Profile picture
Kelly Shortridge @swagitda_
, 21 tweets, 8 min read Read on Twitter
Super pumped for this panel about detecting attacks at scale w/ @jessfraz @argvee @mhil1 @BradMaio
SecOps hierarchy of needs was created in the 1970s, as pointed out by @argvee, & we’re constantly rethinking how to do detection. She thinks we’re in the early days of this current 5 year detection cycle — this time, catalyst is the cloud
“In 2050 when data centers are running on Mars (😂), we’ll have data readily available to make decisions, & humans won’t be needed to make those decisions — the systems will defend themselves” - @argvee
But to get there, @argvee says we need to transition to humans helping the computer understand *why* it’s making a decision — but we’re far from that today
Secure by default is the most important step in cloud native product security, since most users won’t bother to secure or investigate things if they feel confusing — @jessfraz
“The people who say containers aren’t secure haven’t actually broken out of a container” 🔥🔥🔥 - @jessfraz
“The previous model of gaining visibility by collecting 100 data sources & pumping it in a data store then performing analytics on it is probably not actually going to move the needle on the problem at all” — @mhil1
Better strategy is to look into the patterns or classes of attacks they’re experiencing & then moving upstream — moving to a continuous testing model to determine the patterns of activity that need to be tackled — @mhil1
Continuously practicing detection & response capabilities helps the most when dealing with having to secure disparate groups — @BradMaio
A lot of companies are in a “wait and see mode” — they don’t understand what attacks are happening to them, nor using red teams to proactively & continuously test — @BradMaio
“We’ve seen a lot of talk about Spectre and Meltdown, but is anyone exploiting them?” — @argvee
A big benefit of cloud is you can patch in one place & benefit millions of users — CSPs need to embrace that responsibility & customers are expecting it — @argvee
It’s better to use solution providers for security fundamentals & security at scale to free up the security team to focus on more context-specific & unique scenarios — @mhil1
Google got rid of most manual forensics investigation — went from 6 weeks for 70% accuracy to 72 hours for 80% accuracy now. Need to get data in front of the human so the human adds the “why” — @argvee
You want to distribute alerts to the people who have the appropriate context vs having a generic SecOps team filter events — @mhil1
There’s a not a lot of change in the sophistication of attacks over time — companies today aren’t getting breached b/c of super sophisticated attacks, it’s the basics, like unpatched machines for a decade — @BradMaio
No one’s going to go for hard attack like breaking out of a container, they’ll go for the exposed dashboard & get free compute to run their bitcoin miners — @jessfraz
Exposing misconfigured services can result in “remote execution as a service” 😂 — @jessfraz
A benefit of continuous delivery, per @argvee, is you can get patches out the door far faster.

Yet again: infosec & DevOps should be bffs
Most important things that will change infosec: relationships & international trade / economics. You need someone to build relationships across your org to discuss infosec strategy & how it benefits the business — @argvee
Vendors should be more prescriptive & engineer features to be optimized for security vs. confusing configs left up to the company to decide — @mhil1
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Kelly Shortridge
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!