
Security Weekly Podcast Network (Video)
4,876 episodes — Page 55 of 98

SWVHSC: Put Zero Trust in Your Devices - John Loucaides - ESW #193
The recent shift to a remote work environment has created new challenges for many businesses and government institutions with profound impacts on organizational security models. Users are no longer protected by the many layers of security found on-premise in the corporate network. Organizations must adapt security policies to support a massive influx of inbound connections. Security teams must consider how to adapt core security concepts like Zero Trust to include remote work environments that include corporate laptops, BYOD devices, and home networking gear. Join our conversation as we discuss how much trust you can put in your devices as well as what organizations are doing to assess and verify device integrity down to the firmware and hardware level. Eclypsium will also discuss the #BootHoleVulnerability research they disclosed last week. This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! To learn more about securing devices down to the firmware and hardware level, visit: https://eclypsium.com/ Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw193

SWVHSC: "The Failure of Risk Management" - Doug Hubbard - BSW #183
A ground shaking exposé on the failure of popular cyber risk management methods. This book is the first of a series of spinoffs from Douglas Hubbard's successful first book, How To Measure Anything: Finding the Value of "Intangibles" in Business. Learn more on how to quantify risk in terms of dollars and cents in order to build better "business impact" decision makers, visit: https://hubbardresearch.com/ Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/bsw183

SWVHSC: How Security Spending Overlooks the Biggest Risk of All - Matt Ashburn - BSW #183
Global spending on cyber security totals over $100 billion per year, with no upper limit in sight as adversaries remain successful at compromising even well-resourced organizations. Why do adversaries remain successful despite advances in security technologies and risk frameworks? As it turns out, an often-overlooked architecture from 30 years ago is a common thread among many successful attacks. By re-thinking the ubiquitous web browser and its connection to the internet, CIOs and CISOs can nearly eliminate their internet risk surface, provide users the tools and access they need, and free up incident responders to focus on more advanced threats. This segment is sponsored by Authentic8. Visit https://www.authentic8.com/bsw to learn more about them! To download your copy of "The Billion Dollar Security Blanket" by Matt Ashburn, visit: https://www.authentic8.com/bsw Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/bsw183

SWVHSC: Amazon GuardDuty, Sandboxing & Workload Isolation, & No More SHA-1 - ASW #117
Using Amazon GuardDuty to Protect Your S3, OkCupid Security Flaw Threatens Intimate Dater Details, Florida teen charged as "mastermind" in Twitter hack hitting Biden, Bezos, and others, Sandboxing and Workload Isolation, and Microsoft to remove all SHA-1 Windows downloads next week! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/asw117

SWVHSC: How Does Sec Live In A DevOps World? - Mike Rothman - ASW #117
As you go full DevSecOps, where does that leave security operations? Who makes changes that are required? How do you empower (or deputize) app folks or ops folks (DevOps) to make those operational changes? What kind of tooling is going to meet the need for that requirement? DisruptOps puts the concepts into action, empowering developers and ops folks to make the needed security changes quickly, consistently and within the tools they use for their daily tasks. Try it out free of charge and experience the future of security operations. Visit https://disruptops.com/free-evaluation/ Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/asw117

GNU GRUB2 Vulnerability, 'BootHole' Secure Boot Threat, & Garmin Ransomware Hack - PSW #660
A Vulnerability that Allowed Brute-Forcing Passwords of Private Zoom Meetings, Russia's GRU Hackers Hit US Government and Energy Targets, a New tool that detects shadow admin accounts in AWS and Azure environments, BootHole Secure Boot Threat Found In Mostly Every Linux Distro, and Windows 8 And 10, and how Hackers Broke Into Real News Sites to Plant Fake Stories! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw660

MIDAS - Siddharth Bhatia - PSW #660
MIDAS uses unsupervised learning to detect anomalies in a streaming manner in real-time and has become a new baseline. It was designed keeping in mind the way recent sophisticated attacks occur. MIDAS can be used to detect intrusions, Denial of Service (DoS), Distributed Denial of Service (DDoS) attacks, financial fraud and fake ratings. MIDAS combines a chi-squared goodness-of-fit test with the Count-Min-Sketch (CMS) streaming data structures to get an anomaly score for each edge. It then incorporates temporal and spatial relations to achieve better performance. MIDAS provides theoretical guarantees on the false positives and is three orders of magnitude faster than existing state of the art solutions. Check out MIDAS at https://github.com/Stream-AD/MIDAS Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw660

Gravwell Big Bang Release - Corey Thuen - PSW #660
The Gravwell Data Fusion platform is releasing a major update this week. New features make analyzing logs and network data much easier for new users while still keeping the raw power of a unix-like search query pipeline for power users. Gravwell is free for community use and during launch week if you sign up for CE we're bumping the data cap up to 4 GB/day. This segment is sponsored by Gravwell. Visit https://securityweekly.com/gravwell to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw660

Compliance & Fraud Prevention in FinTech - Neira Jones - ESW #192
Neira Jones discusses how financial services deals with PCI-DSS, other compliance standards, fraud and cyber crime. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw192

A New Paradigm: Immutable Security - Om Moolchandani - ESW #192
Learn about a new paradigm dubbed immutable security. What is immutable security? Why has it become more important than before? Infrastructure is being build and deployed with code, hence we can use this to our advantage and build security in from the start as we've always intended! This segment is sponsored by Accurics. Visit https://securityweekly.com/accurics to learn more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw192

CloudPassage, VMware Cloud, & Portshift K8SHIELD - ESW #192
Attivo Networks EDN enhancements prevent attackers from fingerprinting an endpoint, CloudPassage Expands Cloud Security Capabilities for Docker, Kubernetes, and Container-related Services on AWS, Digital Shadows announces integration with Atlassian Jira, LogRhythm Releases Version 7.5 of NextGen SIEM Platform and New Open Collector Technology, Cloudflare releases Workers Unbound, a secure serverless computing platform, and more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw192

Legal Implications of Security & Compliance - Part 2 - SCW #37
Continuing our discussion with John Snyder, our new co-host. Peppering him with questions about the law, hacking, security, compliance, and we might throw in a few of our favorite lawyer movie quotes! "The car that made these two, equal-length tire marks had positraction. You can't make those marks without positraction, which was not available on the '64 Buick Skylark!" Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/scw37

Marketing & Selling to the CISO - BSW #182
Marketing to today's CISO is no easy task. CISOs have an unprecedented amount of work on their plates with constantly shifting technology, vast amounts of data in motion, regulatory requirements and new threats arising daily. We'll discuss the results of a Merritt Group Survey on Marketing and Selling to the CISO, 2020 Edition. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/bsw182

Legal Implications of Security & Compliance - Part 1 - SCW #37
John Snyder will lead the discussion about the legal implications of Security and Compliance. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/scw37

Cybersecurity Challenges in a Teleworking World - Drew Cohen - BSW #182
Drew Cohen discusses the cybersecurity challenges that have risen with many businesses shifting to WFH environments during the pandemic. We'll review some of the top cybersecurity issues/threats, including home network security, document signing, industrial IoT, and 5G, that businesses should be aware for the second half of 2020. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/bsw182

TaskRouter JS SDK, EL1/EL3 Vulnerability, & 234 Alexa Skills Store Violations - ASW #116
TaskRouter JS SDK Security Incident, Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Read-Only Path Traversal Vulnerability, An EL1/EL3 coldboot vulnerability affecting 7 years of LG Android devices, Towards native security defenses for the web ecosystem, Academics smuggle 234 policy-violating skills on the Alexa Skills Store, Apple Security Research Device Program, and What is DevSecOps? Why it's hard to do well! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/asw116

Fixing Vulnerabilities Effectively & Efficiently - John Matherly - ASW #116
What does it take to fix vulns effectively and efficiently? There's no lack of vulns identified from bug bounties and vuln reporting programs, but not every vuln needs the same attention and not every vuln gets the attention it deserves. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/asw116

Cisco Security Flaw, Million Dollar Bounties, & Jackpotting ATMs - PSW #659
Vulnerable Cellular Routers Targeted in Latest Attacks on Israel Water Facilities, Fugitive Wirecard Executive Jan Marsalek Was Involved In Attempt to Purchase Hacking Team Spyware, 8 Cybersecurity Themes to Expect at Black Hat USA 2020, Twitter says hackers viewed 36 accounts' private messages, and how Thieves Are Emptying ATMs Using a New Form of Jackpotting! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw659

The Power of the Cloud Platform: One Single Agent, One Global View - Sumedh Thakar - PSW #659
Leveraging the unifying power of a cloud-based security platform to provide full context and comprehensive visibility into the entire attack chain for a complete, accurate risk-based analysis and response. The cloud allows you to unify different context vectors like asset discovery, rich normalized software inventory, end of life visibility, vulnerabilities and exploits, misconfigurations, in-depth endpoint telemetry, and network reachability with a powerful backend to correlate it all for accurate assessment, detection and response. This segment is sponsored by Qualys. Visit https://securityweekly.com/qualys to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw659

Affects of COVID-19 on Web Applications - Zane Lackey - PSW #659
Zane Lackey joins us once again to talk about Zero Trust, Cloud Security, and the impact of COVID-19 on Digital Transformation! This segment is sponsored by Signal Sciences. Visit https://securityweekly.com/signalsciences to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw659

An Overview of Black Hat USA 2020 - Steve Wylie - ESW #191
Tune-in to get the inside scoop on Blackhat 2020! Steve Wylie, Black Hat General Manager, joins us to talk about to what attendees can expect from this year's virtual Blackhat event. Steve discusses the highly-anticipated briefings, trainings, new tracks, community programs, and the all new virtual conference platform. Show Notes: https://securityweekly.com/esw191 Visit https://www.securityweekly.com/esw for all the latest episodes!

Secretless & the End of Application Secrets as We Know Them - Brian Kelly - ESW #191
Passwords, keys, and other secrets are becoming an outdated technique for applications to use. They are usually over-privileged, easy to steal, and very hard to handle securely. Developers frequently log them by accident or stash them in unsafe places. The Secretless pattern is a new way of architecting applications that guarantees that the application never handles the secrets it needs to access databases or other secure resources. Secretless architectures open up a whole set of opportunities for a new model of secure application development and governance. This segment is sponsored by CyberArk. Show Notes: https://securityweekly.com/esw191 Visit https://securityweekly.com/cyberark to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes!

The Evolution of Enterprise Web Apps & Its Impact on Web Security - Mark Ralls - ESW #191
Over the last 15 years the web application landscape has changed more dramatically than many might realize, including the exponential growth in the number of web sites, the rise of complex web apps, the growing web traffic through APIs and more. Let's discuss what this means for enterprises web security and how to mitigate a growing cybersecurity risk. Show Notes: https://securityweekly.com/esw191 Visit https://securityweekly.com/acunetix to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes!

PCI Dream Team - Part 2 - Arthur Cooper, Ben Rothke, David Mundhenk, Jeff Hall - SCW #36
PCI Dream Team: Ben Rothke, Jeff Hall, David Mundhenk, Art Cooper answer all of the toughest PCI questions, Part 2! Show Notes: https://wiki.securityweekly.com/scw36 Visit https://www.securityweekly.com/scw for all the latest episodes!

PCI Dream Team - Part 1 - Arthur Cooper, Ben Rothke, David Mundhenk, Jeff Hall - SCW #36
PCI Dream Team: Ben Rothke, Jeff Hall, David Mundhenk, Art Cooper answer all of the toughest PCI questions. Show Notes: https://wiki.securityweekly.com/scw36 Visit https://www.securityweekly.com/scw for all the latest episodes!

New CISOs, Overworked CISOs, and 10 Worst Cybersecurity Strategies - BSW #181
In the Leadership and Communications section, CISOs undervalued, overworked, burning out, warns CIISec, The 10 Worst Cybersecurity Strategies, AppSec Becomes A Priority For New CISOs/CSOs, and more! Show Notes: https://wiki.securityweekly.com/bsw181 Visit https://www.securityweekly.com/bsw for all the latest episodes!

Zero Trust Execution as Part of Your Cloud Workload Protection Strategy - Justin Bradley - BSW #181
The use of Application Control - commonly referred to as whitelisting or Zero Trust Execution - is considered to be a robust and essential Cloud Workload Protection strategy, largely due to the high predictability of cloud environments. But it does not prevent all cyber attacks. Attackers can exploit vulnerabilities in trusted applications or utilize whitelisted apps for malicious intent - referred to as Living off the Land (LotL). App Control also presents some operational headaches for cloud security teams, requiring strict and often unrealistic policies. We will discuss how to build a robust Application Control strategy for your workloads that is informed by these challenges. This segment is sponsored by Intezer. Show Notes: https://wiki.securityweekly.com/bsw181 Visit https://securityweekly.com/intezer to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes!

SIGRed RCE, Google Cloud 'Confidential VMs', & Twitter Hack Crypto Scam - ASW #115
This week, SIGRed – Resolving Your Way into Domain Admin: Exploiting a 17 Year-old Bug in Windows DNS Servers, Introducing Google Cloud Confidential Computing with Confidential VMs, Internet of Things devices: Stick to these security rules or you could face a ban, Google Cloud Unveils 'Confidential VMs' to Protect Data in Use, and more! Show Notes: https://wiki.securityweekly.com/asw115 Visit https://www.securityweekly.com/asw for all the latest episodes!

Cloud Security Posture Management & Governance - Bhasker Nallapothula, Kris Rajana - ASW #115
Digital transformation is taking the IT industry by storm. As the pace of adoption of public cloud increases, security posture management and governance is usually not top of the mind of cloud engineering teams. Cost of leaving the misconfiguration undetected and not rectified sure adds up and what to say about compromise to reputation. Biarca Patrol grew organically in close collaboration with our customers to address this gap. Biarca Patrol is now being offered widely. Show Notes: https://wiki.securityweekly.com/asw115 Visit https://www.securityweekly.com/asw for all the latest episodes!

Twitter Mega Hack, 3rd Party IoT Vulns, & Windows DNS SIGRed RCE - PSW #658
Microsoft fixes critical wormable RCE SigRed in Windows DNS servers, Zoom Addresses Vanity URL Zero-Day, Docker attackers devise clever technique to avoid detection,a massive DDoS Attack Launched Against Cloudflare in Late June, Critical Vulnerabilities Can Be Exploited to Hack Cisco Small Business Routers, and what you need to know about the Twitter Mega Hack! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw658

Welcome Our Newest Host! - John Snyder - PSW #658
The guys welcome our newest host to the family. John Snyder will replace Matt Alderman on Security and Compliance Weekly. Tune in to hear about how John made the jump from being a trial lawyer in New York to founding AGNES Intelligence, a forensic AI firm that has perfected the application of unsupervised machine learning! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw658

Artificial Intelligence and Machine Learning in Cybersecurity - Ankur Chowdhary - PSW #658
With advent of Internet of Things (IoT) and emerging cloud technologies, ensuring continued cybersecurity at scale is a challenging task. An ever growing increase in demand of cybersecurity workforce makes the problem even more challenging. In this talk we will explore how autonomous solutions based on Artificial Intelligence (AI) and Machine Learning (ML) can help in bridging the gap, by automating current cybersecurity tools and techniques. We will also discuss if current AI solutions can be practical at scale or simply marketing/media hype. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw658

Auditor Meets Security Pt. 2 - SCW #35 - Brian Tremblay - SCW #35
We continue the discussion with Brian Tremblay, a former auditor who "got religion" when he began to understand the complexities of security and how compliance could help or hinder security program efforts in organizations. We'll also talk about what Brian is doing at Onapsis, and how Onapsis is trying to help solve the problem. To learn more about Onapsis, visit: https://securityweekly.com/onapsis Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode35

Auditor Meets Security Pt. 1 - Brian Tremblay - SCW #35
Auditor turned security professional joins Security & Compliance Weekly to talk about how security misconfigurations and vulnerabilities can lead to compliance problems and the need for organizations to adopt a process of continuous compliance. Learn the best practices leaders can use to identify, monitor, and mitigate compliance risks related to their most critical business applications. To learn more about Onapsis, visit: https://securityweekly.com/onapsis Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode35

What's Next, Board Discussions, and New Cybersecurity Priorities for 2020 - BSW #180
In the Leadership and Communications section, I'm a CISO, what's next?, The Upside of Virtual Board Meetings, The new cybersecurity priorities of 2020, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode180

Security Money - BSW #180
This week, it's our quarterly Security Money update of the Security Weekly 25 Index and the Nasdaq. At the close on July 10th, 2020: - SW25 Index is 1,437.23, which is an increase of 43.72% - NASDAQ Index is 10,617.44, which is an increase of 60.01% Both indexes closed at an all time high on July 10th, 2020 Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode180

Top Bug Bounty Rankings, Zoom 0-Day, & Firefox Send Malware - ASW #114
Microsoft OneDrive client for Windows Qt QML module hijack, Zero-day flaw found in Zoom for Windows 7, Protecting your remote workforce from application-based attacks like consent phishing, Verizon Media, PayPal, Twitter Top Bug-Bounty Rankings, Mozilla suspends Firefox Send service while it addresses malware abuse, and Stop Talking About 'Technical Debt'! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode114

DevSecOps - Judy Ngure - ASW #114
DevSecOps helps build secure applications and part of that approach means security testing. It takes more than knowing the OWASP Top 10 to make bug bounties successful. From techniques for finding flaws to writing clear reports, we'll take a look at modern appsec testing. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode114

RCE Chaos, Zoom 0-Day, & Banning TikTok - PSW #657
Hackers Are Exploiting a 5-Alarm Bug in Networking Equipment, Cisco Talos discloses technical details of Chrome and Firefox flaws, Palo Alto Networks Patches Command Injection Vulnerabilities in PAN-OS, Zoom zero-day flaw allows code execution on victim's Windows machine, and how the Trump administration is looking into ban on TikTok and other Chinese apps! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode657

Fighting IoT Insecurities - Terry Dunlap - PSW #657
Arrested at 17 while hacking with a Commodore 64, Terry went on to work for the US National Security Agency help track terrorists. He left the NSA in 2007 to bootstrap Tactical Network Solutions, an offensive-focused cyber company catering to the world's friendly foreign governments and militaries. In 2017, he spun out ReFirm Labs as an investor-backed company to help fight IoT insecurity. In his spare time, he runs mini-real estate portfolio of rental properties. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode657

IPv6 Tunneling - Joff Thyer - PSW #657
In this technical demo, Joff will show how you can bring up an IPv6 tunnel to learn and play with IPv6 connectivity and basic concepts. This tech segment will largely be a demo on a Debian based Linux system to show you how you might get started with IPv6. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode657

Trends In Enterprise Identity - Robb Reck - ESW #190
Robb Reck, CISO at Ping Identity, joins ESW to discuss the current focus for some companies including , passwordless authentication, focus on customer identity, and zero trust acceleration during COVID. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode190

Living Through a Ransomware Attack - Scott DeLong - ESW #190
Having helped organizations identify, assess, remediate and recover from a significant ransomware attack, Scott describes the step by step process of events organizations will experience living through a ransomware attack and share some lessons learned for both dealing with an attack and for mitigating an organization's susceptibility to an attack. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode190

Signal Sciences, Recorded Future, & CipherCloud - ESW #190
Why You Need Recorded Futures Ultimate Security Intelligence Kit, Securing the Multi-Cloud Environment through CSPM and SSPM, CyberKnight joins forces with Armis to bring agentless EDR to OT, IoT and ICS environments, Attivo Networks' enhanced EDN solution prevents attackers from seeing or exploiting production data, Check Point Infinity SOC is launched, and more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode190

A Hacker's View of Security vs. Compliance - @mzbat - SCW #34
@mzbat is a frequent speaker at hacker conferences, and likes to help folks prepare for job searches by performing mock interviews and resume reviews. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode34

A Professional's View of Security vs. Compliance - Kimber Dowsett - SCW #34
Director of Security Engineering at Truss. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode34

Post-Pandemic CISO, 5 Threats to Resilience, and Time to Rethink Cyber Security - BSW #179
In the Leadership and Communications section, Profile of the Post-Pandemic CISO, Time to rethink business continuity and cyber security, Protecting Remote Workers' Productivity and Performance, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode179

An Honest Conversation About "Response" - Juan Canales, Matt Cauthorn - BSW #179
It's time to come out and say it: "response" means something different to every category in cybersecurity. Yet, it's broadly used with little industry definition. In endpoint detection and response (EDR) systems, "response" refers to a prescriptive set of actions that can be taken with little to no human intervention. For example, if suspicious activity occurs on a device, that device can be automatically quarantined by the EDR tool. In network detection and response, "response" is more broad. The network is too vast and interconnected for blunt responses and therefore requires more surgical precision and investigation. To request a demo with ExtraHop, visit: https://securityweekly.com/extrahop Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode179

Guacamole RCE, PAN-OS Flaw, & A Culture of Resilience - ASW #113
Would you like some RCE with your Guacamole?, Attackers Will Target Critical PAN-OS Flaw, Security Experts Warn, Microsoft releases emergency security update to fix two bugs in Windows codecs, The Current State of Kubernetes Threat Modelling, and How To Build a Culture of Resilience Through Good Habits! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode113

Protecting Mobile Applications - Catherine Chambers, Will Hickie - ASW #113
What do you do if your ambition is to provide security for all the mobile apps in the world? You hire a data scientist! Machine Learning is more than just a buzz word, it is the science behind making decisions quickly and at scale. Catherine Chambers returns to Application Security Weekly with Irdeto's lead data scientist Will Hickie to describe how they turned Mobile Application Security into a data science problem, and what that means for your mobile app. To download the white paper, visit: https://securityweekly.com/irdeto Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode113