The Gravwell Data Fusion platform is releasing a major update this week. New features make analyzing logs and network data much easier for new users while still keeping the raw power of a unix-like search query pipeline for power users. Gravwell is free for community use and during launch week if you sign up for CE we're bumping the data cap up to 4 GB/day.
This segment is sponsored by Gravwell. Visit https://securityweekly.com/gravwell to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/psw660
Neira Jones discusses how financial services deals with PCI-DSS, other compliance standards, fraud and cyber crime.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw192
Learn about a new paradigm dubbed immutable security. What is immutable security? Why has it become more important than before? Infrastructure is being build and deployed with code, hence we can use this to our advantage and build security in from the start as we've always intended!
This segment is sponsored by Accurics. Visit https://securityweekly.com/accurics to learn more!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw192
Attivo Networks EDN enhancements prevent attackers from fingerprinting an endpoint, CloudPassage Expands Cloud Security Capabilities for Docker, Kubernetes, and Container-related Services on AWS, Digital Shadows announces integration with Atlassian Jira, LogRhythm Releases Version 7.5 of NextGen SIEM Platform and New Open Collector Technology, Cloudflare releases Workers Unbound, a secure serverless computing platform, and more!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw192
Continuing our discussion with John Snyder, our new co-host. Peppering him with questions about the law, hacking, security, compliance, and we might throw in a few of our favorite lawyer movie quotes! "The car that made these two, equal-length tire marks had positraction. You can't make those marks without positraction, which was not available on the '64 Buick Skylark!"
Visit https://www.securityweekly.com/scw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/scw37
John Snyder will lead the discussion about the legal implications of Security and Compliance.
Visit https://www.securityweekly.com/scw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/scw37
Marketing to today’s CISO is no easy task. CISOs have an unprecedented amount of work on their plates with constantly shifting technology, vast amounts of data in motion, regulatory requirements and new threats arising daily. We'll discuss the results of a Merritt Group Survey on Marketing and Selling to the CISO, 2020 Edition.
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/bsw182
Drew Cohen discusses the cybersecurity challenges that have risen with many businesses shifting to WFH environments during the pandemic. We'll review some of the top cybersecurity issues/threats, including home network security, document signing, industrial IoT, and 5G, that businesses should be aware for the second half of 2020.
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/bsw182
TaskRouter JS SDK Security Incident, Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Read-Only Path Traversal Vulnerability, An EL1/EL3 coldboot vulnerability affecting 7 years of LG Android devices, Towards native security defenses for the web ecosystem, Academics smuggle 234 policy-violating skills on the Alexa Skills Store, Apple Security Research Device Program, and What is DevSecOps? Why it's hard to do well!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/asw116
What does it take to fix vulns effectively and efficiently? There's no lack of vulns identified from bug bounties and vuln reporting programs, but not every vuln needs the same attention and not every vuln gets the attention it deserves.
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/asw116
Vulnerable Cellular Routers Targeted in Latest Attacks on Israel Water Facilities, Fugitive Wirecard Executive Jan Marsalek Was Involved In Attempt to Purchase Hacking Team Spyware, 8 Cybersecurity Themes to Expect at Black Hat USA 2020, Twitter says hackers viewed 36 accounts' private messages, and how Thieves Are Emptying ATMs Using a New Form of Jackpotting!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/psw659
Leveraging the unifying power of a cloud-based security platform to provide full context and comprehensive visibility into the entire attack chain for a complete, accurate risk-based analysis and response. The cloud allows you to unify different context vectors like asset discovery, rich normalized software inventory, end of life visibility, vulnerabilities and exploits, misconfigurations, in-depth endpoint telemetry, and network reachability with a powerful backend to correlate it all for accurate assessment, detection and response.
This segment is sponsored by Qualys. Visit https://securityweekly.com/qualys to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/psw659
Zane Lackey joins us once again to talk about Zero Trust, Cloud Security, and the impact of COVID-19 on Digital Transformation! This segment is sponsored by Signal Sciences.
Visit https://securityweekly.com/signalsciences to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/psw659
Tune-in to get the inside scoop on Blackhat 2020! Steve Wylie, Black Hat General Manager, joins us to talk about to what attendees can expect from this year's virtual Blackhat event. Steve discusses the highly-anticipated briefings, trainings, new tracks, community programs, and the all new virtual conference platform.
Show Notes: https://securityweekly.com/esw191
Visit https://www.securityweekly.com/esw for all the latest episodes!
Passwords, keys, and other secrets are becoming an outdated technique for applications to use. They are usually over-privileged, easy to steal, and very hard to handle securely. Developers frequently log them by accident or stash them in unsafe places. The Secretless pattern is a new way of architecting applications that guarantees that the application never handles the secrets it needs to access databases or other secure resources. Secretless architectures open up a whole set of opportunities for a new model of secure application development and governance. This segment is sponsored by CyberArk.
Show Notes: https://securityweekly.com/esw191
Visit https://securityweekly.com/cyberark to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Over the last 15 years the web application landscape has changed more dramatically than many might realize, including the exponential growth in the number of web sites, the rise of complex web apps, the growing web traffic through APIs and more. Let's discuss what this means for enterprises web security and how to mitigate a growing cybersecurity risk.
Show Notes: https://securityweekly.com/esw191
Visit https://securityweekly.com/acunetix to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
PCI Dream Team: Ben Rothke, Jeff Hall, David Mundhenk, Art Cooper answer all of the toughest PCI questions, Part 2!
Show Notes: https://wiki.securityweekly.com/scw36
Visit https://www.securityweekly.com/scw for all the latest episodes!
PCI Dream Team: Ben Rothke, Jeff Hall, David Mundhenk, Art Cooper answer all of the toughest PCI questions.
Show Notes: https://wiki.securityweekly.com/scw36
Visit https://www.securityweekly.com/scw for all the latest episodes!
In the Leadership and Communications section, CISOs undervalued, overworked, burning out, warns CIISec, The 10 Worst Cybersecurity Strategies, AppSec Becomes A Priority For New CISOs/CSOs, and more!
Show Notes: https://wiki.securityweekly.com/bsw181
Visit https://www.securityweekly.com/bsw for all the latest episodes!
The use of Application Control - commonly referred to as whitelisting or Zero Trust Execution - is considered to be a robust and essential Cloud Workload Protection strategy, largely due to the high predictability of cloud environments. But it does not prevent all cyber attacks. Attackers can exploit vulnerabilities in trusted applications or utilize whitelisted apps for malicious intent - referred to as Living off the Land (LotL). App Control also presents some operational headaches for cloud security teams, requiring strict and often unrealistic policies. We will discuss how to build a robust Application Control strategy for your workloads that is informed by these challenges. This segment is sponsored by Intezer.
Show Notes: https://wiki.securityweekly.com/bsw181
Visit https://securityweekly.com/intezer to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
This week, SIGRed – Resolving Your Way into Domain Admin: Exploiting a 17 Year-old Bug in Windows DNS Servers, Introducing Google Cloud Confidential Computing with Confidential VMs, Internet of Things devices: Stick to these security rules or you could face a ban, Google Cloud Unveils 'Confidential VMs' to Protect Data in Use, and more!
Show Notes: https://wiki.securityweekly.com/asw115
Visit https://www.securityweekly.com/asw for all the latest episodes!
Digital transformation is taking the IT industry by storm. As the pace of adoption of public cloud increases, security posture management and governance is usually not top of the mind of cloud engineering teams. Cost of leaving the misconfiguration undetected and not rectified sure adds up and what to say about compromise to reputation. Biarca Patrol grew organically in close collaboration with our customers to address this gap. Biarca Patrol is now being offered widely.
Show Notes: https://wiki.securityweekly.com/asw115
Visit https://www.securityweekly.com/asw for all the latest episodes!
Microsoft fixes critical wormable RCE SigRed in Windows DNS servers, Zoom Addresses Vanity URL Zero-Day, Docker attackers devise clever technique to avoid detection,a massive DDoS Attack Launched Against Cloudflare in Late June, Critical Vulnerabilities Can Be Exploited to Hack Cisco Small Business Routers, and what you need to know about the Twitter Mega Hack!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/psw658
The guys welcome our newest host to the family. John Snyder will replace Matt Alderman on Security and Compliance Weekly. Tune in to hear about how John made the jump from being a trial lawyer in New York to founding AGNES Intelligence, a forensic AI firm that has perfected the application of unsupervised machine learning!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/psw658
With advent of Internet of Things (IoT) and emerging cloud technologies, ensuring continued cybersecurity at scale is a challenging task. An ever growing increase in demand of cybersecurity workforce makes the problem even more challenging. In this talk we will explore how autonomous solutions based on Artificial Intelligence (AI) and Machine Learning (ML) can help in bridging the gap, by automating current cybersecurity tools and techniques. We will also discuss if current AI solutions can be practical at scale or simply marketing/media hype.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/psw658