Cloud Security Podcast by Google EP222 From Post-IR Lessons to Proactive Security: Deconstructing Mandiant M-Trends
Apr 28, 2025
In this engaging discussion, Kirstie Failey from the Google Threat Intelligence Group and Scott Runnels from Mandiant Incident Response dive into the art of transforming incident reports into the M-Trends report. They explore the paradox of learning from past incidents versus proactive security measures. The duo uncovers the complexities of 'dwell time' metrics and why repeated security mistakes persist. They also discuss the unique challenges faced by smaller organizations and the necessity of effective storytelling in cybersecurity reporting. A must-listen for security enthusiasts!
AI Snips
Chapters
Transcript
Episode notes
Challenges in Making M-Trends Report
- Incident reports are tough to turn into a coherent, useful trends report due to consultants' focus on descriptive writing. - The M-Trends report needs prescriptive context and must filter out informal storytelling for clarity.
Post-IR Bias in Lessons
- M-Trends focuses on post-incident response stories, which might bias what lessons are learned. - Learning security from incident aftermaths is akin to building safe houses after fires rather than engineering safety from first principles.
Value of Basic Security Hygiene
- Basic security hygiene like correct firewall configuration and patching yields repeated and strong ROI. - Not all recommendations fit every environment, so customize investments accordingly for best results.