How do you build a Robust Detection Framework? Ashish spoke to Andrew Tabona, SVP of Cyber Threat Management and Incident Response at a Fortune 500 company about challenging the conventional wisdom of applying on-premise incident response plans to cloud environments. They speak about the critical metrics of mean time to detect, respond, and recover, and why mastering the fundamentals is key to effective cloud security.
The conversation also covers practical strategies for building a detection framework, the importance of a balanced approach to log ingestion, and the nuanced differences in incident response between cloud and traditional on-premise environments.
Questions asked:
00:00 Introduction
03:20 A bit about Andrew Tabona
04:26 What is Threat Detection and Response?
06:14 Why incident response is different in Cloud?
09:18 Benefits of doing Incident Response in Cloud?
10:29 Is CSPM your incident response tool?
12:33 Where to start with Detection in Cloud?
16:35 Getting buy in from other teams for threat detection
20:15 Should you build or buy a cybersecurity solution?
22:34 Responding to incidents in a Cloud Context
26:01 Containing incidents in a Cloud Context
28:34 What kind of access do IR teams need?
30:36 Balancing the signal to noise ratio
32:10 Where to start with Threat Detection and Response
34:37 Challenges an organisation might face
35:58 Threat Detection and Response in MultiCloud
37:52 Showing ROI of Cybersecurity to the business
38:57 Where to learn about IR and Threat Detection?
41:09 Fun Section
44:14 Where you can connect with Andrew
----------------------------------------------------------------------
📱Cloud Security Podcast Social Media📱
_____________________________________
Twitter: / cloudsecpod
Facebook: / cloudsecuritypodcast
LinkedIn: / cloud-security-podcast
Website: cloudsecuritypodcast.tv/
#cloudsecurity