Enterprise Security Weekly (Video)

The sudden shift to remote work rocked IT teams around the world–disrupting systems that had been carefully designed to keep the business secure almost overnight. As remote work continues, IT teams will need complete visibility of their network more than ever. ExtraHop's Mike Campfield joins Security Weekly to make the case for why Network Detection and Response (NDR) should have a place in security strategies in 2021. This segment is sponsored by ExtraHop Networks. Visit https://securityweekly.com/extrahop to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw205

A current and active cyberattack is spreading rapidly across organizations, propagating via open redirector domains and subsidiary domains belonging to multiple global brands. The comprehensive and multi-layered attack is delivered via phishing emails, attempting to steal corporate email credentials and deploy malware. Find out how organizations detect this attack. And, we'll discuss how this attack compares to the Proud Boys phishing campaign. This segment is sponsored by GreatHorn. Visit https://securityweekly.com/GreatHorn to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw205

Offsite-training is expensive and inefficient. It takes key resources away from their jobs and then demands even more time from them by requiring that they then train the rest of the team on what they learned. On-demand training for the entire team through platforms like Cybrary enables leads to train and simultaneously develop training programs for the rest of the team that focus on hands-on skill development in the areas that are relevant and tailored. This segment is sponsored by Cybrary. Visit https://cybrary.it/solved to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw205

CrowdStrike's broad visibility into incidents at organizations from every sector, around the globe has yielded insights into current trends in security incidents related to public clouds such as AWS, Azure, and Google Cloud. In this segment we'll discuss recent trends in breaches related to use of the public cloud, and what organizations can do to better prepare and protect themselves. This segment is sponsored by CrowdStrike. Visit https://securityweekly.com/crowdstrike to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw204

Most folks think about using Conditional access for SaaS applications or access to specific data sources. However, once that data is accessed how do you continuously enforce conditional access "to the data" on an endpoint. This segment is sponsored by SecureCircle. Visit https://securityweekly.com/securecircle to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw204

Blackpoint Cyber introduces insurance for customers and MSPs, Qualys Extends Integration with Microsoft Azure Defender, GrammaTech CodeSentry now identifies third party code vulnerabilities, AttackIQ integrates with Microsoft Azure Sentinel, Aqua Security announces Kubernetes-native security capabilities and funding updates from Artic Wolf, StackHawk, Eagle Eye Networks and more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw204

deepwatch formally launched its Lens Score app on October 20th. Corey joins us to discuss the app, its future, and how it helps CISOs achieve their security outcomes. Corey will also discuss the deepwatch Series B and how we plan to invest the funds. This segment is sponsored by deepwatch. Visit https://securityweekly.com/deepwatch to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw203

Organizations have millions of vulnerabilities. And our research has shown that those same organizations, large or small, on average, can only fix about one in ten of those vulnerabilities. But as a security practitioner you still need to keep your organization secure, so how do you do that when you can't possibly fix ALL of your vulnerabilities? Ed Bellis will: Review what years of joint research into vulnerability management with the Cyentia Institute uncovered about the scope of the challenge A breakdown in performance factors by industry and platforms Lay out several factors that drive better remediation performance Provide a deeper understanding of the scope of exposures and how risk informs remediation strategies This segment is sponsored by Kenna Security. Visit https://securityweekly.com/kennasecurity to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw203

Palo Alto Networks announces cloud native security platform, Akamai launches new API security tool, SentinelOne secures patent for unique approach to uncovering exploits in their initial payload stage, Splunk helps security teams modernize and unify their security operations in the cloud, and Agile1 Predictive Analytics Risk Scoring helps orgs identify, prioritize and quantify cybersecurity risks! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw203

Simplifying The Process Of Identifying, Assessing & Mitigating Risks: Liam Downward, CEO of CYRISMA, talks about burdensome technologies that generate bloat within any organization, high licensing costs along with the long deployment times. All of these affect the ROI on organizational resources Time, Money, and People. This segment is sponsored by CYRISMA. Visit https://securityweekly.com/cyrisma to learn more about them! Get 10% off your monthly bill when you sign up! Visit: https://www.cyrisma.com Summarizing the BlackHat Threat Intelligence Report: Matthew Gardiner, Principal Security Strategist, from Mimecast will provide and overview of Mimecast and the results of their Threat Intelligence Report, BlackHat USA Edition, August 2020. This segment is sponsored by Mimecast. Visit https://securityweekly.com/mimecastbh to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw202

Learn about some of the latest techniques attackers are using when phishing and vishing, including how to protect your users! This segment is sponsored by Rapid7. Visit https://securityweekly.com/rapid7 to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw202

Bad Neighbor Vulnerability, FireEye Announced 'Mandiant Advantage: Threat Intelligence' SaaS-based Offering, Aqua's Trivy Now Available as a GitHub Action, Datadog adds Deployment Tracking to its APM to prevent outages related to bad code deploys, and Tenable and the Center for Internet Security Enter Partnership to Bolster Cyber Hygiene Across Public and Private Sectors! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw202

Falcon OverWatch, the CrowdStrike® elite team of threat hunters, has the unparalleled ability to see and stop the most sophisticated threats, leaving adversaries with nowhere to hide. In this segment we'll discuss the OverWatch team's key threat hunting findings from the first half of 2020, as described in the 2020 Threat Hunting Report. The report reviews intrusion trends during that time frame, provides insights into the current landscape of adversary tactics and delivers highlights of notable intrusions OverWatch identified. Download the full report https://www.crowdstrike.com/resources/reports/threat-hunting-report-2020/ Learn about the latest trends in cyber crime and take a deep dive into some of the tactics, techniques and procedures in use by specific cyber crime groups! Visit https://securityweekly.com/crowdstrike to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw201

The appearance of safety and actual security often do not align as closely as we would like to think. As enterprise security products get "smarter", the access that they require to your most sensitive data grows. What are some of the risks associated with common classes of security products? Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw201

Anchore Rolls Out Open Source DevOps Tools, Rapid7 Cloud Identity and Access Management Governance Module for DivvyCloud, Digital Shadows launches access key alerts, Microsoft Azure customers can now implement Datadog as a monitoring solution for their cloud workloads, and Ping Identity unveils PingOne Services! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw201

Data breaches and insider threats are happening, even with costly and complex data protection programs in place. A reimagined approach to data security needs to be taken. This segment is sponsored by SecureCircle. Visit https://securityweekly.com/securecircle to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw200

As attackers grow increasingly sophisticated, artificial intelligence (AI) and machine learning (ML) applications in cybersecurity are no longer a "nice to have." But after years of being tossed around as a buzzword, it's time to demystify AI/ML to expose how far the technologies have come and how they can keep your business secure if leveraged correctly. We discuss what the terms mean, why they're critical for cybersecurity, and how/when to apply different types of AI/ML (including supervised, unsupervised, and deep learning) appropriately. This segment is sponsored by ExtraHop Networks. Visit https://securityweekly.com/extrahop to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw200

ExaGrid releases version 6.0 with Time-Lock for Ransonware Recovery Feature, Microsoft overhauls 'Patch Tuesday', Palantir to begin New York trading on September 30th, Accenture acquires SALT Solutions to build cloud-based industrial IoT platforms, and Code42 Incydr: A cloud-native product that mitigates insider data exposure and exfiltration! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw200

The drivers behind transformation, or roadbloacks, come in different forms. Mergers and acquisitions present both security challenges and opportunities for growth. Legacy technology always presents unique challenges, especially when it comes to security. Of course, everyone wants to be cloud native, but just how far along are you on the journey? Join us for a discussion on these topics with Jimmy Mesta from Signal Sciences! This segment is sponsored by Signal Sciences. Visit https://securityweekly.com/signalsciences to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw199

As organizations grow and get more mature, they are looking for ways to achieve more with less. Join this ESW segment to learn how mature organizations approach web application security at scale, how they achieve greater visibility, shift security left and how they save time for their team whilst building more effective web application security programs. This segment is sponsored by Netsparker. Visit https://securityweekly.com/netsparker to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw199

Acunetix new data retention policies, 5 Things to Ask Your Web App Pen Test Provider, Microsoft's open source tool for sniffing out Windows 10 bugs, Datadog unveils support for distributed tracing for AWS Step Functions via AWS X-Ray, Gravwell's Data Fusion platform breaks the mold of legacy data ingestion engines, and more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw199

Bradon describes Mimecast's "cloud-based resilience platform." What problem(s) they are solving. How they solve it in a unique/differentiated way and the value to the customers. This segment is sponsored by Mimecast. Visit https://securityweekly.com/mimecast to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw198

In today's modern enterprise, where traditional security boundaries have all but disappeared, Identity has become the new security perimeter. In this episode, CyberArk Identity Security expert Corey Williams will explore the concept identity security and its key elements, including Privileged Access Management, Multi-factor Authentication, Single Sign-on, and innovations in machine learning and AI - that are powering Identity Security today. Corey will also explore the Identity Security technology landscape and the evolution of Identity, focusing on Identity Security as an enablement tool in the age of remote work arrangements, growing cloud adoption, and everything mobile. This segment is sponsored by CyberArk. Visit https://securityweekly.com/cyberark to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw198

Yubico Delivers New Security Key the YubiKey 5C NFC, ManageEngine ADSelfService Plus now supports MFA for VPNs to protect remote workforce, Sysdig partners with VulnDB to strengthen vulnerability intelligence reporting, 3 Signs it's Time for a Penetration Test, and CrowdStrike Expands Support for AWS Workloads and Container Deployments! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw198

This year we've seen organizations accelerate their so-called digital transformation almost overnight. Now we're getting to the point where security leaders and business owners need to stop and take stock of what happened, what's a temporary band aid, and figure out how to build their strategy without the luxury of getting yelled at by vendor booths in Mandalay Bay. This segment is sponsored by CrowdStrike. Visit https://securityweekly.com/crowdstrike for a totally free trial! CrowdStrike at Black Hat USA 2020 https://www.crowdstrike.blog/join-crowdstrike-at-black-hat-2020/ All applications use APIs—they're nothing new to the development world. But are organizations factoring API security into their broader security strategy effectively? We've seen high-profile breaches at well-known companies stemming from their exposure or use of insecure API endpoints. This raises the question of how your software security initiative addresses the controls you need to ensure the APIs you use and produce are secure. Within this segment, Michael Borohovski will discuss key considerations when designing APIs, along with security controls and security testing that could make or break your software. This segment is sponsored by Synopsys. Visit https://securityweekly.com/synopsys to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw197

deepwatch Lens Score - The first SecOps maturity benchmarking and planning app. Answers CISO Questions: How mature is my Security Program? How do I compare to my peers? What one thing should I do next? This segment is sponsored by deepwatch. Visit https://www.deepwatch.com/lens-score/ to try deepwatch Lens Score for free! Every organization gets compromised - it's how you fast you detect and respond that counts. Trends like the overnight move to remote work and the subsequent increase in phishing attacks, the acceleration of cloud adoption, and proliferation of enterprise IoT have expanded the attack surface and complicated the job of security professionals. We'll explore those trends and the opportunity that lay ahead for security teams post-compromise to prevent an event that results in an outage or incident from becoming a full-scale data breach. This segment is sponsored by ExtraHop Networks. Visit https://securityweekly.com/extrahop to learn more about them! For a free trial of Reveal(x)360 visit: www.extrahop.com/swbh Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw197

Proofpoint's $300 Million buyback program, LogRhythmn Power Users share their use cases, Bitdefender Enhances MDR Service to Increase Proactive Protection and Advanced Detection, Anchore Unveils Enterprise 2.4 With Expanded & Updated Capabilities, and Auth0's new bot detection! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw197

A recent study by Enterprise Strategy Group, commissioned by Synopsys, revealed that nearly half of the cybersecurity and development professionals surveyed indicate that their organization knowingly pushes vulnerable code into production due to time pressures. In every sector, development and security teams grapple with the competing demands of development velocity and application security. Today, Patrick Carey will join us to talk about how organizations are working to build security into their development toolchains and processes. This segment is sponsored by Synopsys. Visit https://securityweekly.com/synopsys to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw196

Penetration testing is the practice of simulating a criminal breach of a sensitive area in order to uncover and fix defensive failures. Rapid7 just released it's 2020 "Under the Hoodie" report which looks at the last 12 months of data exploring the hows and whys of penetration testing, covering mainly internal and external network compromises, with some supplementary data on social engineering and red team simulations. During this podcast we'll talk about some of the key findings and ways you can better secure yourself in the following areas: -Internal network configuration and patch management -Password management and secondary controls - VPNs and internet-based applications This segment is sponsored by Rapid7. Visit https://securityweekly.com/rapid7 to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw196

Checkmarx Announces GitLab Integration, Panaseer Automates IRM with Archer Integration, How Attivo Networks Strengthens Active Directory Defense, Elastic Security 7.9 delivers a major milestone toward endpoint security integrated into the Elastic Stack, VMware brings Kubernetes to its VMware Fusion and VMware Workstation solutions, and more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw196

The concept of purple teaming needs to be expanded to incorporate a culture of collaboration across all proactive and reactive activities within enterprise cybersecurity programs. Learn how PlexTrac can aid in all thing purple teaming and drive to the security posture forward for all. This segment is sponsored by PlexTrac. Visit https://securityweekly.com/plextrac to learn more about them! To get one month free, visit: https://securityweekly.com/plextrac Are security operations teams prepared to respond to privacy threats? Although you can achieve security without privacy, namely keeping information safeguarded from those that should not have access, you can not keep data private without security. How can we address this challenge? This segment is sponsored by Spirion. Visit https://securityweekly.com/spirionbh to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw195

Matt and Anton will discuss the new integration between Tanium and Chronicle, designed for distributed IT in a remote-work world. The two will explore some of the unique challenges that security teams are facing in light of this change. They will also provide details on the new integrations, which combines comprehensive endpoint telemetry from Tanium with Chronicle s cloud-scale analytics to inform threat hunting and investigations with one year of recorded endpoint activity. This is just the beginning of the partnership between Google Cloud and Tanium. Check out the blog post on Tanium's website to learn more about the future of the partnership and what it means for security. This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them! Risk remains the top concern for organizations adopting software-as-a-service (SaaS) models and this is an issue that is only getting worse. What is needed today is the ability to remove the dependency on human behavior and human error, bringing control back to the security team. Risk in a SaaS environment is largely an identity problem. Specifically, it is a misuse of identity and the privileged access granted to that identity. Before implementing any SaaS platform, you must consider how much access is really being granted in the cloud. More importantly, how is that privileged access being used? This segment is sponsored by Vectra. Visit https://www.vectra.ai/o365 to learn more about them! To see how Vectra can detect attacks in SaaS like Office 365, please visit: https://www.vectra.ai/o365 Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw195

ThreatConnect Integrates with Microsoft Graph Security API to Strengthen Security Automation, Sectigo unveils Sectigo Quantum Labs to help orgs prepare for quantum computers, Trend Micro to offer comprehensive network and endpoint protection for IoT and 5G private networks, Thycotic Releases Thycotic Identity Bridge, and more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw195

Security professionals need to be thinking of the next evolution of the approach from working from home, specifically focusing on the security of the home network for both employees and third party contractors. Stephen Boyer, Co-Founder and CTO, discusses how to rate the risk of these new attack vectors using data BitSight already has... This interview is sponsored by BitSight. To learn more about them, visit: https://securityweekly.com/bitsight ThreatLocker CEO, Danny Jenkins explains why his new approach of blocking everything that is not trusted and only allowing those applications that are approved, is a cleaner and more comprehensive approach to ensuring malware does not end up on your networks. This interview is sponsored by ThreatLocker. To learn more about them, visit: https://www.securityweekly.com/threatlocker Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw194

Mario Vuksan, CEO and Co-Founder of ReversingLabs discusses modern digital objects, made up of layers of structured code and data, are central to the exchange or storage of information and are becoming increasingly complex. This interview is sponsored by ReversingLabs. To learn more about them, visit: https://www.reversinglabs.com/ Chris Wysopal, Co-Founder, CTO & CISO of Veracode, discusses how DevSecOps has moved security front and center in modern development. Yet security and development teams are driven by different metrics, making it challenging to align on objectives. The move to microservices-driven architecture and the use of containers and serverless has shifted the dynamics of how developers build, test, and deploy code. This interview is sponsored by Veracode. To learn more about them, visit: https://www.veracode.com/ Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw194

Attivo Networks Announces New Integration with IBM Security Resilient, GreatHorn improves email security with better visibility and intelligent protection, Elite Intelligence Ascends to the Cloud With Recorded Future and Microsoft Azure, Thycotic Releases Privileged Access Management Capabilities for the New Reality of Cloud and Remote Work, Datadog has acquired Undefined Labs, a testing and observability company for developer workflows, and more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw194

MITRE ATT&CK seems to be the "next big thing". Every time I hear about it I can't help but wonder, "how do you prevent all these attacks in the first place? Shouldn't that be the end game?" To that end, I set out to map all the recommended "Mitigations" for all the "Techniques" detailed in ATT&CK to see how many are already addressed by what is required in the Payment Card Industry Data Security Standard (PCI DSS). My hypothesis was all of them. The results were interesting and a little surprising, and I'm still trying to figure out how to best use the results and subsequently ATT&CK itself. I will present my findings in the briefing and hopefully generate a discussion about what to do with the results. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw193

Tanium offering new cybersecurity service through a partnership with Google Cloud, CyberArk launches open-source Shadow Admin identification tool for Azure and AWS, Threat Stack Cloud Security Platform extends security observability to AWS Fargate tasks, Polyrize announces its SaaS-based security platform, and more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw193

The recent shift to a remote work environment has created new challenges for many businesses and government institutions with profound impacts on organizational security models. Users are no longer protected by the many layers of security found on-premise in the corporate network. Organizations must adapt security policies to support a massive influx of inbound connections. Security teams must consider how to adapt core security concepts like Zero Trust to include remote work environments that include corporate laptops, BYOD devices, and home networking gear. Join our conversation as we discuss how much trust you can put in your devices as well as what organizations are doing to assess and verify device integrity down to the firmware and hardware level. Eclypsium will also discuss the #BootHoleVulnerability research they disclosed last week. This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! To learn more about securing devices down to the firmware and hardware level, visit: https://eclypsium.com/ Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw193

Neira Jones discusses how financial services deals with PCI-DSS, other compliance standards, fraud and cyber crime. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw192

Learn about a new paradigm dubbed immutable security. What is immutable security? Why has it become more important than before? Infrastructure is being built and deployed with code, hence we can use this to our advantage and build security in from the start as we've always intended! This segment is sponsored by Accurics. Visit https://securityweekly.com/accurics to learn more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw192

Attivo Networks EDN enhancements prevent attackers from fingerprinting an endpoint, CloudPassage Expands Cloud Security Capabilities for Docker, Kubernetes, and Container-related Services on AWS, Digital Shadows announces integration with Atlassian Jira, LogRhythm Releases Version 7.5 of NextGen SIEM Platform and New Open Collector Technology, Cloudflare releases Workers Unbound, a secure serverless computing platform, and more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw192

Tune-in to get the inside scoop on Blackhat 2020! Steve Wylie, Black Hat General Manager, joins us to talk about to what attendees can expect from this year's virtual Blackhat event. Steve discusses the highly-anticipated briefings, trainings, new tracks, community programs, and the all new virtual conference platform. Show Notes: https://securityweekly.com/esw191 Visit https://www.securityweekly.com/esw for all the latest episodes!

Passwords, keys, and other secrets are becoming an outdated technique for applications to use. They are usually over-privileged, easy to steal, and very hard to handle securely. Developers frequently log them by accident or stash them in unsafe places. The Secretless pattern is a new way of architecting applications that guarantees that the application never handles the secrets it needs to access databases or other secure resources. Secretless architectures open up a whole set of opportunities for a new model of secure application development and governance. This segment is sponsored by CyberArk. Show Notes: https://securityweekly.com/esw191 Visit https://securityweekly.com/cyberark to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes!

Over the last 15 years the web application landscape has changed more dramatically than many might realize, including the exponential growth in the number of web sites, the rise of complex web apps, the growing web traffic through APIs and more. Let's discuss what this means for enterprises web security and how to mitigate a growing cybersecurity risk. Show Notes: https://securityweekly.com/esw191 Visit https://securityweekly.com/acunetix to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes!

Robb Reck, CISO at Ping Identity, joins ESW to discuss the current focus for some companies including , passwordless authentication, focus on customer identity, and zero trust acceleration during COVID. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode190

Having helped organizations identify, assess, remediate and recover from a significant ransomware attack, Scott describes the step by step process of events organizations will experience living through a ransomware attack and share some lessons learned for both dealing with an attack and for mitigating an organization's susceptibility to an attack. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode190

Why You Need Recorded Futures Ultimate Security Intelligence Kit, Securing the Multi-Cloud Environment through CSPM and SSPM, CyberKnight joins forces with Armis to bring agentless EDR to OT, IoT and ICS environments, Attivo Networks' enhanced EDN solution prevents attackers from seeing or exploiting production data, Check Point Infinity SOC is launched, and more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode190

Given the huge demand for cybersecurity professionals, how can we improve the hiring process to find those who are talented, but may not have an extensive resume? Let's discuss how CTF-style exercises can be used to help enterprises cast a wider net and find more diverse and qualified talent with low friction. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode189

Discussing HITRUST compliance in small and medium environments and how to use automation and scalable practices in the cloud to be both compliant and secure. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode189