EP143 Cloud Security Remediation: The Biggest Headache?

Guests:

• Tomer Schwartz, Dazz CTO

Topics:

• It seems that in many cases the challenge with cloud configuration weaknesses is not their detection, but remediation, is that true?

• As far as remediation scope, do we need to cover traditional vulnerabilities (in stock and custom code), configuration weaknesses and other issues too?

• One of us used to cover vulnerability management at Gartner, and in many cases the remediation failures [on premise] were due to process, not technology, breakdowns. Is this the same in the cloud? If still true, how can any vendor technology help resolve it?

• Why is cloud security remediation such a headache for so many organizations?

• Is the friction real between security and engineering teams? Do they have any hope of ever becoming BFFs?

• Doesn't every CSPM (and now ASPM too?) vendor say they do automated remediation today? How should security pros evaluate solutions for prioritizing, triaging, and fixing issues?

Resources:

• Video (YouTube, LinkedIn)

• Cloud Security Remediation for Dummies

• EP3 Automate and/or Die?

• EP67 Cyber Defense Matrix and Does Cloud Security Have to DIE to Win?'

• EP54 Container Security: The Past or The Future?

• EP138 Terraform for Security Teams: How to Use IaC to Secure the Cloud

• EP117 Can a Small Team Adopt an Engineering-Centric Approach to Cybersecurity?

• A Guide to Building a Secure SDLC

• 8 Megatrends drive cloud adoption—and improve security for all