PLAY PODCASTS
Security Weekly Podcast Network (Video)

Security Weekly Podcast Network (Video)

4,876 episodes — Page 54 of 98

Ekran System & Universal Insider Threat Protection - Part 1 - Oleg Shomonko - SCW #42

Ekran System is a universal insider threat protection platform that combines three essential insider security controls: activity monitoring, access management, and identity management. Functionality is provided in a single universal software platform delivering light-weight agents for all types of endpoints. This segment is sponsored by Ekran System. Visit https://securityweekly.com/ekran to learn more about them! Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/scw42

Sep 8, 202032 min

Slack RCE, Tesla Dodges Ransomware, & Cisco Router 0-Day - PSW #665

The NSA Makes Its Powerful Cybersecurity Tool Open Source, The bizarre reason Amazon drivers are hanging phones in trees near Whole Foods, Elon Musk Confirms Serious Russian Bitcoin Ransomware Attack On Tesla, Foiled By The FBI, Attackers are exploiting two zero-day flaws in Cisco enterprise-grade routers, and the FBI is investigating after an alarmed pilot tells the LAX tower: We just passed a guy in a jet pack! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw665

Sep 6, 20201h 21m

Cybersecurity & Patient Safety - Justin Armstrong - PSW #665

Successful attacks on healthcare entities are steadily increasing. Sophisticated criminals and nation states are focusing more attention on healthcare than ever before. The main goals are to steal money, data and intellectual property, execute ransomware, and attack critical infrastructure. Why do the hackers continue to succeed and what are some effective strategies and tactics to combat this scourge of ransomware? Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw665

Sep 5, 202054 min

Lovable Security: Be a Data Custodian, Not a Data Owner - Fredrick "Flee" Lee - PSW #665

Loveable Security: Flee's approach to cybersecurity is that is should be "loveable." He thinks cybersecurity perpetuates a myth of an elite, isolated team of stealth insiders who are seen as enforcers, instead of as enablers who accelerate innovation by removing obstacles. Data Privacy + CCPA: Flee believes that tech companies should operate as data custodians, instead of data owners, and that CCPA should be the bare minimum that companies do to ensure data privacy. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw665

Sep 5, 202053 min

SWVHSC Micro Interviews: CrowdStrike & Synopsys - Ian McShane, Michael Borohovski - ESW #197

This year we've seen organizations accelerate their so-called digital transformation almost overnight. Now we're getting to the point where security leaders and business owners need to stop and take stock of what happened, what's a temporary band aid, and figure out how to build their strategy without the luxury of getting yelled at by vendor booths in Mandalay Bay. This segment is sponsored by CrowdStrike. Visit https://securityweekly.com/crowdstrike for a totally free trial! CrowdStrike at Black Hat USA 2020 https://www.crowdstrike.blog/join-crowdstrike-at-black-hat-2020/ All applications use APIs—they're nothing new to the development world. But are organizations factoring API security into their broader security strategy effectively? We've seen high-profile breaches at well-known companies stemming from their exposure or use of insecure API endpoints. This raises the question of how your software security initiative addresses the controls you need to ensure the APIs you use and produce are secure. Within this segment, Michael Borohovski will discuss key considerations when designing APIs, along with security controls and security testing that could make or break your software. This segment is sponsored by Synopsys. Visit https://securityweekly.com/synopsys to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw197

Sep 4, 202032 min

SWVHSC Micro Interviews: deepwatch & ExtraHop - Corey Bodzin, Michael Sanders - ESW #197

deepwatch Lens Score - The first SecOps maturity benchmarking and planning app. Answers CISO Questions: How mature is my Security Program? How do I compare to my peers? What one thing should I do next? This segment is sponsored by deepwatch. Visit https://www.deepwatch.com/lens-score/ to try deepwatch Lens Score for free! Every organization gets compromised - it's how you fast you detect and respond that counts. Trends like the overnight move to remote work and the subsequent increase in phishing attacks, the acceleration of cloud adoption, and proliferation of enterprise IoT have expanded the attack surface and complicated the job of security professionals. We'll explore those trends and the opportunity that lay ahead for security teams post-compromise to prevent an event that results in an outage or incident from becoming a full-scale data breach. This segment is sponsored by ExtraHop Networks. Visit https://securityweekly.com/extrahop to learn more about them! For a free trial of Reveal(x)360 visit: www.extrahop.com/swbh Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw197

Sep 4, 202037 min

Anchore Enterprise 2.4, Auth0 Bot Detection, & Bitdefender MDR - ESW #197

Proofpoint's $300 Million buyback program, LogRhythmn Power Users share their use cases, Bitdefender Enhances MDR Service to Increase Proactive Protection and Advanced Detection, Anchore Unveils Enterprise 2.4 With Expanded & Updated Capabilities, and Auth0's new bot detection! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw197

Sep 3, 202032 min

Uber Indictments, Part 2 - Priya Chaudhry - SCW #41

Recent criminal charges against the CSO and CEO of Uber. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/scw41

Sep 3, 202043 min

Uber Indictments, Part 1 - Priya Chaudhry - SCW #41

Recent criminal charges against the CSO and CEO of Uber. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/scw41

Sep 2, 202038 min

7 Keys, 7 Elements, & 7 Quotes - BSW #186

In the Leadership and Communications section, the lucky 7's have it: 7 Keys to Effective Leadership in Our New Normal, The 7 elements of an enterprise cybersecurity culture, 7 Quotes from Military Leaders to Help You Win at Life, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/bsw186

Sep 2, 202021 min

CISO Interview: Role of the CISO, Why Do You Need a vCISO? - Carlos Becerra - BSW #186

Organizations need a highly skilled security chief to drive fundamental initiatives and align activities to address pressing enterprise needs. Proven CISOs (Chief Information Security Officers) are hard to find and essentially they could become challenging to retain and afford. Flexible Virtual CISO model is an excellent choice to achieve your enterprise goals in terms of security. Companies usually face diverse challenges in term of cost, retention, limited talent in a particular location, etc. The solution to achieve operational excellence and drive highly successful security programs at a fraction of the cost, is to hire a vCISO. A Virtual CISO will occupy the same place in the organization a full-time CISO would, but in a more cost-effective way. A vCISO will provide strategy, guidance, and oversight to achieve operational success in security. Operating with an independent voice, they often can escape the internal politics that plague some organizations. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/bsw186

Sep 1, 202037 min

GitHub to Ruby 2.7, CISO Success, & Lessons From Uber - ASW #120

A Tale of Escaping a Hardened Docker container, Four More Bugs Patched in Microsoft's Azure Sphere IoT Platform, Upgrading GitHub to Ruby 2.7, Upgrading GitHub to Ruby 2.7, Redefining What CISO Success Looks Like, and Lessons from Uber: Be crystal clear on the law and your bug bounty policies! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/asw120

Sep 1, 202034 min

Detecting Threats & Avoiding Misconfigs In The Cloud-Age - Marc Tremsal - ASW #120

What are challenges for companies moving to the cloud in forms of security? Marc Tremsal, Director of Product Management - Security at Datadog, will discuss these challenges and how he helps security teams overcome them throughout their cloud transformation. This segment is sponsored by Datadog. Visit https://securityweekly.com/datadog to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/asw120

Aug 31, 202037 min

Predicting Vulnerabilities In Compiled Code - Roi Cohen & Shani Dodge - PSW #664

The growth in software vulnerability exploitation creates a need for better prediction capabilities. Over time, there have been shifts in the ways of discovering vulnerabilities in binary code. Research and development of new tools enables security pros to adopt innovative techniques to scale the process. This segment is sponsored by Vicarius. Visit https://securityweekly.com/vicarius to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw664

Aug 30, 202051 min

SWVHSC Micro Interviews: Polarity & Netsparker - Ferruh Mavituna, Paul Battista - PSW #664

Most analysts will tell you that they balance between being thorough and getting the job done quickly. Paul Battista asked the security community to weigh in on this debate. He'll share what they thought and explain why it's no longer necessary to choose between the two. This segment is sponsored by Polarity. Visit https://www.polarity.io/sw to learn more about them! Take the Polarity Challenge! Get your free community edition by visiting: www.polarity.io/sw Dynamic application security testing (DAST) for web applications has come a long way, establishing a niche market with a variety of offerings. In this segment Ferruh will discuss the big differences in DAST solutions available and help you understand which one is a pure DAST that you could rely on the most in this day and age. This segment is sponsored by Netsparker. Visit https://securityweekly.com/netsparker to get a trial of the best dynamic application scanning solution on the market! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw664

Aug 29, 202034 min

Hacking Tesla's Model 3, 28,000 Printers Hijacked, & iOS 14 Privacy Changes - PSW #664

Google Researcher Reported 3 Flaws in Apache Web Server Software, Medical Data Leaked on GitHub Due to Developer Errors, Experts hacked 28,000 unsecured printers to raise awareness of printer security issues, Tesla Is Cracking Down On Performance-Enhancing Hacks For The Model 3, Former Uber CSO Charged Over Alleged Breach Cover-Up, and Researchers Sound Alarm Over Malicious AWS Community AMIs! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw664

Aug 29, 20201h 38m

Under Pressure - Building Security Into Application Development - Patrick Carey - ESW #196

A recent study by Enterprise Strategy Group, commissioned by Synopsys, revealed that nearly half of the cybersecurity and development professionals surveyed indicate that their organization knowingly pushes vulnerable code into production due to time pressures. In every sector, development and security teams grapple with the competing demands of development velocity and application security. Today, Patrick Carey will join us to talk about how organizations are working to build security into their development toolchains and processes. This segment is sponsored by Synopsys. Visit https://securityweekly.com/synopsys to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw196

Aug 28, 202031 min

"Under the Hoodie:" Rapid7's 2020 Pen Testing Report - Kwan Lin - ESW #196

Penetration testing is the practice of simulating a criminal breach of a sensitive area in order to uncover and fix defensive failures. Rapid7 just released it's 2020 "Under the Hoodie" report which looks at the last 12 months of data exploring the hows and whys of penetration testing, covering mainly internal and external network compromises, with some supplementary data on social engineering and red team simulations. During this podcast we'll talk about some of the key findings and ways you can better secure yourself in the following areas: -Internal network configuration and patch management -Password management and secondary controls - VPNs and internet-based applications This segment is sponsored by Rapid7. Visit https://securityweekly.com/rapid7 to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw196

Aug 28, 202029 min

Elastic Security 7.9, Sumo Logic, & Attivo Networks - ESW #196

Checkmarx Announces GitLab Integration, Panaseer Automates IRM with Archer Integration, How Attivo Networks Strengthens Active Directory Defense, Elastic Security 7.9 delivers a major milestone toward endpoint security integrated into the Elastic Stack, VMware brings Kubernetes to its VMware Fusion and VMware Workstation solutions, and more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw196

Aug 27, 202035 min

Pragmatic Approaches to Cybersecurity Maturity, Part 2 - SCW #40

The SCW Hosts continue the conversation about how to create pragmatic approaches to maturing your cybersecurity program. Reference Slides: https://securityweekly.com/scw-episode-40-reference-slides/ Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/scw40

Aug 27, 202032 min

Pragmatic Approaches to Cybersecurity Maturity, Part 1 - SCW #40

There are a lot of ways to measure/assess the level of organizational maturity of security programs. But, how do you mature your organization? We will discuss practical steps, like prioritizing the to-do list, the balance between people, process, and technology, as well as the balance between policies, standards, procedures vs. technical controls, to develop a pragmatic approach to mature your cybersecurity program. Reference Slides: https://securityweekly.com/scw-episode-40-reference-slides/ Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/scw40

Aug 26, 202030 min

Disrupting Traditional Security Research & Advisory - Edward Amoroso - BSW #185

Ed Amoroso spent over 30 years with AT&T and was frustrated with the security research and advisory firms. We all have our stories, but Ed decided to do something about it. He created TAG Cyber to democratize world-class cyber security research and advisory services. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/bsw185

Aug 26, 202027 min

Employees Resist New Tech, Safer Cloud, & Lowest Data Breaches in 5 Years - BSW #185

In the Leadership and Communications section, Why Do Your Employees Resist New Tech?, Who's Responsible for a Safer Cloud?, Publicly Reported Data Breaches Stand at its Lowest Point in 5 Years, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/bsw185

Aug 25, 202026 min

ATM Attacks, gcploit, & ClusterFuzz - ASW #119

The Confused Mailman: Sending SPF and DMARC passing mail as any Gmail or G Suite customer, ATM makers Diebold and NCR deploy fixes for 'deposit forgery' attacks, Control Flow Guard for Clang/LLVM and Rust, Fuzzing Services Help Push Technology into DevOps Pipeline, and 7 Things to Make DevSecOps a Reality! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/asw119

Aug 25, 202033 min

DevOps-First Application Security For Mid-Markets - Sundar Krish - ASW #119

Mid-markets do have AppSec expertise, the current AppSec products are focused on large enterprises and require AppSec expertise. Sken.ai is the new and the only AppSec scan tool, focused on mid-markets where DevOps can get started without any AppSec expertise. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/asw119

Aug 24, 202035 min

SWVHSC Micro Interviews: Gravwell & Rapid7 - Corey Thuen, Deral Heiland - PSW #663

What use cases are addressed by Threat Hunting Platforms and SIEMs? Where is the overlap and where are the differences? Corey Thuen, Founder of Gravwell, covers the high level and low-level tech that drives these differences. This segment is sponsored by Gravwell. Visit https://securityweekly.com/gravwell to learn more about them! Gravwell is a threat hunting platform built for ingest and search of logs and binary data sources at scale. To learn more, visit: https://www.gravwell.io/summercamp2020 Deral Heiland, Principal Security Research IoT at Rapid7 will focus on the subject of IoT security and hacking, IoT testing and testing methods and related research topics. This segment is sponsored by Rapid7. Visit https://securityweekly.com/rapid7 to learn more about them! Rapid7 Rapid7 Segment Resources: https://www.rapid7.com/research/%0D%0Ahttps://blog.rapid7.com/author/deral-heiland/ To gain access to our latest research (i.e. 2020 Q1 Threat Report, NICER and Under the Hoodie 2020 visit: https://www.rapid7.com/research/ Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw663

Aug 23, 202029 min

Voice Phishers, 'SpiKey' Lock Picking, & Coffee Cup Hackers - PSW #663

New Microsoft Defender ATP Capability Blocks Malicious Behaviors, Voice Phishers Targeting Corporate VPNs, IBM finds vulnerability in IoT chips present in billions of devices, The Sounds a Key Make Can Produce 3D-Printed Replica, US firm accused of secretly installing location tracking SDK in mobile apps, and Disrupting a power grid with cheap equipment hidden in a coffee cup! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw663

Aug 22, 20201h 20m

Protecting Critical Infrastructure In Hybrid Clouds - Dan Perkins, Harry Sverdlove - PSW #663

Customers are concerned about protecting critical services such as Active Directory from compromise. It's game over if AD is compromised. AD environments can be heterogeneous; public cloud, on-prem data centers, clients, servers. It is operationally complex to protect this environment while ensuring smooth business operations How do you deal with changes in the environment? New apps? App updates? New systems? Harry will demo key points of Edgewise's answer to use software identity for microsegmentation and cloud workload protection. This segment is sponsored by Edgewise Networks. Visit https://securityweekly.com/edgewise to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw663

Aug 22, 202055 min

SWVHSC: Micro-Interview - Plextrac & Spirion - Dan DeCloss, Gabe Gumbs - ESW #195

The concept of purple teaming needs to be expanded to incorporate a culture of collaboration across all proactive and reactive activities within enterprise cybersecurity programs. Learn how PlexTrac can aid in all thing purple teaming and drive to the security posture forward for all. This segment is sponsored by PlexTrac. Visit https://securityweekly.com/plextrac to learn more about them! To get one month free, visit: https://securityweekly.com/plextrac Are security operations teams prepared to respond to privacy threats? Although you can achieve security without privacy, namely keeping information safeguarded from those that should not have access, you can not keep data private without security. How can we address this challenge? This segment is sponsored by Spirion. Visit https://securityweekly.com/spirionbh to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw195

Aug 21, 202037 min

SWVHSC: Micro-Interview - Tanium & Vectra - Anton Chuvakin, Chris Morales, Matt Hastings - ESW #195

Matt and Anton will discuss the new integration between Tanium and Chronicle, designed for distributed IT in a remote-work world. The two will explore some of the unique challenges that security teams are facing in light of this change. They will also provide details on the new integrations, which combines comprehensive endpoint telemetry from Tanium with Chronicle s cloud-scale analytics to inform threat hunting and investigations with one year of recorded endpoint activity. This is just the beginning of the partnership between Google Cloud and Tanium. Check out the blog post on Tanium's website to learn more about the future of the partnership and what it means for security. This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them! Risk remains the top concern for organizations adopting software-as-a-service (SaaS) models and this is an issue that is only getting worse. What is needed today is the ability to remove the dependency on human behavior and human error, bringing control back to the security team. Risk in a SaaS environment is largely an identity problem. Specifically, it is a misuse of identity and the privilege access granted to that identity. Before implementing any SaaS platform, you must consider how much access is really being granted in the cloud. More importantly, how is that privilege access being used? This segment is sponsored by Vectra. Visit https://www.vectra.ai/o365 to learn more about them! To see how Vectra can detect attacks in SaaS like Office 365, please visit: https://www.vectra.ai/o365 Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw195

Aug 21, 202031 min

ThreatConnect, Auth0 Bot Detection, & Thycotic Identity Bridge - ESW #195

ThreatConnect Integrates with Microsoft Graph Security API to Strengthen Security Automation, Sectigo unveils Sectigo Quantum Labs to help orgs prepare for quantum computers, Trend Micro to offer comprehensive network and endpoint protection for IoT and 5G private networks, Thycotic Releases Thycotic Identity Bridge, and more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw195

Aug 20, 202037 min

The Principle of Least Privilege & Regulatory Compliance - Matt Tarr - SCW #39

In this episode we will discuss the overarching importance of securing privileged access throughout the organization as it relates to the overall security posture and compliance requirements. CyberArk's Principle Solutions Engineer Matt Tarr will explain the principle of least privilege, its regulatory and security aspects, and how least privilege can be enforced in a real-life implementation. He will also discuss concepts such as just-in-time privileged access, endpoint security, multi-factor authentication, password rotation and other important aspects of managing identity security and privileged access security as it relates to regulation including PCI DSS, GBLA and others. This segment is sponsored by CyberArk. Visit https://securityweekly.com/cyberark to learn more about them! Endpoint Privilege Manager Free Trial: https://www.cyberark.com/products/privileged-account-security-solution/endpoint-privilege-manager/endpoint-privilege-manager-free-trial/ Blueprint for PAM Implementation: https://www.cyberark.com/blueprint/ Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/scw39

Aug 20, 202032 min

Matt Tarr, CyberArk - SCW #39

Matt discusses his position on the Solutions Engineering team at CyberArk. He talks about how his 15 years in Systems and Sales Engineering roles adds a layer of experience at CyberArk. Matt will then explain how CyberArk provides "Security for the Heart of the Enterprise" by adding a layer of security around privileged accounts. This segment is sponsored by CyberArk. Visit https://securityweekly.com/cyberark to learn more about them! Endpoint Privilege Manager Free Trial: https://www.cyberark.com/products/privileged-account-security-solution/endpoint-privilege-manager/endpoint-privilege-manager-free-trial/ Blueprint for PAM Implementation: https://www.cyberark.com/blueprint/ Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/scw39

Aug 19, 202030 min

New Problem Solving Strategies, New Priorities, & Jobs With a Future - BSW #184

In the Leadership and Communications section, CISOs say new problem solving strategies required, How Remote Work is Reshuffling Your Security Priorities and Investments, Security Jobs With a Future -- And Ones on the Way Out and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/bsw184

Aug 19, 202025 min

Ripple20: Finding Vulnerable Devices & Detecting Attacks - Jeff Costlow - BSW #184

Jeff Costlow, Deputy CISO at ExtraHop, will discuss the challenges of detecting and patching Ripple20. Ripple 20 is a series of zero-day vulnerabilities in a widely used low-level TCP/IP software library developed by Treck, Inc. There are two primary attack vectors: Internet Protocol and Domain Name Services. Jeff will discuss ExtraHop's approach to detecting these devices and provide a quick demo of the solution. This segment is sponsored by ExtraHop Networks. Visit https://securityweekly.com/ to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/bsw184

Aug 18, 202029 min

AWS S3 Crypto SDK, ReVoLTE Attack, & Microsoft Bug Bounties - ASW #118

Microsoft Bug Bounty Programs Year in Review: $13.7M in Rewards, In-band key negotiation issue in AWS S3 Crypto SDK for golang, Re­VoL­TE attack can decrypt 4G (LTE) calls to eavesdrop on conversations, Hardware Security Is Hard: How Hardware Boundaries Define Platform Security, How to make your security team more business savvy, and more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/asw118

Aug 18, 202032 min

Immutable Security For Immutable Infrastructure - Cesar Rodriguez - ASW #118

Cesar will demonstrate breach path prediction as well as other features. This segment is sponsored by Accurics. Visit https://securityweekly.com/accurics to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/asw118

Aug 17, 202034 min

Vulnerability Rich - Contextually Blind! - Michael Assraf - PSW #662

It s not uncommon to find the traditional vulnerability assessment report buried under the CISO family picture, compliance books, and his latest blood pressure test. These reports highlight the never-ending battle between security and IT about what s more important: risks to servers and endpoints, or keeping the environment up-to-date and secured. There are even problems within the ranks of each unit. Dysfunctional processes, lack of efficient communication, and rudimentary tools put even more pressure on the CIO and CISO. This segment is sponsored by Vicarius. Visit https://securityweekly.com/vicarius to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw662

Aug 16, 202049 min

Adobe RCEs, Amazon Alexa Vulns, & TeamViewer Flaw - PSW #662

This week, Amazon Alexa One-Click Attack Can Divulge Personal Data, Adobe tackles critical code execution vulnerabilities in Acrobat, Reader, Threat actors managed to control 23% of Tor Exit nodes, SANS Security Training Firm Hit with Data Breach, Unskilled hackers can breach about 3 out of 4 companies, TeamViewer flaw can allow hackers to steal System password, and more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw662

Aug 15, 20201h 51m

Why Elastic Is Making Endpoint Security 'Free And Open' - Mike Nichols - PSW #662

Elastic believes that transparency and collaboration must be the new norm for the greater infosec community to succeed in stopping threats at scale. With many individuals now working from home, new endpoints need to be secured and IT teams are rushing years of planning into a few months to onboard distributed employees and resources – all while managing a global shift that is bringing new adversary behaviors targeting the new remote workforce. Organizations need to react fast, implement new controls, and do it all while managing existing budgets and staff. Making Elastic endpoint security completely free and open helps level the playing field for organizations that are struggling with the typically high cost and complexity of adopting effective endpoint security. This segment is sponsored by Elastic. Visit https://securityweekly.com/elastic to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw662

Aug 15, 202058 min

SWVHSC: Micro-Interview - Bitsight & Threatlocker - Danny Jenkins, Stephen Boyer - ESW #194

Security professionals need to be thinking of the next evolution of the approach from working from home, specifically focusing on the security of the home network for both employees and third party contractors. Stephen Boyer, Co-Founder and CTO, discusses how to rate the risk of these new attack vectors using data BitSight already has... This interview is sponsored by BitSight. To learn more about them, visit: https://securityweekly.com/bitsight ThreatLocker CEO, Danny Jenkins explains why his new approach of blocking everything that is not trusted and only allowing those applications that are approved, is a cleaner and more comprehensive approach to ensuring malware does not end up on your networks. This interview is sponsored by ThreatLocker. To learn more about them, visit: https://www.securityweekly.com/threatlocker Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw194

Aug 14, 202031 min

SWVHSC: Micro-Interview - ReversingLabs & Veracode - Chris Wysopal, Mario Vuksan - ESW #194

Mario Vuksan, CEO and Co-Founder of ReversingLabs discusses modern digital objects, made up of layers of structured code and data, are central to the exchange or storage of information and are becoming increasingly complex. This interview is sponsored by ReversingLabs. To learn more about them, visit: https://www.reversinglabs.com/ Chris Wysopal, Co-Founder, CTO & CISO of Veracode, discusses how DevSecOps has moved security front and center in modern development. Yet security and development teams are driven by different metrics, making it challenging to align on objectives. The move to microservices-driven architecture and the use of containers and serverless has shifted the dynamics of how developers build, test, and deploy code. This interview is sponsored by Veracode. To learn more about them, visit: https://www.veracode.com/ Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw194

Aug 14, 202032 min

GreatHorn, JumpCloud App, & Elite Intelligence - ESW #194

Attivo Networks Announces New Integration with IBM Security Resilient, GreatHorn improves email security with better visibility and intelligent protection, Elite Intelligence Ascends to the Cloud With Recorded Future and Microsoft Azure, Thycotic Releases Privileged Access Management Capabilities for the New Reality of Cloud and Remote Work, Datadog has acquired Undefined Labs, a testing and observability company for developer workflows, and more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw194

Aug 13, 202032 min

Compliance Without Compromise - Part 2 - Jeanette Manfra - SCW #38

The discussion continues with Jeanette Manfra. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/scw38

Aug 13, 202037 min

Compliance Without Compromise - Part 1 - Jeanette Manfra - SCW #38

Government agencies are running in antiquated, fortress-based government clouds under the guise this is the only option for superior security and compliance. However, security and compliance don't have to be a blocker to innovation; they can be part of the transformation. Jeanette will discuss how Google Cloud is enabling this transformation with Assured Workloads for Government by simplifying the compliance configuration process and providing seamless platform compatibility between government and commercial cloud environments. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/scw38

Aug 12, 202033 min

Automating Your Vulnerability Management Program - Mehul Revankar, Sumedh Thakar - PSW #661

In this segment, we discuss the importance of automating the Vulnerability Management Program and discuss Qualys VMDR which takes vulnerability management to the next level bringing detection and response to vulnerability management. For your free trial of Qualys VMDR, visit: https://securityweekly.com/qualys Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw661

Aug 8, 202041 min

SWVHSC: Netgear Flaws, Satellite Spying, & Stealing UltraLoq Keys - PSW #661

How hackers could spy on satellite internet traffic with just $300 of home TV equipment, Smart locks opened with nothing more than a MAC address, 17-Year-Old 'Mastermind' and 2 Others Behind the Biggest Twitter Hack Arrested, Flaw in popular NodeJS express-fileupload module allows DoS attacks and code injection, and how Netgear Won't Patch 45 Router Models Vulnerable to a Serious Flaw! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw661

Aug 8, 20201h 35m

SWVHSC: Observing Disinformation Campaigns - Chad Anderson - PSW #661

Chad talks about the DomainTools COVID research (and how they stumbled on the CovidLock Android ransomware), mapping the Reopen Campaigns in more detail. He will then touch on some of the work he is doing that will be released that maps Twitter hunting into a nice, observable dashboard for the lazy. This segment is sponsored by DomainTools. Visit http://domaintools.com/ to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw661

Aug 7, 202038 min

SWVHSC: Mapping MITRE ATT&CK to PCI DSS - Jeff Man - ESW #193

MITRE ATT&CK seems to be the "next big thing". Every time I hear about it I can't help but wonder, "how do you prevent all these attacks in the first place? Shouldn't that be the end game?" To that end, I set out to map all the recommended "Mitigations" for all the "Techniques" detailed in ATT&CK to see how many are already addressed by what is required in the Payment Card Industry Data Security Standard (PCI DSS). My hypothesis was all of them. The results were interesting and a little surprising, and I'm still trying to figure out how to best use the results and subsequently ATT&CK itself. I will present my findings in the briefing and hopefully generate a discussion about what to do with the results. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw193

Aug 7, 20201h 15m

DigiCert Automation Gateway, Veracode Security Labs, & CyberArk Shadow Admin - ESW #193

Tanium offering new cybersecurity service through a partnership with Google Cloud, CyberArk launches open-source Shadow Admin identification tool for Azure and AWS, Threat Stack Cloud Security Platform extends security observability to AWS Fargate tasks, Polyrize announces its SaaS-based security platform, and more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw193

Aug 6, 202040 min