EP222 From Post-IR Lessons to Proactive Security: Deconstructing Mandiant M-Trends
Update: 2025-04-28
Description
Guests:
- Kirstie Failey @ Google Threat Intelligence Group
- Scott Runnels @ Mandiant Incident Response
Topics:
- What is the hardest thing about turning distinct incident reports into a fun to read and useful report like M-Trends?
- How much are the lessons and recommendations skewed by the fact that they are all “post-IR” stories?
- Are “IR-derived” security lessons the best way to improve security? Isn’t this a bit like learning how to build safely from fires vs learning safety engineering?
- The report implies that F500 companies suffer from certain security issues despite their resources, does this automatically mean that smaller companies suffer from the same but more?
- "Dwell time" metrics sound obvious, but is there magic behind how this is done? Sometimes “dwell tie going down” is not automatically the defender’s win, right?
- What is the expected minimum dwell time? If “it depends”, then what does it depend on?
- Impactful outliers vs general trends (“by the numbers”), what teaches us more about security?
- Why do we seem to repeat the mistakes so much in security?
- Do we think it is useful to give the same advice repeatedly if the data implies that it is correct advice but people clearly do not do it?
Resources:
- M-Trends 2025 report
- Mandiant Attack Lifecycle
- EP205 Cybersecurity Forecast 2025: Beyond the Hype and into the Reality
- EP147 Special: 2024 Security Forecast Report
Comments
In Channel
Download from Google Play
Download from App Store
United States00:00
00:00
x
