EP191 Why Aren't More Defenders Winning? Defender’s Advantage and How to Gain it!

Guest:

• Dan Nutting, Manager - Cyber Defense,  Google Cloud

Topics:

• What is the Defender’s Advantage and why did Mandiant decide to put this out there?

• This is the second edition. What is different about DA-II?

• Why do so few defenders actually realize their Defender’s Advantage? 

• The book talks about the importance of being "intelligence-led" in cyber defense. Can you elaborate on what this means and how organizations can practically implement this approach?

• Detection engineering is presented as a continuous cycle of adaptation. How can organizations ensure their detection capabilities remain effective and avoid fatigue in their SOC?  

• Many organizations don’t seem to want to make detections at all, what do we tell them?

• What is this thing called “Mission Control”- it sounds really cool, can you explain it?

Resources:

• Defender’s Advantage book

• The Defender's Advantage: Using Artificial Intelligence in Cyber Defense supplemental paper

• “Threat-informed Defense Is Hard, So We Are Still Not Doing It!” blog

• Mandiant blog