►
From YouTube: Defend Section Group Conversation (Public Livestream)
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
A
Today,
when
talking
about
security,
that
term
gets
used
a
lot
red
versus
blue
and
the
security
group
conversation
did
a
very
good
job,
defining
what
red
team
or
red
team
assessments
are,
but
they
kind
of
give
a
real
high
level
review.
The
goal
is
to
do
a
vulnerability
assessment,
including
penetration
testing,
to
find
weaknesses
within
the
application.
A
Okay,
the
goal
is
to
be
able
to
find
issues
and
verify
your
security
effectiveness
such
that
you
can
begin
to
mitigate
them.
The
other
component,
that
is,
the
Blue
Team
assessment,
which
doesn't
get
talked
about
a
lot,
but
the
goal
of
the
blue
team
assessment
is
to
verify
the
security
policies
and
procedures
work,
as
you
expect
such
that
you
can
find
the
holes
again
and
actively
address
them.
A
I
want
to
highlight
this
here
for
you
for
three
reasons:
one
we
have
both
components
of
them.
I'll
talk
to
that
in
a
second
and
two
as
we
talk
to
our
customers
and
our
users,
this
term
is
becoming
more
and
more
popular
you'll
see
it
spoken
about
a
conferences
regularly,
but
if
you
remember
popular
primary
school
days
or
elementary
school,
depending
where
you
are
in
the
world,
when
you
combine
red
and
blue
together,
you
get
purple.
A
So
I
can't
claim
that
security
industry
has
been
very
unique
and
naming
things,
but
it's
a
good
way
to
remember
that
that
red
team
is
the
offensive
side.
The
blue
team
is
the
defensive
side,
but
this
is
where
get
lab
is
uniquely
positioned,
so
we
can
enable
Oh
our
users
for
purple
teaming-
and
you
can
do
this
red
teaming-
is
the
secure
section
which
we
won't
talk
about
today.
We
can
talk
more
about
an
upcoming,
a
conversation
and
the
blue.
A
So
let's
talk
about
the
defense
section
for
defend
our
goal
is
to
be
able
to
focus
on
defending
applications
and
infrastructure,
as
well
as
helping
our
users
identify
and
catalog
vulnerabilities
and
risk
our
goals
be
able
to
enable
our
users
to
remediate
and
understand
the
issues
that
are
happening
within
their
environment.
And
if
you
want
to
learn
more
about
our
direction
and
our
vision,
you
can
go
to
the
website.
There's
a
lot
of
good
confound
back
we're
also
driven
by
our
guiding
principles.
Listen
first,
then
act
as
the
first
one.
A
Inform
is
our
next
and
for
inform
our
furniture
informing
other
stages,
and
this
is
again
a
unique
key
advantage
for
gitlab,
because
we're
one
integrated,
devops
platform
such
that
defend
can
notify
throughout
whichever
components
it
needs
to
mach
notify
through
and
finally
emphasizing
usability
and
convention
over
configuration
or
defend
right
out
of
the
box.
We
come
with
a
reasonable
policy
for
alerting
on
traffic,
but
that
doesn't
prevent
users
from
going
and
providing
additional
complex
configurations
themselves.
A
Here's
a
list
of
the
defend
team
today,
I
miss
myself
earlier.
You've
also
met
Sam
curve
previously
on
calls
such
as
the
secure
independent
sections
I
do
want
to
also
highlight
we
have
new
employees
as
well.
In
the
last
several
weeks,
we've
had
three
new
employees,
including
myself,
Matt
Wilson
who's,
seen
European
Ford
opponent
and
Wayne
haver,
who
is
the
director
of
engineering
for
the
phone
I'm,
but
I
do
want
also
highlight
that
we
are
actively
hiring.
A
A
We
have
a
lot
of
really
cool
features
coming
up
here
or
the
next
several
releases
and
into
next
year
to
begin
to
fully
expand
that
defend
stage
to
be
covering
all
the
areas
in
which
we
want
to
focus
on
and
with
that
we
can
go
over
to
the
QA
as
of
right.
Now
there
is
no
QA
I
know
nobody's
asking
questions
which
I
can
only
imagine
you
have
lots
of
questions
you
just
have
them
type
them
in
yet.
A
You
or
maybe
I'm
wrong
and
I,
just
a
ssin
was
so
good.
You
have
zero
questions,
which
is
also
fine
and
we
can
give
it
really
back
the
next
15
or
20
minutes.
So
we'll
give
it
a
minute
here
and
while
we
do
that,
you
know
Sam
Matt
Wayne.
Would
you
like
to
say
hello
to
everybody
on
the
on
the
livestream
here
hey?
This
is
DJ.
B
A
That's
user
behavior
analytics
the
the
gold
areas
to
be
able
to
track
user
activity
across
whatever
the
services.
In
the
case
of
us,
we're
gonna
be
talking
about
it
with
regards
to
get
lab
application
and
be
able
to
identify
anomalies
in
behavior
a
good
example
that
would
be
let's
say,
I'll
use
me.
David
always
connects
to
to
get
lab
application
from
Dallas
Texas
where
he
lives,
and
he
only
does
say,
polls
to
basically
see
what
the
latest
code
is.
A
A
You
can
use
us
as
a
good
example
of
that,
so
we're
storing
source
code
for
our
customers,
we're
storing
data
on
their
behaviors
per
the
monitoring
that
we
have,
and
now
all
of
a
sudden,
you
see
that
that
day
is
being
transitioned
from
one
repository
to
another
out
of
get
lab
as
a
whole.
All
these
different
things
that
could
be
flag
to
say:
hey,
there's,
data
potentially
being
lost
or
that
sensitive
and
we'll
have
it
both
as
a
alert
as
well
as
eventually
be
able
to
block
that
type
of
data.
B
C
David
quick
question
for
you:
do
you
see
defend
being
added
to
ultimate,
or
do
you
expect
that
we
might
actually
see
an
ultimate
plus
I
just
want
to
get
a
feel
for
this,
because
when
we
begin
talking
to
our
customers,
I,
don't
want
a
mistake
that
we're
gonna
be
adding
something
into
an
existing
product.
If
that's
not
the
case,
or
do
you
even
have
any
sort
of
line
of
sight
of
that
so.
A
Today,
the
plan
is
for
all
of
it
to
go
into
ultimate
and
I
will
tell
you
that,
based
off
your
comment,
yeah,
there
is
conversations
about
whether
or
not
at
some
point
there
needs
to
be
a
higher
tier
level
based
off
what
we're
offering,
but
our
intent
is
to
continue
our
open
source
and
leading
with
community
first
and
so
we'll
also
be
pulling
parts
to
defend
down
into
premium
starter
or
core.
That
way,
we're
helping
everybody
to
leave
with
the
security
first
mentality.
A
And
so
like
I
could
tell
you
I've
been
here
three
weeks
or
this
in
in
my
fourth
week,
I
I
will
say:
I
stepped
directly
onto
that
topic
and
in
birth
way.
My
first
week
so
I
understand
the
sensitivity
of
it,
but
we
there's
two
components
that
that
we
really
need
to
to
think
about
in
this
kind
of
how
I've
resented
it
for
myself.
A
The
first
is
that
we
do
have
that
core
principle
that
we
want
to
support
the
community,
and
so
we
will
do
that,
especially
with
open
source
solutions,
what
we're
using
to
build
out
our
offering,
but
we
also
understand
there's
additional
value
beyond
what
would
just
be
an
open
source
plug-in,
and
that's
where
you
know
Sam
and
Matt,
and
myself
are
working
very
hard
to
be
able
to
show
that
hey.
You
can
have
amazing
historical
trend
data.
A
You
can
have
dashboards,
you
can
have
control
throughout
your
entire
environment,
that's
more
than
what
somebody
could
just
do
if
they
grabbed
an
open
source
solution.
We're
also
looking
at
how
we
build
out
our
own
offerings.
That
are,
you
know,
commercial
directly
from
us
and
nod
out
as
an
open
source
solution.
I
think
that's
where
we
provide
that
separation
and
can
really
show
that
hey,
hey,
we're
here
to
lead
with
security.
First,
here's
some
things
that
are
in
core
but
long-term,
you
know
or
hey.
E
A
A
So
well
says
again:
I've
not
been
here
more
than
maybe
like
four
weeks,
I
guess
I'm
a
veteran.
They
saw
how
quickly
we're
hiring
now.
What
I've
seen
is
the
threat,
detection,
vulnerability,
management
and
laughs.
I
know
Sam,
you've
been
here,
obviously
longer
than
I
have.
Are
there
anything
specifically?
Have
you
seen
I'll
talk
about.
G
Yeah,
so
those
are
definitely
common
ones.
I've
seen
asked
for
I've
also
seen
some
requests
around
containers
and
cluster
security,
but
one
thing
I
do
want
to
point
out
since
defend
is
a
brand-new
stage
for
gitlab.
You
know
this
is
where
we're
really
relying
on
all
of
you
as
well
too,
as
you're,
interacting
with
customers,
users
prospects.
We
need
that
feedback.
Please
share
with
us,
so
that
we
know
that
we're
going
in
the
right
direction,
we're
focusing
on
the
right
things.
A
H
David
I
can
chime
in
there
too
what
policy
automation.
So
people
understand
that
you
know
with
DevOps
things
move
a
lot
faster,
so
you
have
to
automate
the
policies
because
you
can't
manually
intervene
in
that
sort
of
environment.
So
that's
something
that
we
see
a
lot.
So
that's
not
really
a
capability
in
terms
of,
like
you
know,
a
specific
stovepipe,
but
it's
something
more
across
defend.
I
David
great
great
to
have
you
and
seeing
the
security
defend
team
grow.
One
thing
I'll
share
is:
if
you're
not
sharing
the
screen,
can
you
stop
the
screen
share
and
then
we
can
see
you
talking
because
we
like
that
or
at
least
for
folks
on
YouTube
sure
sure
I
only.
A
I
Love
the
beard
it's
great
and
other
folks
yeah.
My
question
is
just
in
this
last
kind
of
period
and
and
for
other
folks
of
your
team
as
well.
What
was
it
like,
an
engineering
challenge
or
as
you're
building
out
these
features?
What
was
a
challenge
you
encountered
and
how
did
you
address
that
challenge?
Sure.
G
E
I
think
probably
the
biggest
one
is
that
we've
recently
like
trying
to
apply
really
like
kind
of
get
lab
model
or
something
like
modsecurity
modsecurity
is
not
really.
It's
not
really
set
up
for
something
like
a
multi-tenant
environment
or
not
so
much
multi-tenancy,
but
something
like
a
group
cluster
with
many
projects,
and
so
it's
a
bit
of
a
configuration
of
a
convention
approach
and
so
ensuring
that
that
works
for
the
product
and
it's
a
multi
project
environment
has
been
really
interesting.
I
E
Currently,
it's
currently
quite
convention
based
the
complexity
comes
with
the
next
step,
where
we
enable
things
like
blocky
mode.
In
the
case
of
something
like
mod
security,
you
there's
things
like
a
configuration
threshold.
So
if
an
anomaly
score
goes
above
a
certain
point,
it
blocks
requests,
and
so
the
question
really
becomes.
Are
there
same
defaults
for
something
like
anomaly
detection
over
every
app
one
gate
lab,
or
is
that
something
that
we
really
use
those
users
to
determine
like
whether
you,
whether
your
credit,
has
a
higher
anomaly
score
on
average,
then
someone's
payment
processing
app?
E
I
That
is
a
really
that
is
a
super
interesting
challenge
in
terms
of
how
to
how
to
set
those
defaults
in
terms
of
like
an
anomaly
thresholds.
I'll
be
super
interested
to
hear
how
we
progress
in
that
realm
and
I
think
that
John
John
was
asking
about
tiers.
I,
don't
know
John.
If
you
got
all
your
questions
answered
or
for
often
MEC
actually.
J
No
Larry
Larry
did
steal
my
question,
which
is
fine,
but
so
I
came
up
with
a
comment
and
a
question.
It
would
be
nice
to
have
a
smattering
of
all
these
features
in
the
tiers.
In
your
explanation
of
Ueda,
that
sounds
like
advanced
audit
logging,
which
I
think
would
be
really
cool
because
in
premium,
but
my
question
might
be
also
or
all
these
features
going
to
be
at
the
instance
level,
or
will
they
be
at
the
group
or
project
levels?
Maybe
for
folks
who
are
on
comm.
G
Yeah,
to
speak
to
the
instance
versus
group
versus
project
I,
don't
think,
there's
going
to
be
a
one-size-fits-all
answer.
I
think
that
it's
gonna
depend
on
which
category
we
talked
about
specifically
and
as
we
grow
them
out,
capabilities
like
laughs
I
think
are
gonna,
make
more
sense
to
do
at
project
level
or
possibly
group
level
since
they're
we're
gonna
be
talking
about
clusters
and
containers
which
are
generally
going
to
be
specific
to
an
individual
application.
G
But
if
we're
talking
about
maybe
more
broad
features
as
we
look
at
things
like
Ueda
or
DLP,
those
might
make
more
sense
to
look
at
an
instance
level
where
you're
talking
about
an
organization
as
a
whole,
so
I
think
each
of
the
categories
is
gonna
have
a
different
answer
depending
on
you
know.
What
really
is
the
the
problem
we're
trying
to
solve
with
that
category?
What's
the
value
we're
trying
to
deliver
are.
G
D
Okay,
so
neck,
you
want
to
realize
your
question
yeah
sure,
thanks
so
on
slide.
Three
and
five
I
see
the
mention
of
great
teams
and
blue
team.
So
it's
won't
clarify
what
is
the
overlap
or
collaboration
here?
Is
it
features
for
their
red
team?
How
are
we
working
now
without
good
back
to
you
sure
so,.
A
What
we're
looking
to
do
is
secure
and
defend
is
to
enable
both
them
and
our
users
to
be
more
secure,
as
well
as
have
better
visibility
into
their
security
threat,
landscape,
so
I
think
it's
a
great
question,
because
since
I've
started
with
three
and
a
half
weeks
four
weeks
here,
that's
come
up
a
lot.
I
just
want
to
make
sure
that's
clear
to
everybody
that
that's
kind
of
how
the
relationship
works.
It's
very
collaborative
okay
is.
D
A
Way,
I
recommend
in
the
past
people
kind
of
remember,
that
is
the
red
is
the
offensive
side,
so
it's
clearly
sending
bad
stuff
and
the
blue
is
the
defensive
side,
so
they're
protecting
stuff.
So
it's
just
really
about
the
direction
of
the
what
you're
doing,
whether
you're
attacking
it
or
you're
defending
it.