Sign up to save your podcasts
Or
Share EP222 From Post-IR Lessons to Proactive Security: Deconstructing Mandiant M-Trends
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
EP222 From Post-IR Lessons to Proactive Security: Deconstructing Mandiant M-Trends
Guests:
- Kirstie Failey @ Google Threat Intelligence Group
- Scott Runnels @ Mandiant Incident Response
Topics:
- What is the hardest thing about turning distinct incident reports into a fun to read and useful report like M-Trends?
- How much are the lessons and recommendations skewed by the fact that they are all "post-IR" stories?
- Are "IR-derived" security lessons the best way to improve security? Isn't this a bit like learning how to build safely from fires vs learning safety engineering?
- The report implies that F500 companies suffer from certain security issues despite their resources, does this automatically mean that smaller companies suffer from the same but more?
- "Dwell time" metrics sound obvious, but is there magic behind how this is done? Sometimes "dwell tie going down" is not automatically the defender's win, right?
- What is the expected minimum dwell time? If "it depends", then what does it depend on?
- Impactful outliers vs general trends ("by the numbers"), what teaches us more about security?
- Why do we seem to repeat the mistakes so much in security?
- Do we think it is useful to give the same advice repeatedly if the data implies that it is correct advice but people clearly do not do it?
Resources:
- M-Trends 2025 report
- Mandiant Attack Lifecycle
- EP205 Cybersecurity Forecast 2025: Beyond the Hype and into the Reality
- EP147 Special: 2024 Security Forecast Report
View all episodes
By Anton Chuvakin
4.8
3939 ratings
Guests:
- Kirstie Failey @ Google Threat Intelligence Group
- Scott Runnels @ Mandiant Incident Response
Topics:
- What is the hardest thing about turning distinct incident reports into a fun to read and useful report like M-Trends?
- How much are the lessons and recommendations skewed by the fact that they are all "post-IR" stories?
- Are "IR-derived" security lessons the best way to improve security? Isn't this a bit like learning how to build safely from fires vs learning safety engineering?
- The report implies that F500 companies suffer from certain security issues despite their resources, does this automatically mean that smaller companies suffer from the same but more?
- "Dwell time" metrics sound obvious, but is there magic behind how this is done? Sometimes "dwell tie going down" is not automatically the defender's win, right?
- What is the expected minimum dwell time? If "it depends", then what does it depend on?
- Impactful outliers vs general trends ("by the numbers"), what teaches us more about security?
- Why do we seem to repeat the mistakes so much in security?
- Do we think it is useful to give the same advice repeatedly if the data implies that it is correct advice but people clearly do not do it?
Resources:
- M-Trends 2025 report
- Mandiant Attack Lifecycle
- EP205 Cybersecurity Forecast 2025: Beyond the Hype and into the Reality
- EP147 Special: 2024 Security Forecast Report
More shows like Cloud Security Podcast by Google
View all
WSJ Your Money Briefing
1,722 Listeners
WSJ What’s News
4,424 Listeners
Security Now (Audio)
2,010 Listeners
Risky Business
373 Listeners
CyberWire Daily
1,025 Listeners
NVIDIA AI Podcast
347 Listeners
Darknet Diaries
8,079 Listeners
Cybersecurity Today
177 Listeners
Practical AI
211 Listeners
Cloud Security Podcast
58 Listeners
Cybersecurity Headlines
140 Listeners
Huberman Lab
29,300 Listeners
The AI Daily Brief: Artificial Intelligence News and Analysis
681 Listeners
HBR On Leadership
168 Listeners
AI Security Podcast
9 Listeners