The conversation continues on how intelligent automations can simplify cloud computing compliance.
This segment is sponsored by Aptible. Visit https://securityweekly.com/aptible to learn more about them!
Visit https://www.securityweekly.com/scw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/scw50
Cloud computing services have become the norm for companies — even on-prem die-hards are using hybrid models. This leads to an increased need for compliance evidence. There are more controls in frameworks like SOC 2 and ISO 27001 related to cloud computing services than ever before, which means more effort to prove compliance. Join our session to learn how intelligent automations can simplify cloud computing compliance beyond what you're doing today.
This segment is sponsored by Aptible. Visit https://securityweekly.com/aptible to learn more about them!
Visit https://www.securityweekly.com/scw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/scw50
In the Leadership and Communications section, The Dark Side Of Authentic Leadership, Why CISOs must be students of the business, Top IT certifications and degrees to help you advance your career, and more.
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw194
Marie Ketner from Cybrary joins BSW to discuss how to develop your cybersecurity skills to address your key use cases, including: 1. Skills Development 2. On-boarding 3. Industry Certifications 4. Career Paths
This segment is sponsored by Cybrary. Visit https://cybrary.it/solved to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw194
Lax IoT security exposes smart-irrigation systems, Adobe Flash goes truly end of line in one last update, confidential computing gets a turbo boost with Nitro, link previews show security and privacy problems, and security theatre gets an encore!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/asw128
Discussing what enterprises have to do while adapting legacy apps in to Azure, while doing in a secure, steady way without leaving any gaps. Signal Sciences site extension makes sure your apps are covered across the board, and will protect any app in Azure.
This segment is sponsored by Signal Sciences. Visit https://securityweekly.com/signalsciences to learn more about them!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/asw128
In the Security News, the KashmirBlack botnet is behind attacks on CMSs such as WordPress, Joomla, and Drupal, Cybercriminals are Coming After Your Coffee, irrigation systems and door openers are vulnerable to attacks, if you have Oracle WebLogic exposed to the Internet you are likely already pwned, who needs Internet Explorer any longer? and why isn't MFA more popular?!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/psw672
Polarity uses computer vision that works like augmented reality for your data. It's not a new dashboard to search or a new portal to manage. Polarity augments your existing workflows, enriching your view as you do your work so you can see the story in your data without sacrificing thoroughness or speed. We'll be talking about how analysts are using Polarity to balance thoroughness and speed.
This segment is sponsored by Polarity. Visit https://securityweekly.com/polarity to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/psw672
Only integrating vulnerability characteristics to determine risk leaves half the prioritization canvas empty. Observing and analyzing user interaction and other surrounding software characteristics provide the rich contextual clues to complete the picture.
This segment is sponsored by Vicarius. Visit https://securityweekly.com/vicarius to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/psw672
CrowdStrike's broad visibility into incidents at organizations from every sector, around the globe has yielded insights into current trends in security incidents related to public clouds such as AWS, Azure, and Google Cloud. In this segment we'll discuss recent trends in breaches related to use of the public cloud, and what organizations can do to better prepare and protect themselves.
This segment is sponsored by CrowdStrike. Visit https://securityweekly.com/crowdstrike to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw204
Most folks think about using Conditional access for SaaS applications or access to specific data sources. However, once that data is accessed how do you continuously enforce conditional access "to the data" on an endpoint.
This segment is sponsored by SecureCircle. Visit https://securityweekly.com/securecircle to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw204
Blackpoint Cyber introduces insurance for customers and MSPs, Qualys Extends Integration with Microsoft Azure Defender, GrammaTech CodeSentry now identifies third party code vulnerabilities, AttackIQ integrates with Microsoft Azure Sentinel, Aqua Security announces Kubernetes-native security capabilities and funding updates from Artic Wolf, StackHawk, Eagle Eye Networks and more!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw204
Security monitoring tends to be a topic that companies either avoid, because it sounds too complicated or they tried it and were inundated with data. With proper tuning and asset clarification, security monitoring can save companies money, time and resources.
Visit https://www.securityweekly.com/scw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/scw49
An introduction to CyberGRX and how to get companies working together safely and efficiently. Topics: - Third-party risk management and importance for your organization - The nature of bilateral relationships between vendors and enterprises - The evolution of PCI assessments
This segment is sponsored by CyberGRX. Visit https://securityweekly.com/cybergrx to learn more about them!
Visit https://www.securityweekly.com/scw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/scw49
In the leadership and communications section, Cybersecurity, a risk to all board of directors , Is The Cybersecurity Industry Selling Lemons? Apparently Lots Of Important CISOs Think it Is, 4 critical strategies for tech leaders in Gartner's CIO agenda, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw193
Silo is a cloud-based web isolation platform that separates the things you care about from the things you cannot trust. In this segment, former CIA cyber security officer Matt Ashburn will demonstrate how Silo protects organizations from malicious web-based content, from ransomware to advanced persistent threats. We’ll also see how Silo enables incident response and SOC analysts through security, managed attribution and unified insight into user behavior.
This segment is sponsored by Authentic8. Visit https://securityweekly.com/authentic8 to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw193
NSA publishes list of top vulnerabilities currently targeted by Chinese hackers, Nvidia Warns Gamers of Severe GeForce Experience Flaws, Addressing cybersecurity risk in industrial IoT and OT, Firefox 'Site Isolation' feature enters user testing, expected next year, Google Patches Actively-Exploited Zero-Day Bug in Chrome Browser, and Exit Stage Left: Eradicating Security Theater!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/asw127
With the increased development velocity in cloud environments, cyber resilience is now more important than ever. To achieve cyber resiliency, security needs to be codified through the development life-cycle and security controls need to be implemented through self-healing infrastructure.
This segment is sponsored by Accurics. Visit https://securityweekly.com/accurics to learn more about them!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/asw127
In the Security News, Testing firm NSS Labs closes up shop, stringing vulnerabilities together to pwn the Discord desktop app, a Wordpress plugin aimed at protecting Wordpress does the opposite, the FDA approves the use of a new tool for medical device vulnerability scoring, 8 new hot, steamy, moist cybersecurity certifications, and 5 things you can do to secure your home office without hiring an expert!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/psw671
In 2020 attackers are increasingly targeting firmware and hardware - going below the operating system to hide from traditional security solutions and gain persistence. Both nation state actors and criminals are exploiting vulnerable, exposed firmware on network and VPN devices, and recently a new UEFI rootkit dubbed #MosaicRegressor was found in the wild. We'll discuss how and why attackers are targeting firmware and hardware, and the steps security professionals can take to gain visibility into this attack surface and protect enterprise devices. This segment is sponsored by Eclypsium.
Show Notes: https://wiki.securityweekly.com/psw671
Visit https://securityweekly.com/eclypsium to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Sysmon is a free endpoint monitoring tool published by Microsoft in their sysinternals suite. It generates process creations, network connections, file creations, DNS, and now clipboard monitoring with v12. We'll discuss what's in the events and how to easily visualize and search them with Gravwell's new Sysmon Kit. This segment is sponsored by Gravwell.
Show Notes: https://wiki.securityweekly.com/psw671
Visit https://securityweekly.com/gravwell to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
deepwatch formally launched its Lens Score app on October 20th. Corey joins us to discuss the app, its future, and how it helps CISOs achieve their security outcomes. Corey will also discuss the deepwatch Series B and how we plan to invest the funds.
This segment is sponsored by deepwatch. Visit https://securityweekly.com/deepwatch to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw203
Organizations have millions of vulnerabilities. And our research has shown that those same organizations, large or small, on average, can only fix about one in ten of those vulnerabilities. But as a security practitioner you still need to keep your organization secure, so how do you do that when you can’t possibly fix ALL of your vulnerabilities? Ed Bellis will:
This segment is sponsored by Kenna Security. Visit https://securityweekly.com/kennasecurity to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw203
Palo Alto Networks announces cloud native security platform, Akamai launches new API security tool, SentinelOne secures patent for unique approach to uncovering exploits in their initial payload stage, Splunk helps security teams modernize and unify their security operations in the cloud, and Agile1 Predictive Analytics Risk Scoring helps orgs identify, prioritize and quantify cybersecurity risks!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw203
The client-side or the front end of web applications, aka ‘digital user experience’, actively ingests customer/user information via forms. As the web app's front-end code runs on unmonitored devices, many application security flaws are being leveraged by malware and malicious actors to capture credentials, financial transactions, payment card data, and permit legitimate third-party vendor tools to facilitate unauthorized access or theft of sensitive data causing damages from tens of thousands to hundreds of millions of dollars.
Visit https://www.securityweekly.com/scw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/scw48