EP72 What Does Good Detection and Response Look Like in the Cloud? Insights from Expel MDR

Guests:

• Dave “Merk” Merkel, CEO @ Expel
• Peter Silberman,  CTO @ Expel

Topics:

• Many MDRs claim to be “security from the cloud”, but they actually don’t know much about cloud security. What does good looks like for MDR in the cloud (cloud being a full range from IaaS to SaaS)?
• What are the key challenges for clients picking an MDR for their cloud environments?  What are the questions to ask your potential MDR?
• Do clients want the same security outcomes done in the cloud vs on-premise?  
• Does it mean that MSSP/MDR capabilities must be different for good coverage of the cloud? 
• Is MDR technology different for Cloud detection and response as opposed to on-prem D&R? 
• How do you communicate with clients about the importance and value of cloud specific detection vs detection for endpoints running in the cloud? 
• What are the top threats against client cloud environments that you see, detect and protect from?
• Which clouds (IaaS?) are easiest for MDR to protect? What makes them easier to handle than the other Clouds?

Resources:

• Who Does What In Cloud Threat Detection?
• How to Think about Threat Detection in the Cloud
• Cattle vs Pets reminder
• Expel Blog - Incident report: Spotting an attacker in GCP 
• Expel Great eXpeltations 2022: Cybersecurity trends and predictions
• Expel Quarterly Threat Report: Q1 2022