EP143 Cloud Security Remediation: The Biggest Headache?

Guests: Tomer Schwartz, Dazz CTO Topics: It seems that in many cases the challenge with cloud configuration weaknesses is not their detection, but remediation, is that true? As far as remediation scope, do we need to cover  traditional vulnerabilities (in stock and custom code), configuration weaknesses and other issues too? One of us used to cover vulnerability management at Gartner, and in many cases the remediation failures [on premise] were due to process, not technology, breakdowns. Is this the same in the cloud? If still true, how can any vendor technology help resolve it? Why is cloud security remediation such a headache for so many organizations? Is the friction real between security and engineering teams? Do they have any hope of ever becoming BFFs? Doesn’t every CSPM (and now ASPM too?) vendor say they do automated remediation today? How should security pros evaluate solutions for prioritizing, triaging, and fixing issues? Resources: Video (YouTube, LinkedIn) Cloud Security Remediation for Dummies EP3 Automate and/or Die? EP67 Cyber Defense Matrix and Does Cloud Security Have to DIE to Win?’ EP54 Container Security: The Past or The Future? EP138 Terraform for Security Teams: How to Use IaC to Secure the Cloud EP117 Can a Small Team Adopt an Engineering-Centric Approach to Cybersecurity? A Guide to Building a Secure SDLC 8 Megatrends drive cloud adoption—and improve security for all