant

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Importance of Identity Management in Cloud Security

Expansion of Attack Surface Awareness

Role of Endpoint Security in Comprehensive Security Programs

Recommendations for Incident Preparedness

Expanding Active Directory Tiering Model and Leveraging Tools for Attacks

Protect the Terraform job and implement trusted services chain

Remember Everything You Learn from Podcasts