At Cado, our mission is to revolutionize incident response for the cloud — so of course we were keen to attend, speak at, and sponsor the Mandiant/Google Cloud conference, mWise.
mWise is undoubtedly a “grown-up” conference. The tone of the conference this week was simultaneously professional, but kind. Suits, not hoodies. Conversations, not pitches. And plenty of hugs from old friends. Incident response is a small community, and friendships forged over tough engagements are not soon forgotten.
For our talk, Paul Stamp and I shared some of Cado’s lessons learned on how to efficiently respond to incidents in the cloud. Questions from the audience reflected several prominent themes:
- Teams are increasingly creating dedicated forensic accounts in AWS/Azure/GCP and we had some good discussions on the challenges of architecting that correctly.
- Automation is a key component when it comes to incident response in the cloud. Especially when it comes to data that disappears quickly such as in auto-scaling and containerized environments.
- It is still often impossible to effectively respond to breaches in the cloud without either:
- A very thorough and continuous program of enabling logs and telemetry, or
- A forensic capability to go back in time and identify activity before the breach was first identified.
I enjoyed Kevin Mandia’s keynote session, in which he urged the importance of a layered approach. It’s critical to not only have the ability to defend in depth – but also the ability to investigate in depth. “What does assume breach mean in an era of shift left?” is definitely a topic worthy of deeper discussion! Mandia also spoke to the importance of teamwork and the hope of generative AI to reduce work loads. I’ll mostly avoid the temptation to plug the exciting work we’ve done here at Cado. But there is definitely a strong use case for AI in the incident response world.
The keynote left an impression on me, and perhaps we made an impression too, as Mandia was kind enough to give a shout-out to Cado Security in his interview on the topic of promising places in cybersecurity to work, alongside cybersecurity giants like CrowdStrike and SentinelOne.
At conferences like these, it’s always a pleasure to spend so much time with the team and Friends of Cado. Thank you to everyone who stopped by our booth :)
Next year mWise will be in Denver and we hope to see you all there!