This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Podcast 158 question for John Solomon

Posted on 02-08-2024 03:41 AM
johnfranolich
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

Great podcast! thanks. I agree ephemeral artifacts are more challenging when it comes to IR. A couple  questions for John Solomon.  

Q1: When doing IR in the cloud when do you consider a security event an incident? and is that different in the cloud vs. on prem.?

Q2: The security community is struggling to do even monitor ML environments. Part of it is they are trying to understand the technology and what they need to do for basic monitor.  There are a few project around like NVIDIA's Morpheus on github so my question is when it comes to IR around MLSecOps what does malicious look like from your perspective?  And what design requirements do you ask the data scientist to build in when it comes to doing doing IR in ML in the cloud? thanks!

1 1 68
Topic Labels
1 REPLY 1

Posted on --/--/---- --:-- AM
cloudsecuritypm
Staff
Reply posted on --/--/---- --:-- AM

I think the event vs incident discussion is really interesting. I've certainly met teams that have come to see cryptomining as just another event, rather than something that requires full incident response engagement. I'm not sure there's a standard approach out there yet, would love to hear from others on this one. 

 

Probably early days for answer the IR for ML question, but I can give the standard IR answer of make sure you've got logging enabled and reasonable log retention capabilities!