Sign up to save your podcasts
Or
Share EP222 From Post-IR Lessons to Proactive Security: Deconstructing Mandiant M-Trends
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
EP222 From Post-IR Lessons to Proactive Security: Deconstructing Mandiant M-Trends
Guests:
- Kirstie Failey @ Google Threat Intelligence Group
- Scott Runnels @ Mandiant Incident Response
Topics:
- What is the hardest thing about turning distinct incident reports into a fun to read and useful report like M-Trends?
- How much are the lessons and recommendations skewed by the fact that they are all “post-IR” stories?
- Are “IR-derived” security lessons the best way to improve security? Isn’t this a bit like learning how to build safely from fires vs learning safety engineering?
- The report implies that F500 companies suffer from certain security issues despite their resources, does this automatically mean that smaller companies suffer from the same but more?
- "Dwell time" metrics sound obvious, but is there magic behind how this is done? Sometimes “dwell tie going down” is not automatically the defender’s win, right?
- What is the expected minimum dwell time? If “it depends”, then what does it depend on?
- Impactful outliers vs general trends (“by the numbers”), what teaches us more about security?
- Why do we seem to repeat the mistakes so much in security?
- Do we think it is useful to give the same advice repeatedly if the data implies that it is correct advice but people clearly do not do it?
Resources:
- M-Trends 2025 report
- Mandiant Attack Lifecycle
- EP205 Cybersecurity Forecast 2025: Beyond the Hype and into the Reality
- EP147 Special: 2024 Security Forecast Report
View all episodes
By Anton Chuvakin
4.8
3838 ratings
Guests:
- Kirstie Failey @ Google Threat Intelligence Group
- Scott Runnels @ Mandiant Incident Response
Topics:
- What is the hardest thing about turning distinct incident reports into a fun to read and useful report like M-Trends?
- How much are the lessons and recommendations skewed by the fact that they are all “post-IR” stories?
- Are “IR-derived” security lessons the best way to improve security? Isn’t this a bit like learning how to build safely from fires vs learning safety engineering?
- The report implies that F500 companies suffer from certain security issues despite their resources, does this automatically mean that smaller companies suffer from the same but more?
- "Dwell time" metrics sound obvious, but is there magic behind how this is done? Sometimes “dwell tie going down” is not automatically the defender’s win, right?
- What is the expected minimum dwell time? If “it depends”, then what does it depend on?
- Impactful outliers vs general trends (“by the numbers”), what teaches us more about security?
- Why do we seem to repeat the mistakes so much in security?
- Do we think it is useful to give the same advice repeatedly if the data implies that it is correct advice but people clearly do not do it?
Resources:
- M-Trends 2025 report
- Mandiant Attack Lifecycle
- EP205 Cybersecurity Forecast 2025: Beyond the Hype and into the Reality
- EP147 Special: 2024 Security Forecast Report
More shows like Cloud Security Podcast by Google
View all
Risky Business
360 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
628 Listeners
The Cloudcast
153 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
367 Listeners
CyberWire Daily
1,014 Listeners
AWS Podcast
201 Listeners
Click Here
392 Listeners
Cybersecurity Today
166 Listeners
Kubernetes Podcast from Google
180 Listeners
CISO Series Podcast
187 Listeners
Hacking Humans
313 Listeners
Defense in Depth
78 Listeners
Cloud Security Podcast
57 Listeners
Cyber Security Headlines
118 Listeners
Risky Bulletin
33 Listeners