Zero Trust step 5A: Stop Breaches—Inspect Every Event Now | The Cybersecurity Podcast

Zero Trust step 5A is where monitoring turns raw logs into decisive action.
Hosts Lieuwe Jan Koning and Rob Maas (Field CTO, ON2IT) expose why MDR alone isn’t protection—and how context closes the gap. Learn to inspect every event, use Indicators of Good/Compromise, and set Rules of Engagement that stop lateral movement and alert fatigue.

• (00:00) - — Welcome & Step 5A (Monitor) setup
  


• (00:37) - — Steps 1–4 recap: protect surfaces, flows, architecture, policy
  


• (04:12) - — MDR vs protection: why “collect all logs” fails
  


• (07:28) - — Events vs logs: inspect every event & retention reality
  


• (10:22) - — Context from protect surfaces: mapping IPs to business systems
  


• (13:41) - — IoG vs IoC vs Unknown: triage model & beating alert fatigue
  


• (17:59) - — Rules of Engagement: automation, kill switch & blast radius (prevention first)

Key Topics Covered
• MDR ≠ protection: why Step 5A only works after Steps 1–4 are in place.
• Events vs logs: what to keep, what to act on, and how to avoid SIEM sprawl.
• Context from protect surfaces: mapping IPs to business systems to triage fast.
• Automation with Rules of Engagement: IoG/IoC/Unknown, kill switches, and reducing blast radius.

If this helped sharpen your Zero Trust monitoring strategy, subscribe to Threat Talks and turn on notifications—don’t miss Step 5B (Maintain).

Additional Resources
• https://on2it.net/zero-trust/
• https://on2it.net/managed-security/protect-surface-management/
• https://on2it.net/wp-content/uploads/2023/02/Zero-Trust-Dictionary-EN.pdf
• https://on2it.net/context-is-key-the-data-challenge-of-cybersecurity/
• https://threat-talks.com/
• https://www.ams-ix.net/

Guest & Host Links:
Rob Maas (Field CTO, ON2IT): https://www.linkedin.com/in/robmaas83/
Lieuwe Jan Koning (Founding Partner, ON2IT): https://www.linkedin.com/in/lieuwejan/

Click here to view the episode transcript.


🔔 Follow and Support our channel! 🔔
=== 
► YOUTUBE: https://youtube.com/@ThreatTalks
► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E
► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520

👕 Receive your Threat Talks T-shirt
https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️
https://threat-talks.com

🕵️ Threat Talks is a podcast created in collaboration with ON2IT and AMS-IX. Each episode features leading cybersecurity experts sharing real-world insights on emerging threats, trends, and defense strategies — helping organizations stay secure in today’s rapidly evolving digital world.

ON2IT website: https://on2it.net/
AMS-IX website: https://www.ams-ix.net/ams