Cloud Security Podcast by Google

EP239 Linux Security: The Detection and Response Disconnect and Where Is My Agentless EDR


Listen Later

Guest:

  • Craig H. Rowland, Founder and CEO, Sandfly Security

Topics:

  • When it comes to Linux environments – spanning on-prem, cloud, and even–gasp–hybrid setups – where are you seeing the most significant blind spots for security teams today? 
  • There's sometimes a perception that Linux is inherently more secure or less of a malware target than Windows. Could you break down some of the fundamental differences in how malware behaves on Linux versus Windows, and why that matters for defenders in the cloud?
  • 'Living off the Land' isn't a new concept, but on Linux, it feels like attackers have a particularly rich set of native tools at their disposal. What are some of the more subtly abused but legitimate Linux utilities you're seeing weaponized in cloud attacks, and how does that complicate detection?
  • When you weigh agent-based versus agentless monitoring in cloud and containerized Linux environments, what are the operational trade-offs and outcome trade-offs security teams really need to consider? 
  • SSH keys are the de facto keys to the kingdom in many Linux environments. Beyond just 'use strong passphrases,' what are the critical, often overlooked, risks associated with SSH key management, credential theft, and subsequent lateral movement that you see plaguing organizations, especially at scale in the cloud?
  • What are the biggest operational hurdles teams face when trying to conduct incident response effectively and rapidly across such a distributed Linux environment, and what's key to overcoming them?

Resources:

  • EP194 Deep Dive into ADR - Application Detection and Response
  • EP228 SIEM in 2025: Still Hard? Reimagining Detection at Cloud Scale and with More Pipelines

 

...more
View all episodesView all episodes
Download on the App Store

Cloud Security Podcast by GoogleBy Anton Chuvakin

  • 4.8
  • 4.8
  • 4.8
  • 4.8
  • 4.8

4.8

39 ratings


More shows like Cloud Security Podcast by Google

View all
Risky Business by Patrick Gray

Risky Business

369 Listeners

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

638 Listeners

The Cloudcast by Massive Studios

The Cloudcast

156 Listeners

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec by Jerry Bell and Andrew Kalat

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

369 Listeners

CyberWire Daily by N2K Networks

CyberWire Daily

1,018 Listeners

AWS Podcast by Amazon Web Services

AWS Podcast

205 Listeners

Smashing Security by Graham Cluley

Smashing Security

320 Listeners

Darknet Diaries by Jack Rhysider

Darknet Diaries

7,961 Listeners

Cybersecurity Today by Jim Love

Cybersecurity Today

173 Listeners

Kubernetes Podcast from Google by Abdel Sghiouar, Kaslin Fields

Kubernetes Podcast from Google

182 Listeners

CISO Series Podcast by David Spark, Mike Johnson, and Andy Ellis

CISO Series Podcast

188 Listeners

Defense in Depth by David Spark, Steve Zalewski, Geoff Belknap

Defense in Depth

73 Listeners

Cloud Security Podcast by Cloud Security Podcast Team

Cloud Security Podcast

57 Listeners

Cyber Security Headlines by CISO Series

Cyber Security Headlines

134 Listeners

Risky Bulletin by risky.biz

Risky Bulletin

43 Listeners