Tod Beardsley, research director, will discuss some of the trends in Internet scanning and attacker behavior given there are new Windows vulnerabilities and the workforce working from home. Should you re-train your User Behavior Analytics (UBA) and/or rely on other technologies?
To learn more about Rapid7 or to get a free trial, visit: https://securityweekly.com/rapid7
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/ESWEpisode177
The cybersecurity challenges created by remote workforces and what it takes to deliver security to remote workers while avoiding impacting business operations. How do you continue vulnerability and patch management across endpoints and servers when everyone is working from home?
To learn more about Qualys, visit: https://securityweekly.com/qualys
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/ESWEpisode177
How to Write an Automated Test Framework in a Million Little Steps, Qualys remote endpoint protection solution helps enterprises secure remote workforces, Sysdig Provides the First Cloud-Scale Prometheus Monitoring Offering, Kaspersky Security for Microsoft Office 365 adds protection for SharePoint Online and Microsoft Teams and more!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/ESWEpisode177
Customer perspective on the three topics discussed with RSA in first segment Also: -What is your view of security vs. compliance vs. risk? -What drives your security program initiatives? -What are the biggest challenges in administering a security program?
To learn more about RSA Security, visit: https://securityweekly.com/RSAsecurity
Visit https://www.securityweekly.com/scw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/SCWEpisode22
David Walter from RSA will join us to discuss the following:
-The shift in the enterprise from compliance-based focused initiatives to risk-based ones
-Regulatory changes that are impacting organizations security program/management efforts
-Challenges/Successes associated with automating compliance monitoring efforts/continuous compliance monitoring
To learn more about RSA Security, visit: https://securityweekly.com/RSAsecurity
Visit https://www.securityweekly.com/scw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/SCWEpisode22
In the leadership and communications section, Real Leaders: Abraham Lincoln and the Power of Emotional Discipline, Social Distancing: 15 Ideas for How to Stay Sane, Rethink Your Relationship with Your Vendors, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/BSWEpisode167
How do you protect your assets commensurate with their value if you lack situational awareness of everything communicating on your network thanks to IoT, rogue cloud instances, and shadow IT? If we can agree that EDR doesn't give the full picture, what can the security industry do to combat this challenge both from a technological and a process/culture perspective? Jeff will discuss how asset and risk management is changing and open up a conversation around how the CIA Triad has and is evolving.
For more information, visit: https://securityweekly.com.extrahop
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/BSWEpisode167
Static application security testing (SAST) is critical for uncovering and eliminating issues in proprietary code. However, over 60% of the code in an average application today is composed of open source components. SAST isn't designed to find open source vulnerabilities (CVEs) or identify open source licenses. And manually maintaining a repository of approved open source components for developers is inefficient and time-consuming. That’s where software composition analysis (SCA) comes in. Introducing a new functionality within the Code Sight IDE plugin that combines SAST and SCA in one place to enable secure development.
For more information, visit: https://securityweekly.com/synopsys
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/ASWEpisode101
Singularity is a container runtime that was built from the ground up to live in multi-user environments where POSIX permissions must be respected. In addition to a novel runtime approach, the Singularity Image Format (SIF) differs significantly from other container image formats, with built-in support for full image encryption as well as digital signatures.
For more information, visit: http://sylabs.io/
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/ASWEpisode101
SANS Penetration Testing | Microsoft SMBv3.11 Vulnerability and Patch CVE-20200796 Explained, Drobo 5N2 4.1.1 - Remote Command Injection, $100K Paid Out for Google Cloud Shell Root Compromise, WordPress, Apache Struts Attract the Most Bug Exploits, Run Docker nginx as Non-Root-User.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/PSWEpisode644
Acunetix: Automation as a Solution for Web Application Security - Mark Ralls - RSAC 2020 Mark Ralls, President and Chief Operating Officer at Acunetix, discusses web security challenges in small and medium enterprises and how automation can help fill the skills gap. To schedule a demo with Acunetix, visit: https://securityweekly.com/acunetix Netsparker: How to Scale Web Application Security - Kevin Gallagher - RSAC 2020 Kevin Gallagher, Chief Revenue Officer at Netsparker, discusses how to scale web application security including asset discovery, application scanning, prioritization of results, and more! To get a demo of NetSparker, please visit: https://securityweekly.com/netsparker Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode176
Struggling with how to get your logs from the cloud? Have no fear, Corey and the Security Weekly crew talk about how to configure your logs in the cloud, use cloud-native services to handle the shuffling of logs in and out of the cloud, and control your costs! We conclude by talking a bit about Windows Event logs and overcoming some gotchas.
Visit https://www.securityweekly.com/psw for all the latest episodes!
To learn more about Gravwell, visit: https://securityweekly.com/gravwell
Show Notes: https://wiki.securityweekly.com/PSWEpisode644
The challenges and differentiated values of desktop and laptop protection and administrative tool control (e.g., Powershell, SSH) for remote users and administrators to work securely. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode644
SaltStack: Managing Configuration & Patches with SaltStack - Mehul Revankar - RSAC 2020 Offering open-source and commercial solutions for configuration, patch, and vulnerability management, SaltStack is a must-have! Mehul Ravankar provides us with details about the various products and new features including the ability to import vulnerability scan data and remediate! To request a demo with SaltStack, visit: https://securityweekly.com/saltstack Synopsys: Enabling Developers Without Negatively Impacting Their Velocity - Utsav Sanghani - RSAC 2020 Utsav Sanghani, Senior Product Manager from Synopsys, discusses the latest efforts to enable developers in ensuring that software security is accounted for in their work without negatively impacting their velocity. To get a demo of Synopsys, please visit: https://securityweekly.com/synopsys Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode176
Fortinet Introduces Self-Learning AI Appliance for Sub-Second Threat Detection Enterprise IT World, GreatHorn Offers Free Email Protection for 60 Days, ZeroNorth raises $10M to further expand engineering, customer support and sales, WordPress to get automatic updates for plugins and themes, and more!! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode176
Compliance requirements and SecOps frameworks like NIST - checking boxes rather than a ‘holistic’ view? The vendor eco-system feeding on checking boxes (of which we are one, we HAVE to be.) RSA’s theme this year: ‘the human factor’. Are CFOs driving technical decisions that put SecOps teams underwater? Investing in Protect vs. Detect vs. Responding tools/resources Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode21
Compliance requirements and SecOps frameworks like NIST - checking boxes rather than a ‘holistic’ view? The vendor eco-system feeding on checking boxes (of which we are one, we HAVE to be.) RSA’s theme this year: ‘the human factor’. Are CFOs driving technical decisions that put SecOps teams underwater? Investing in Protect vs. Detect vs. Responding tools/resources Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode21
What data compliance regulations apply to a Las Vegas hospital with California patients? One major compliance fine can lead to a big financial hit and a complete loss of customer trust, so understanding ‘where your data lives’ and how the law shifts based on the location of data collection, storage and transfer is paramount. With no overarching federal data law, each state can (and does) require different duties from organizations that collect and keep data. A big challenge for compliance teams is figuring out which state (or states) claim your data. Unfortunately, the legal world of intangible data property is complicated and sometimes even contradictory. I will also preview my InfoSec World 2020 session - Cyberlaw Year in Review. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode166
Data of millions of eBay and Amazon shoppers exposed as another supply chain casualty, Announcing Bottlerocket, a new open source Linux-based operating system purpose-built to run containers, and The DevOps Sweet Spot: Inserting Security at Pull Requests (Part 1). Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode100
Due to a combination of a) development teams embracing Agile and DevOps and b) that security teams are often outnumbered by developers 100:1 or more in many companies, there's been a fundamental shift in how security teams need to operate. I've spent a significant amount of time studying how security teams at companies, large and small, have attempted to adapt to this new reality. There are a number of interesting trends in how work is prioritized, continuous code scanning (static and dynamic), scaling threat modeling and detection & response, investing in secure defaults, asset inventory, self-healing cloud environments, and more. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode100
In the leadership and communications segment, Drowning in a Sea of Alerts, Boeing taps Qantas exec Susan Doniz as CIO, CIO interview: Ian Cohen, chief product and technology officer, at Addison Lee, and more. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode166
COVID-19, among other things, has deemed it necessary for many to work from home. There are several security concerns that need to be raised, such as those who work from home still require access to data and services. How many will store sensitive information on their personal computers? How will attackers change their strategy to target those working from home? Tune in to this segment for the full discussion! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode643
Hacks performed on connected & IoT devices, such as routers, security cameras, smart meters, etc. are increasingly common, and revealing major vulnerabilities in existing security measure. This vicious cycle of hack & patch can be broken by adopting a new approach that introduces the role of flash memory in securing devices.
Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode643
Girls Who Hack teaches classes primarily to middle school girls on hacking and making. Secure Open Vote is an end to end, open source election system that is in the design stages. www.BiaSciLab.com www.GirlsWhoHack.com www.SecureOpenVote.com Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode643
ExtraHop - Agents and logs don't play well in an IoT environment, however the network doesn't lie. Looking at the behaviors of IoT devices through the lens of the network traffic can help build an asset inventory help detect attacks. Corey Bodzin is the VP of Product Management for ExtraHop and discusses how network visibility can help with IoT security. To try RevealX Cloud for Free visit: https://securityweekly.com/extrahop Bandura - Todd Weller, Chief Strategy Officer at Bandura Cyber, provides an update on Bandura Cyber and discusses the latest trends and dynamics in threat intelligence. To find out more about Bandura Cyber, please email Todd.Weller@banduracyber.com Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode175