Security Weekly Podcast Network (Video)

Enabling the business requires a nuanced view of verticalization and what it means to an enterprise. Why is this important as CISO's think about how to apply cyber to enterprise resiliency? Mark Fernandes, Global Chief Technology Officer, Security, Risk, and Governance Solutions from MicroFocus, joins us to provide an overview of their Galaxy platform that aligns threats to prioritized risk activities. If you want learn more or sign-up and try Galaxy for free, please visit https://securityweekly.com/galaxy. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw247

In the AppSec News, Safari fixes a privacy leak in IndexedDB, integer arithmetic flaw leads to Linux kernel bug, a look back on Zoom security, SSRF from an URL allow list bypass, a security engineering course and lectures, 25 years of HTTP/1.1 Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw181

It is hard, if not impossible, to secure something you don't know exists. While security professionals spend countless hours on complex yet interesting issues that *may* be exploitable in the future, basic attacks are occurring every day against flaws in code that receives little review. For example, a "dated trend" by effective yet lazy hackers is to search for APIs unknown by security teams, coined "Shadow APIs", then connect to these APIs and extract data. SQL Injection used to be the hack of choice, as a few simple SQL commands would either mean pay dirt or "move on to the next target". Now the same can be said for Shadow API: Find, Connect, Extract. Himanshu will discuss one of many methods that are used in the wild to target Shadow APIs and export large volumes of data with a few clicks of a button or a few lines of code in Python. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw181

In the Enterprise Security News: 1Password plans to do some shopping with their massive Series C, Devo announces a $250M round, Permiso Security and Tromzo emerge backed by both traditional VCs and industry execs, STG spins out McAfee's MVISION XDR product as Trellix - the first of many spinouts, they say, Microsoft reminds us that, in addition to being the industry's largest security vendor, they can also drop $70B on video games if they feel like it, More reminders that open source is essential, but orgs with massive budgets will still treat it as worthless and disposable, Real-world stories of CI/CD pipeline compromises, Is Uber's former CSO going to jail?, and Tom Brady NFTs! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw257

An open discussion of challenges facing software and system architects in small and medium sized businesses. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw257

In the Security News: Malware targets Ukraine, I wonder where that's coming from?, evil Google Docs comments, Russia grabs REvil, funding a dictatorship, Zoom zero clicks, When 9-year old's launch DDoS attacks, 5G interference, and when your Mom steals your brownies! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw724

wpscan is a free tool for scanning WordPress, and let's face it, there are many vulnerabilities to be found in Wordpress! This segment will walk you through installing, configuring and using wpscan. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw724

Modern tech stacks are becoming increasingly complex puzzles of components built in-house and sourced from third-party vendors. With DNS at the center of the infrastructure, and staging and production being sometimes just minutes apart, scanning for CVEs is not enough to stay on top of web threats. There are lots of critical things traditional app scanners won't catch, like dangling DNS records, subdomain takeover and open S3 buckets. To keep their growing attack surface secure, companies need to combine crowdsourced vulnerability detection with solutions that detect outliers and anomalies in their software - before these become an attack vector. In this episode we'll discuss: - Why hunting for vulnerabilities is no longer enough to stay on top of threats - Vulnerability Management vs Attack Surface Management - How security teams can adapt their vulnerability management process to modern dev cycles. Segment Resources: More insights on how to secure your external attack surface: https://detectify.com/resources Free trial of Detectify's attack surface management solutions: https://detectify.com/product/surface-monitoring https://detectify.com/product/application-scanning This segment is sponsored by Detectify. Visit https://securityweekly.com/detectify to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw257

What can we do to raise awareness on issues of mental health for cybersecurity professionals? Neal walks us through some of the issues and ways to deal with them. Neil has also put together training and awareness materials around the subject. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw724

Scams and security flaws in (so-called) web3 and when decentralization looks centralized, SSRF from a URL parsing problem, vuln in AWS Glue, 10 vulns used for CI/CD compromises Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw180

This isn't a story about NPM even though it's inspired by NPM. Twice. The maintainer of the "colors" NPM library intentionally changed the library's behavior from its expected functionality to printing garbage messages. The library was exhibiting the type of malicious activity that typically comes from a compromised package. Only this time users of the library, which easily number in the thousands, discovered this was sabotage by the package maintainer himself. This opens up a broader discussion on supply chain security than just provenance. How do we ensure open source tools receive the investments they need -- security or otherwise? For that matter, how do we ensure internal tools receive the investments they need? Log4j was just one recent example of seeing old code appear in surprising places. Segment resources - https://www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps/ - https://www.zdnet.com/article/when-open-source-developers-go-bad/ - https://www.zdnet.com/article/log4j-after-white-house-meeting-google-calls-for-list-of-critical-open-source-projects/ - https://www.theregister.com/2022/01/17/open_source_closed_wallets_big/ - https://blog.google/technology/safety-security/making-open-source-software-safer-and-more-secure/ - https://docs.linuxfoundation.org/lfx/security/onboarding-your-project - https://arstechnica.com/information-technology/2016/03/rage-quit-coder-unpublished-17-lines-of-javascript-and-broke-the-internet/ Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw180

In the leadership and communications segment, Arming CISOs With the Skills to Combat Disinformation, Is the 'Great Resignation' Impacting Cybersecurity?, Ask These 5 Questions to Decide Your Next Career Move, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw246

In the Enterprise Security News for this week: Pentera announces a $150m Series C - YAU (Yet Another Unicorn), Herjavec Group merges with Fishtech, Google acquires SOAR vendor SIEMplify, A European grocery store buys BAS vendor XM Cyber, Flashpoint acquires vuln intel vendor Risk Based Security, Recorded Future acquires SecurityTrails, Drama in the Israeli cybersecurity news, Security, Analyst is the #1 best job of 2022, Microsoft to start rolling out its own hardware security chip, & Some annoying words get banned! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw256

The Security Weekly 25 index has finally cooled off, closing at 2226.93 on January 13th, 2022, which is an increase of 122.69% (down from last Q) since inception. The NASDAQ Index closed at 14,806.81 on January 13th, 2022, which is an increase of 123.15% (down from last Q) during the same period. It hit another all-time high of 16,057.44 during the quarter. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw246

2021 was the most active year in federal cybersecurity policy. Ever. The Biden administration used executive orders, new regulations, public/private partnerships and novel law enforcement strategies to shore up federal systems and engage with industry. Meanwhile, an otherwise active year in Congress took a hit when several major pieces of legislation like incident reporting mandates and federal cybersecurity reform were left of the NDAA. SC Media government reporter Derek B. Johnson will discuss what came out last year's flurry and what we can expect Congress to prioritize in 2022. Segment Resources: https://www.scmagazine.com/feature/policy/every-month-has-been-cybersecurity-awareness-month-for-the-biden-administration Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw256

Dragos is the Organizer of CanSecWest, PACSEC, originator of PWN2OWN, and does security auditing, and virtual engagement/training. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw723

This week in the Security News: Attacking RDP (from the inside), NetUSB exposed, the old mailing USB drives trick, a persistent DoS in your doorLock, Signal gets a new CEO, attacking the patching software, where does that QR code go, we heard you liked cryptominers, Pluton will fix that and retiring from a jarring career, & more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw723

It's a new year and a time when we make resolutions…which often drop off by the start of February. To keep your security resolutions for 2022, today's show will be about enterprise security pitfalls and the areas corporations should focus on when planning their cybersecurity strategy for the year. Topics will include proper data hygiene; ransomware prevention and recovery techniques; challenges in securing a distributed workforce and the changing role of IT and containing data sprawl. We're looking forward to keeping you informed throughout 2022! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw256

The log4j vulnerability still exists in many environments. Learn how to exploit this vulnerability in our step-by-step guide. Please only use this information for research and testing purposes, and only with permission! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw723

In the leadership and communications section, no, we're not discussing log4j, 2021 recaps or lessons learned, or 2022 new year's resolutions or predictions! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw245

How cloud resources are architected and utilized is different for every organization, but whether cloud native or cloud traditionalist – security risk and complexity are problems. Concerns over account takeover, overprivileged access and the struggle to keep pace with the dynamism of the cloud are driving demand for a better way to secure access. Hear Colby Dyess, Director of Product at Appgate, discuss how the principles of Zero Trust strengthen and simplify access controls across varying cloud architectures. We'll address everything from users connecting to multi-cloud resources, secure service-to-service communication and running security as code. This segment is sponsored by Appgate. Visit https://securityweekly.com/appgate to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw245

There's an understandable focus on "shift left" in modern DevOps and appsec discussions. So what does it take to broaden what we call appsec into something effective for modern apps, whether they're on the web, mobile, or cloud? We'll talk about moving on from niche offerings into successful appsec programs. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw179

The FTC issues a warning about taking log4j seriously, JNDI is elsewhere, cache poisoning shows challenges in normalizing strings, semgrep for refactoring configs with security in mind, the Q4 2021 ThinkstScape quarterly, Salesforce to require MFA Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw179

In our final security weekly segment of the year, we're wrapping up by reminiscing about 2021's biggest, craziest, and most interesting stories. We'll chat about our favorite interviews of the year. Finally, we're sharing our hopes for 2022. What could make it better? Will it be the year we break free from ransomware? Will cyber insurance providers drop all their policyholders? All this, and cryptic hints from Adrian and Tyler! It has been a crazy year and we're looking forward to keeping you informed throughout 2022 as well! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw255

The greatest exploit in the world, throw some more logs on the log4j fire, lock picking with a zip tie, hacking metal detectors, please disclose your vulnerabilities here, bugs in Wifi and Bluetooth have an interesting relationship, not-so-secret backdoors, taking over domain controllers, and interesting precopulatory behavior in darkling beetles! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw722

In the Enterprise Security News for this week, ZeroFox has a $1.4 billion dollar blank check, Corellium raises a $25m series A, GreyNoise makes its data free to help out Log4j sufferers, AWS suffers its third outage in a month (coincidentally hindering GreyNoise's efforts), Ditching Unicorns for Dragons, Yet another easy way to become domain admin, thanks Microsoft, New report finds that current phishing training isn't effective and is even potentially harmful, & more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw255

John joins us to talk about what its like to run scans of the Internet on a regular basis. We'll talk about some trends, such as what is more exposed, what is less exposed, and how select segments of devices impact the security of Internet, such as printers, medial devices, SMB, RDP and more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw722

Log4j, solar winds, tesla hacks, and the wave of high profile appsec problems aren't going to go away with current approaches like SAST and SCA. Why? They are: -40 years old, with little innovation -Haven't solved the problem. In this segment, we talk about fully autonomous application security. Vetted by DARPA in the Cyber Grand Challenge, the approach is different: -Prove bugs, rather than trying to list all of them. -Zero false positives, which leads to better autonomy. Segment Resources: Article on competition: https://www.darpa.mil/about-us/timeline/cyber-grand-challenge Technical article on approach: https://spectrum.ieee.org/mayhem-the-machine-that-finds-software-vulnerabilities-then-patches-them Example vulns discovered: https://forallsecure.com/blog/forallsecure-uncovers-critical-vulnerabilities-in-das-u-boot https://github.com/forallsecure/vulnerabilitieslab Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw255

Many of us, myself included, learned lock picking techniques from Deviant. He comes on the show to talk about physical security in a pandemic, how to train for lock picking and physical security assessments, share some war stories and more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw722

Author of "Why CISOs Fail" is joining us today to tell us about the success of his first book as well as introduce us to his forthcoming book, "Security Hippie. Barak is best known for pioneering the concept of the virtual (or fractional) CISO model nearly two decades ago. Over the twenty years since then he has applied that model and strategy to building, managing and counseling security departments across countless and diverse organizations, including MuleSoft, Amplitude Analytics, Livenation/Ticketmaster, StubHub, Barnes and Noble, bebe Stores and many others. The goal of his new book is to convey security concepts in the form of telling stories, so we hope to hear a few examples from him during the course of the interview. To leave a heartfelt message for Hannah (Jeff's granddaughter): https://www.caringbridge.org/visit/hannahman Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw99

Author of "Why CISOs Fail" is joining us today to tell us about the success of his first book as well as introduce us to his forthcoming book, "Security Hippie. Barak is best known for pioneering the concept of the virtual (or fractional) CISO model nearly two decades ago. Over the twenty years since then he has applied that model and strategy to building, managing and counseling security departments across countless and diverse organizations, including MuleSoft, Amplitude Analytics, Livenation/Ticketmaster, StubHub, Barnes and Noble, bebe Stores and many others. The goal of his new book is to convey security concepts in the form of telling stories, so we hope to hear a few examples from him during the course of the interview. To leave a heartfelt message for Hannah (Jeff's granddaughter): https://www.caringbridge.org/visit/hannahman Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw99

In the leadership and communications section, The Office of the CISO: A Framework for the CISO, America's Cyber-Reckoning, How to Include Cybersecurity Training in Employee Onboarding, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw244

Throughout her career, Sandy Dunn has continued to mature and refine her skills. In the early days, she describes her job as a "hostage negotiator", constantly negotiating between the business teams and the security team. But as you mature, so does your approach to security. Now, Sandy talks about simplifying "knowledge management" to make it easy to understand security and becoming a "business listener" to make the right decisions. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw244

Log4j has more updates and more vulns (but probably not more heartburn...), revisiting outages and whether availability has made it into your threat models, deep dive into hardware security, another data point on bug bounty awards, and looking at risk topics for the next year. This completes another year of the podcast! A very heartfelt thank you to all our listeners! And a special thank you and shout out to the crew that helps make this possible every week -- Johnny, Gus, Sam, and Renee. We'll keep the New Wave / Post-Punk, movie, and pop culture references coming for all the appsec and DevOps topics you can throw our way. Thanks again everyone!! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw178

What does a collaborative approach to security testing look like? What does it take to tackle an entire attack class as opposed to fixing a bunch of bugs? If we can shift from vulnerability mitigation to vulnerability elimination, then appsec would be able to demonstrate some significant wins -- and they need a partnership with DevOps teams in order to do this successfully. Segment Resources https://blog.trailofbits.com/ Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw178

This week in the Enterprise News: Is the art of VC valuations a lie?, Noname Security hits unicorn status, Dazz sounds like an 80's cartoon character and is the latest to join the CSPM category with a mega Series A, LogMeIn spins out Lastpass, We'll talk about Log4Shell for a little bit, but not too much, Everyone forgot that AWS had an outage last week, at least, until they had an outage this week, 83% of IT professionals can't guarantee infrastructure is safe from ex-employees, & Senate approves cyber-loaded defense bill but stripped out incident reporting! All that and more, on this episode of Enterprise Security Weekly! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw254

This week in the Security News: Printing Shellz, the exploit is in the link, 42 CVEs, time to update all of your browsers again, Microsoft App spoofing vulnerability, stealing credit cards in Wordpress, using block chain for C2, MangeEngine 0day, oh and did you hear about the log4j vulnerability? Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw721

Like our interview with Allie Mellen last week (episode 253, check it out also), we have another analyst roundtable here (all ESW hosts are former analysts), discussing one of the hottest new cybersecurity categories - XDR. This discussion will touch on why the only thing about XDR that was a surprise was maybe the name - we all saw this coming, partly due to the failure of other, less effective products and technologies. Perhaps more interesting will be to get Scott's thoughts on where we're going from a macro perspective. Distributed SOC? Automated remediation? Next-gen XDR? Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw254

Since it is Dec 15 - might make sense to have a discussion on what might be coming in 2022 in terms of security - topics could span Ransomware, and other threats as well as technology segments like Zero Trust and SASE, etc. Segment Resources: Barracuda research on Ransomware trends and remote code execution vulns: https://blog.barracuda.com/2021/08/12/threat-spotlight-ransomware-trends/ https://blog.barracuda.com/2021/10/13/threat-spotlight-remote-code-execution-vulnerabilities/ This segment is sponsored by Barracuda Networks. Visit https://securityweekly.com/barracuda to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw721

Not all security is complicated--many aspects boil down to noticing that something is off. Attentive and curious employees are an overlooked safety mechanism, as is handling problems in a constructive way. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw254

Let's talk about the 2021 SANS Holiday Hack Challenge. Lotsa great new stuff this year, with a focus on hardware hacking in a virtual world... plus TWO cons at the North Pole. Segment Resources: www.holidayhackchallenge.com www.counterhack.com www.sans.edu Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw721

Ben Carr will lead us in a discussion about the origins of the role of CISO, roles/responsibilities, and what it's like to be a CISO. We'll touch on qualifications, organizational structure, its place in security and compliance, what it's like to be hero or scapegoat. All this and more! Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw98

Ben Carr will lead us in a discussion about the origins of the role of CISO, roles/responsibilities, and what it's like to be a CISO. We'll touch on qualifications, organizational structure, its place in security and compliance, what it's like to be hero or scapegoat. All this and more! Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw98

In the Leadership and Communications section: 13 traits of a security-conscious board of directors, 7 Strategies for CSO Cybersecurity Survival, 10 Effective Ways You Can Improve Your Communication Skills, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw243

-More than 25% of US hospitals have suffered at least one ransomware attack in the last two years. -Clearly, hospital IT teams, for the first time, the power to see and stop ransomware and other cyberattacks across a hospital's sprawling and fragmented ecosystem of office IT, clinical technologies, and electronic health systems. -Existing security solutions are only capable of detecting cyberthreats on office worker devices, which leaves two-thirds of a hospital's IT environment invisible and undefended. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw243

This week in the AppSec News, Mike & John talk: All about Log4Shell, Mozilla's BigFix bug and new sandbox, Rust in the Linux kernel, path traversals, reflections on the security profession, & more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw177

DevSecOps has been traditionally very people centric. It is hard to measure software security and the landscape is becoming increasingly more complex with container, cloud, and infrastructure. Driving an appsec program at scale is often an art that only few can master and the majority of organizations remain uncovered from an appsec perspective. Measuring DevSecOps and evolving risk-based vulnerability management is a must. Bringing along risk people and GRC has traditionally been challenging. Segment Resources: - AppSec Cali 19 Talk: https://www.youtube.com/watch?v=cegMUjo25Zc - ADDO19: https://www.youtube.com/watch?v=x1p3exzkTIY - Open Security Summit 20 - https://www.youtube.com/watch?v=8myMG36gq4o, https://www.youtube.com/watch?v=mh_P1C1a-CM Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw177

Finally, in the enterprise security news: At least a dozen cybersecurity companies announced raises totaling more than $900m - just in the past week!, Permira proposes to take Mimecast private for $5.8bn, The leader of a Swiss tech company is accused of selling access to text message data for surveillance, A former Ubiquiti developer was behind the big breach announced earlier this year - he unsuccessfully tried to extort his employer, SentinelOne tries to bring mobile security back?, Google and Trail of Bits team up to release a tool that scans for vulnerable Python packages, CISA has assembled a panel that will begin making cybersecurity recommendations, Make sure to stick around for, This week's spicy take - Cloudflare recommends ditching your firewall, and This week's squirrel story - a new streaming service from an unexpected source! All that and more, on this episode of Enterprise Security Weekly! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw253

Riverbed's Network Security Solutions provide the full-fidelity network visibility organizations need to see everything. The rise of cloud and user mobility has increased the complexity and the reach of modern networks, expanding the risk perimeter for cyber-attacks. Riverbed enables organizations to address performance, visibility, and security holistically so they can overcome complexity and fully capitalize on their digital and cloud investments. Segment Resources: https://visibility.riverbed.com/ https://www.riverbed.com/solutions/security.html https://www.riverbed.com/products/npm/netprofiler-advanced-security-module.html This segment is sponsored by Riverbed Technology. Visit https://securityweekly.com/riverbed to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw253

XDR is the buzzword practitioners can't seem to escape. Or is it? Allie Mellen, Forrester Analyst, will cover her research on what XDR is and what it isn't to help practitioners understand what it really means for them. Segment Resources: https://www.forrester.com/blogs/announcing-the-first-and-only-evaluative-research-on-xdr-the-forrester-new-wave-extended-detection-and-response-providers-q4-2021/ https://www.forrester.com/blogs/xdr-faq-frequently-asked-questions-on-extended-detection-and-response/ https://www.forrester.com/blogs/what-security-market-definitions-tell-practitioners/ Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw253