EP75 How We Scale Detection and Response at Google: Automation, Metrics, Toil
27 min •
18 juli 2022
Guest:
Tim Nguyen, Director of Detection and Response @ Google
Topics:
I know we don’t like to say “SOC” here, so why don’t we talk about the role of automation in detection and response (D&R) at Google?
One SRE concept we found useful in security operations is “toil” - How do we squeeze toil out of D&R practice at Google?
A combined analyst and engineer role (just like an SRE) was critical for both increasing automation and reducing toil, how hard was it to put this into practice? Tell us about that journey?
How do we automate security signal analysis, can you give us a few examples?
D&R metrics have been a big pain point for many organizations, how does SRE thinking of SLOs and SLIs (and less about SLAs) helps us in our “not SOC”?
How do we avoid falling into the “time to respond” trap that rewards fast response, sometimes at the cost of good?