Sign up to save your podcasts
Or
Share EP222 From Post-IR Lessons to Proactive Security: Deconstructing Mandiant M-Trends
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
EP222 From Post-IR Lessons to Proactive Security: Deconstructing Mandiant M-Trends
Guests:
- Kirstie Failey @ Google Threat Intelligence Group
- Scott Runnels @ Mandiant Incident Response
Topics:
- What is the hardest thing about turning distinct incident reports into a fun to read and useful report like M-Trends?
- How much are the lessons and recommendations skewed by the fact that they are all “post-IR” stories?
- Are “IR-derived” security lessons the best way to improve security? Isn’t this a bit like learning how to build safely from fires vs learning safety engineering?
- The report implies that F500 companies suffer from certain security issues despite their resources, does this automatically mean that smaller companies suffer from the same but more?
- "Dwell time" metrics sound obvious, but is there magic behind how this is done? Sometimes “dwell tie going down” is not automatically the defender’s win, right?
- What is the expected minimum dwell time? If “it depends”, then what does it depend on?
- Impactful outliers vs general trends (“by the numbers”), what teaches us more about security?
- Why do we seem to repeat the mistakes so much in security?
- Do we think it is useful to give the same advice repeatedly if the data implies that it is correct advice but people clearly do not do it?
Resources:
- M-Trends 2025 report
- Mandiant Attack Lifecycle
- EP205 Cybersecurity Forecast 2025: Beyond the Hype and into the Reality
- EP147 Special: 2024 Security Forecast Report
View all episodes
By Anton Chuvakin
4.8
3838 ratings
Guests:
- Kirstie Failey @ Google Threat Intelligence Group
- Scott Runnels @ Mandiant Incident Response
Topics:
- What is the hardest thing about turning distinct incident reports into a fun to read and useful report like M-Trends?
- How much are the lessons and recommendations skewed by the fact that they are all “post-IR” stories?
- Are “IR-derived” security lessons the best way to improve security? Isn’t this a bit like learning how to build safely from fires vs learning safety engineering?
- The report implies that F500 companies suffer from certain security issues despite their resources, does this automatically mean that smaller companies suffer from the same but more?
- "Dwell time" metrics sound obvious, but is there magic behind how this is done? Sometimes “dwell tie going down” is not automatically the defender’s win, right?
- What is the expected minimum dwell time? If “it depends”, then what does it depend on?
- Impactful outliers vs general trends (“by the numbers”), what teaches us more about security?
- Why do we seem to repeat the mistakes so much in security?
- Do we think it is useful to give the same advice repeatedly if the data implies that it is correct advice but people clearly do not do it?
Resources:
- M-Trends 2025 report
- Mandiant Attack Lifecycle
- EP205 Cybersecurity Forecast 2025: Beyond the Hype and into the Reality
- EP147 Special: 2024 Security Forecast Report
More shows like Cloud Security Podcast by Google
View all
Risky Business
363 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
632 Listeners
The Cloudcast
154 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
370 Listeners
CyberWire Daily
1,010 Listeners
AWS Podcast
200 Listeners
Smashing Security
313 Listeners
Click Here
387 Listeners
Cybersecurity Today
142 Listeners
Kubernetes Podcast from Google
182 Listeners
CISO Series Podcast
182 Listeners
Hacking Humans
309 Listeners
Defense in Depth
72 Listeners
Cyber Security Headlines
120 Listeners
Risky Bulletin
33 Listeners