Episode Summary

11:11 Systems Director of Product Market Intelligence Brian Knudtson is joined by guests Chris Ray, Amanda Berlin, and Steve Sims for a conversation about detection and response tools. They discuss all the permutations of detect and response tools, what’s necessary for defense in depth, and how much is really just Marketing hype. Define your requirements and you too can become a savvy booth-to-booth hopper who will strategically improve your business’ defenses.

Panel

Cloud Conversations

Topic 1

[03:18] Can you give us a quick lay of the land on how [detect and response models] compare and contrast in these different types of models?

Topic 2

[11:21] Is there anything special around CDR and is it something that companies utilizing the cloud should have in place or if it’s one of those purely marketing type things?

Topic 3

[21:16] Talk a little bit about the need for SIEM. Is there still a need for it and how does it fit in with the detect and response if it does?

Cloud Bites

[01:37] “Everybody made it really, really super easy to go to the cloud and not necessarily that easy to detect and respond to any kind of threat.”  — Amanda Berlin 

[02:31] “ Any amount of visibility that you can gain into what your environment is doing, whether on prem or in the cloud, is good, is great, is wonderful, and you need to do it. So if you’re not doing it, please find a tool and gain visibility into your environment. — Steve Sims 

[04:06] “It doesn’t really matter what you’re talking about when you say EDR or XDR or NDR. What you need to focus on when you’re looking at these solutions, or these technologies, are: what is the end result and how does it integrate with your incident response process in your organization?” — Chris Ray

[04:47] “Detection and response is good because detecting and responding to threats is really hard.” — Chris Ray

[06:17] “There’s a lot of misconception, a lot of marketing, a lot of nonsense out there that says if you don’t have this, you’re not doing security. And that’s absolutely not the case.” — Steve Sims

[07:58] “A really smart approach to anything in the tech space is quantifying what’s painful to you or your organization, writing it down, and then using that as your qualifications or your criteria for selecting a solution, because you can get blown away by the marketing hype” — Chris Ray

[10:59] “You really need to demo the product in your environment, ideally, which is not always possible, but sit down and take a look and make sure it’s actually doing what they say it’s going to do.” — Chris Ray

[13:07] “Cloud providers for detect and response are definitely necessary because you don’t have all of the same issues that you would find on a local network.” — Amanda Berlin

[13:41] “There’s a lot of different things to look at with a CDR, but holistically I think it’s not super special.” — Amanda Berlin

[15:32] “Detection and response is necessary across your entire environment” — Steve Sims 

[22:26] “What you’re doing is effectively just reducing your risk to a point where there is a residual risk that you’re willing to accept.” — Steve Sims