A new story from Cloud Security Podcast by Google


Store with sass and other box content much more easily use it, even if they don't have huge teams. On the topic of migrating to sore and adopting sore and why that's getting easier for organizations, I'm curious because we've had a lot of conversations about migration on this podcast, some of it to the cloud, so I'm about to zero trust. And people have said, you know, start with something critical or start with something that nobody will notice. When it comes to your first sore playbook, what's my hello world of soaring? How do I start on the right foot? And don't call it from my Gartner white paper on this because this would be cheating. I had a list of top three use cases back in 2019. It's a good question because everyone's fear without automation is to break something in the operation and business critical. So where you need to start is also where you can start building more confidence in the process. And that's really simple things like codifying the processes, even if you don't automate them at first, at least the main ones just so you have consistency and you can be confident in these are the steps and these are the stages that you want to happen for particular types of alerts. But then the next thing after that is things like enrichment, triage of different alerts, validation, to kind of weed out false positives and not necessarily block anything or delete anything or take down any machine automatically, but add confidence and prioritize threats rather than mitigate them. Slowly, this helps you weed out all the false positives, a lot of noise. Just focus maybe on the things that are first, the most noisy types of alerts that you know that there is a lot of manual operation to investigate them, automate as much as you can from that that would typically be like 80% of the alerts so that the.

Coming up next