Sign up to save your podcasts
Or
Share EP222 From Post-IR Lessons to Proactive Security: Deconstructing Mandiant M-Trends
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
EP222 From Post-IR Lessons to Proactive Security: Deconstructing Mandiant M-Trends
Guests:
- Kirstie Failey @ Google Threat Intelligence Group
- Scott Runnels @ Mandiant Incident Response
Topics:
- What is the hardest thing about turning distinct incident reports into a fun to read and useful report like M-Trends?
- How much are the lessons and recommendations skewed by the fact that they are all "post-IR" stories?
- Are "IR-derived" security lessons the best way to improve security? Isn't this a bit like learning how to build safely from fires vs learning safety engineering?
- The report implies that F500 companies suffer from certain security issues despite their resources, does this automatically mean that smaller companies suffer from the same but more?
- "Dwell time" metrics sound obvious, but is there magic behind how this is done? Sometimes "dwell tie going down" is not automatically the defender's win, right?
- What is the expected minimum dwell time? If "it depends", then what does it depend on?
- Impactful outliers vs general trends ("by the numbers"), what teaches us more about security?
- Why do we seem to repeat the mistakes so much in security?
- Do we think it is useful to give the same advice repeatedly if the data implies that it is correct advice but people clearly do not do it?
Resources:
- M-Trends 2025 report
- Mandiant Attack Lifecycle
- EP205 Cybersecurity Forecast 2025: Beyond the Hype and into the Reality
- EP147 Special: 2024 Security Forecast Report
View all episodes
By Anton Chuvakin
4.8
3939 ratings
Guests:
- Kirstie Failey @ Google Threat Intelligence Group
- Scott Runnels @ Mandiant Incident Response
Topics:
- What is the hardest thing about turning distinct incident reports into a fun to read and useful report like M-Trends?
- How much are the lessons and recommendations skewed by the fact that they are all "post-IR" stories?
- Are "IR-derived" security lessons the best way to improve security? Isn't this a bit like learning how to build safely from fires vs learning safety engineering?
- The report implies that F500 companies suffer from certain security issues despite their resources, does this automatically mean that smaller companies suffer from the same but more?
- "Dwell time" metrics sound obvious, but is there magic behind how this is done? Sometimes "dwell tie going down" is not automatically the defender's win, right?
- What is the expected minimum dwell time? If "it depends", then what does it depend on?
- Impactful outliers vs general trends ("by the numbers"), what teaches us more about security?
- Why do we seem to repeat the mistakes so much in security?
- Do we think it is useful to give the same advice repeatedly if the data implies that it is correct advice but people clearly do not do it?
Resources:
- M-Trends 2025 report
- Mandiant Attack Lifecycle
- EP205 Cybersecurity Forecast 2025: Beyond the Hype and into the Reality
- EP147 Special: 2024 Security Forecast Report
More shows like Cloud Security Podcast by Google
View all
Security Now (Audio)
2,005 Listeners
Risky Business
372 Listeners
CyberWire Daily
1,029 Listeners
NVIDIA AI Podcast
344 Listeners
Darknet Diaries
8,083 Listeners
Tech Brew Ride Home
968 Listeners
Cybersecurity Today
178 Listeners
The Intelligence from The Economist
2,558 Listeners
Cloud Security Podcast
58 Listeners
Big Technology Podcast
504 Listeners
Cybersecurity Headlines
139 Listeners
Hard Fork
5,532 Listeners
The AI Daily Brief: Artificial Intelligence News and Analysis
638 Listeners
HBR On Leadership
166 Listeners
The Pragmatic Engineer
70 Listeners