EP191 Why Aren't More Defenders Winning? Defender’s Advantage and How to Gain it!

Guest: Dan Nutting, Manager - Cyber Defense,  Google Cloud Topics: What is the Defender’s Advantage and why did Mandiant decide to put this out there? This is the second edition. What is different about DA-II? Why do so few defenders actually realize their Defender’s Advantage?  The book talks about the importance of being "intelligence-led" in cyber defense. Can you elaborate on what this means and how organizations can practically implement this approach? Detection engineering is presented as a continuous cycle of adaptation. How can organizations ensure their detection capabilities remain effective and avoid fatigue in their SOC?   Many organizations don’t seem to want to make detections at all, what do we tell them? What is this thing called “Mission Control”- it sounds really cool, can you explain it? Resources: Defender’s Advantage book The Defender's Advantage: Using Artificial Intelligence in Cyber Defense supplemental paper “Threat-informed Defense Is Hard, So We Are Still Not Doing It!” blog Mandiant blog  

Om Podcasten

Cloud Security Podcast by Google focuses on security in the cloud, delivering security from the cloud, and all things at the intersection of security and cloud. Of course, we will also cover what we are doing in Google Cloud to help keep our users' data safe and workloads secure. We’re going to do our best to avoid security theater, and cut to the heart of real security questions and issues. Expect us to question threat models and ask if something is done for the data subject’s benefit or just for organizational benefit. We hope you’ll join us if you’re interested in where technology overlaps with process and bumps up against organizational design. We’re hoping to attract listeners who are happy to hear conventional wisdom questioned, and who are curious about what lessons we can and can’t keep as the world moves from on-premises computing to cloud computing.