Ep076: Incident Response in the Age of Personal CISO Liability with Suresh Vasudevan of Sysdig

Suresh Vasudevan, CEO of Sysdig, discusses the evolving challenges of cloud security incident response and the need for new approaches to mitigate organizational risk.

Topics Include:

• Cybersecurity regulations mandate incident response reporting.
• Challenges of cloud breach detection and response.
• Complex cloud attack patterns: reconnaissance, lateral movement, exploit.
• Rapid exploitation - minutes vs. days for on-prem.
• Importance of runtime, identity, and control plane monitoring.
• Limitations of EDR and SIEM tools for cloud.
• Coordinated incident response across security, DevOps, executives.
• Criticality of pre-defined incident response plans.
• Increased CISO personal liability risk and mitigation.
• Documenting security team's diligence to demonstrate due care.
• Establishing strong partnerships with legal and audit teams.
• Covering defensive steps in internal communications.
• Sysdig's cloud-native security approach and Falco project.
• Balancing prevention, detection, and response capabilities.
• Integrating security tooling with customer workflows and SOCs.
• Providing 24/7 monitoring and rapid response services.
• Correlating workload, identity, and control plane activities.
• Detecting unusual reconnaissance and lateral movement behaviors.
• Daisy-chaining events to identify potential compromise chains.
• Tracking historical identity activity patterns for anomaly detection.
• Aligning security with business impact assessment and reporting.
• Adapting SOC team skills for cloud-native environments.
• Resource and disruption cost concerns for cloud agents.
• Importance of "do no harm" philosophy for response.
• Enhancing existing security data sources with cloud context.
• Challenges of post-incident forensics vs. real-time response.
• Bridging security, DevOps, and executive domains.
• Establishing pre-approved incident response stakeholder roles.
• Maintaining documentation to demonstrate proper investigation.
• Evolving CISO role and personal liability considerations.
• Proactive management of cyber risk at board level.
• Developing strong general counsel and audit relationships.
• Transparency in internal communications to avoid discovery risks.
• Security teams as business partners, not just technicians.
• Sysdig's cloud security expertise and open-source contributions.

Participants:

·        Suresh Vasudevan – CEO, Sysdig

See how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon/isv/