DiscoverCloud Security Podcast by GoogleEP211 Decoding the Underground: Google's Dual-Lens Threat Intelligence Magic
EP211 Decoding the Underground: Google's Dual-Lens Threat Intelligence Magic

EP211 Decoding the Underground: Google's Dual-Lens Threat Intelligence Magic

Update: 2025-02-17
Share

Description

Guest:

Topics:

  • Google's Threat Intelligence Group (GTIG) has a unique position, accessing both underground forum data and incident response information. How does this dual perspective enhance your ability to identify and attribute cybercriminal campaigns?
  • Attributing cyberattacks with high confidence is important. Can you walk us through the process GTIG uses to connect an incident to specific threat actors, given the complexities of the threat landscape and the challenges of linking tools and actors? 
  • There is a difficulty of correlating publicly known tool names with the aliases used by threat actors in underground forums. How does GTIG overcome this challenge to track the evolution and usage of malware and other tools? Can you give a specific example of how this "decoding" process works?
  • How does GTIG collaborate with other teams within Google, such as incident response or product security, to share threat intelligence and improve Google's overall security posture? How does this work make Google more secure?
  • What does Google (and specifically GTIG) do differently than other organizations focused on collecting and analyzing threat-intelligence? Is there AI involved?

Resources:

Comments 
Top Podcasts
The Best New Comedy Podcast Right Now – June 2024The Best News Podcast Right Now – June 2024The Best New Business Podcast Right Now – June 2024The Best New Sports Podcast Right Now – June 2024The Best New True Crime Podcast Right Now – June 2024The Best New Joe Rogan Experience Podcast Right Now – June 20The Best New Dan Bongino Show Podcast Right Now – June 20The Best New Mark Levin Podcast – June 2024
In Channel
EP216 Ephemeral Clouds, Lasting Security: CIRA, CDR, and the Future of Cloud Investigations

EP216 Ephemeral Clouds, Lasting Security: CIRA, CDR, and the Future of Cloud Investigations

2025-03-2431:43

EP215 Threat Modeling at Google: From Basics to AI-powered Magic

EP215 Threat Modeling at Google: From Basics to AI-powered Magic

2025-03-1726:03

EP214 Reconciling the Impossible: Engineering Cloud Systems for Diverging Regulations

EP214 Reconciling the Impossible: Engineering Cloud Systems for Diverging Regulations

2025-03-1029:22

EP213 From Promise to Practice: LLMs for Anomaly Detection and Real-World Cloud Security

EP213 From Promise to Practice: LLMs for Anomaly Detection and Real-World Cloud Security

2025-03-0328:01

EP212 Securing the Cloud at Scale: Modern Bank CISO on Metrics, Challenges, and SecOps

EP212 Securing the Cloud at Scale: Modern Bank CISO on Metrics, Challenges, and SecOps

2025-02-2433:16

EP211 Decoding the Underground: Google's Dual-Lens Threat Intelligence Magic

EP211 Decoding the Underground: Google's Dual-Lens Threat Intelligence Magic

2025-02-1726:02

EP210 Cloud Security Surprises: Real Stories, Real Lessons, Real "Oh No!" Moments

EP210 Cloud Security Surprises: Real Stories, Real Lessons, Real "Oh No!" Moments

2025-02-1026:58

EP209 vCISO in the Cloud: Navigating the New Security Landscape (and Don’t Forget Resilience!)

EP209 vCISO in the Cloud: Navigating the New Security Landscape (and Don’t Forget Resilience!)

2025-02-0329:06

EP208 The Modern CISO: Balancing Risk, Innovation, and Business Strategy (And Where is Cloud?)

EP208 The Modern CISO: Balancing Risk, Innovation, and Business Strategy (And Where is Cloud?)

2025-01-2731:19

EP207 Slaying the Ransomware Dragon: Can a Startup Succeed?

EP207 Slaying the Ransomware Dragon: Can a Startup Succeed?

2025-01-2032:55

EP206 Paying the Price: Ransomware's Rising Stakes in the Cloud

EP206 Paying the Price: Ransomware's Rising Stakes in the Cloud

2025-01-1305:22

EP205 Cybersecurity Forecast 2025: Beyond the Hype and into the Reality

EP205 Cybersecurity Forecast 2025: Beyond the Hype and into the Reality

2025-01-0628:19

EP204 Beyond PCAST: Phil Venables on the Future of Resilience and Leading Indicators

EP204 Beyond PCAST: Phil Venables on the Future of Resilience and Leading Indicators

2024-12-2330:32

EP203 Cloud Shared Responsibility: Beyond the Blame Game with Rich Mogull

EP203 Cloud Shared Responsibility: Beyond the Blame Game with Rich Mogull

2024-12-1637:13

EP202 Beyond Tiered SOCs: Detection as Code and the Rise of Response Engineering

EP202 Beyond Tiered SOCs: Detection as Code and the Rise of Response Engineering

2024-12-0937:09

EP201 Every CTO Should Be a CSTO (Or Else!) - Transformation Lessons from The Hoff

EP201 Every CTO Should Be a CSTO (Or Else!) - Transformation Lessons from The Hoff

2024-12-0236:57

EP200 Zero Touch Prod, Security Rings, and Foundational Services: How Google Does Workload Security

EP200 Zero Touch Prod, Security Rings, and Foundational Services: How Google Does Workload Security

2024-11-2527:38

EP199 Your Cloud IAM Top Pet Peeves (and How to Fix Them)

EP199 Your Cloud IAM Top Pet Peeves (and How to Fix Them)

2024-11-1829:26

EP198 GenAI Security: Unseen Attack Surfaces & AI Pentesting Lessons

EP198 GenAI Security: Unseen Attack Surfaces & AI Pentesting Lessons

2024-11-1127:22

EP197 SIEM (Decoupled or Not), and Security Data Lakes: A Google SecOps Perspective

EP197 SIEM (Decoupled or Not), and Security Data Lakes: A Google SecOps Perspective

2024-11-0429:34

loading
Google Play
Download from Google Play
Castbox
Download from App Store
usUnited States
00:00
00:00
x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

EP211 Decoding the Underground: Google's Dual-Lens Threat Intelligence Magic

EP211 Decoding the Underground: Google's Dual-Lens Threat Intelligence Magic

Anton A Chuvakin