Info

Security Weekly Podcast Network (Video)

This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
RSS Feed Subscribe in Apple Podcasts
Security Weekly Podcast Network (Video)
2024
May
April
March
February
January


2023
December
November
October
September
August
July
June
May
April
March
February
January


2022
December
November
October
September
August
July
June
May
April
March
February
January


2021
December
November
October
September
August
July
June
May
April
March
February
January


2020
December
November
October
September
August
July
June
May
April
March
February
January


2019
December
November
October
September
August
July
June
May
April
March
February
January


2018
December
November
October
September
August
July
June
May
April
March
February
January


2017
December
November
October
September
August
July
June
May
April
March
February
January


2016
December
November
October
September
August
July
June
May
April
March
February
January


2015
December
November
October
September
August
July
June
May
April
March
February
January


2014
December
November
October
September
August
July
June
May
April
March
February
January


2013
December
November
October
September
August
July
June


Categories

All Episodes
Archives
Categories
Now displaying: Page 1
May 24, 2024

Qwiet AI provides real time detection of security vulnerabilities in code along with the best AI generated fixes to aid developers in finding and fixing their code with the addition of AI AutoFix.

This segment is sponsored by Qwiet AI. Visit https://securityweekly.com/qwietrsac to learn more about them!

With scores of security tools implemented, configured, and integrated security teams are overwhelmed while knowing there is still a possibility for a breach. As they work to prioritize threat exposures, it is imperative for organizations to have a clear, context-rich, and up-to-date view of their security posture. Picus Security CTO and Co-founder, Volkan Ertürk, explains how consistent security validation allows security teams to pinpoint gaps, prioritize, and quantify risk so they can reduce threat exposure.

Segment Resources: Picus Red Report 2024: https://www.picussecurity.com/hubfs/Red%20Report%202024/Picus-RedReport-2024.pdf

This segment is sponsored by Picus Security. Visit https://www.securityweekly.com/picusrsac to learn more about them!

Platformization could mean reduction in innovation, reduction in the ability to be flexible, and less competition. But it doesn't have to be this way. Like the IT industry, there are ways for the cybersecurity industry to platformize, but also to have this become a net benefit to the industry as a whole.

Segment Resources: Navigating the SecOps Cloud Platform webinar recording: https://www.youtube.com/watch?v=MbzvLX-W2KY

Recon Infosec Case Study: https://info.limacharlie.io/hubfs/Case%20Studies/LimaCharlieReconInfosecMSSPCase_Study.pdf

Blumira Case Study: https://info.limacharlie.io/hubfs/Case%20Studies/LimaCharlieBlumiraCase_Study.pdf

This segment is sponsored by LimaCharlie. Visit https://securityweekly.com/limacharliersac to learn more about them!

Show Notes: https://securityweekly.com/esw-363

May 24, 2024

Gold Pressed Latinum, VBScript, ORBS, Rockwell, Chrome, SKY, Aaran Leyland, and More on this edition of the Security Weekly News.

Show Notes: https://securityweekly.com/swn-389

May 24, 2024

The next generation of identity security is not about the popular idea of convergence, but of unification. A single, AI-driven solution that integrates PAM with identity security and access management is the clear path forward to manage and secure all enterprise data through a unified control point.

Segment Resources: • https://www.sailpoint.com/products/identity-security-cloud/atlas/ https://www.sailpoint.com/press-releases/sailpoint-accelerates-innovation-with-its-identity-security-platform-sailpoint-atlas/ https://www.sailpoint.com/press-releases/sailpoint-leads-identity-security-evolution-through-relentless-innovation/https://www.sailpoint.com/navigate/

This segment is sponsored by SailPoint. Visit https://securityweekly.com/sailpointrsac to learn more about them!

Over the past 15 years, identity has evolved from a perimeter-based security model with clear boundaries to one that is fluid, flexible, and permeates every aspect of digital business. Simultaneously, AI has infiltrated every enterprise, becoming a double-edged sword for defenders, and fueling fraud attacks across every sector.

In this interview, Ping Identity CEO Andre Durand will walk through the evolution of the identity attack surface, and the opportunity decentralized identity has to dramatically improve both security and experience by putting users in control. He'll also discuss the increasing threats to individuals and businesses, given the influx of AI, and why we should consider this the era of “verify more, trust less.”

This segment is sponsored by Ping Identity. Visit https://securityweekly.com/pingrsac to learn more about them!

As companies adopt new digital cloud technologies, cybercrime threats are on the rise and becoming more sophisticated. Identity has come under attack in today’s digital-first environment and is critical to ensure we can securely connect people to technology. Okta is on a mission to eliminate identity threats and clear the path for organizations to safely use any technology.

Segment Resources: https://www.okta.com/blog/2024/02/introducing-the-okta-secure-identity-commitment/

https://www.okta.com/products/okta-ai/

https://www.okta.com/blog/2024/02/okta-acquisition-advances-identity-powered-security/

This segment is sponsored by Okta. Visit https://securityweekly.com/oktarsac to learn more about them!

Show Notes: https://securityweekly.com/esw-363

May 23, 2024

Only one funding announcement this week, so we dive deep into Thoma Bravo's past and present portfolio. They recently announced a sale of Venafi to Cyberark and no one is quite sure how much of a hand they had in the LogRhythm/Exabeam merger, and whether or not they sold their stake in the process.

We also have a crazy stat Ross Haleliuk spotted in Bessemer's analysis: "13 out of 14 cybersecurity companies acquired in the past year for over $100M were from Israel". Is this an anomaly? Does it just mean that Israel wasn't shy about selling when the market was down? We discuss.

A number of new product announcements continue to trickle out post-RSA.

We'll also discuss Sam Altman and OpenAI's decision to use Scarlett Johansson's voice against her will and what it could mean for deepfakes, advanced social engineering techniques, and general big tech sliminess.

Do you know what a "product glorifier" is? How about a glowstacker? You will if you check out the second-to-last story in the show notes!

Show Notes: https://securityweekly.com/esw-363

May 23, 2024

An exploit that makes you more secure, pardon the interruption, water heater company in hot water, IoT devices are vulnerable, Squeege and RDP scraping, free laundry for everyone!, Wifi routers and Apple Air tags, North Koreans fill US IT positions, taking out drones, the NVD backlog, IBM is no longer a security company?, and DNSBombs!

Show Notes: https://securityweekly.com/psw-830

May 22, 2024

The Security Weekly crew and special guest Seemant Sehgal explore what PTaaS involves, how it differs from traditional penetration testing, and why it's becoming a crucial service for companies of all sizes to protect their digital assets. We'll discuss the how PTaaS is using the latest technologies (e.g machine learning), the benefits of having a third-party service, and real-world scenarios where PTaaS has successfully thwarted potential security breaches. PTaaS can be a game-changer in enhancing your organization’s security posture!

This segment is sponsored by Breachlock. Visit https://securityweekly.com/breachlock to learn more about them!

Show Notes: https://securityweekly.com/psw-830

May 21, 2024

The challenge of evaluating threat alerts in aggregate – what a collection and sequence of threat signals tell us about an attacker’s sophistication and motives – has bedeviled SOC teams since the dawn of the Iron Age. Vectra AI CTO Oliver Tavakoli will discuss how the design principles of our XDR platform deal with this challenge and how GenAI impacts this perspective.

Segment Resources:

  1. Vectra AI Platform Video: https://vimeo.com/916801622

  2. Blog: https://www.vectra.ai/blog/what-is-xdr-the-promise-of-xdr-capabilities-explained

  3. Blog: https://www.vectra.ai/blog/xdr-explored-the-evolution-and-impact-of-extended-detection-and-response

  4. MXDR Calculator: https://www.vectra.ai/calculators/mxdr-value-calculator

This segment is sponsored by Vectra AI. Visit https://securityweekly.com/vectrarsac to learn more about them!

In this interview, we will discuss the network security challenges of business applications and how they can also be the solution. AlgoSec has spent over two decades tackling tough security issues in some of the world’s most complex networks. Now, they’re applying their expertise to hybrid networks—where customers are combining their on-premise resources along with multiple cloud providers.

Segment Resources: https://www.algosec.com/resources/

This segment is sponsored by AlgoSec. Visit https://securityweekly.com/algosecrsac to learn more about them!

Show Notes: https://securityweekly.com/asw-286

May 21, 2024

Big Tech, Fighting a Junta, Keylogger in Microsoft , APT Hackers, Free Laundry, Joshua Marpet & more on this edition of the Security Weekly News!

Show Notes: https://securityweekly.com/swn-388

May 21, 2024

Secure coding education should be more than a list of issues or repeating generic advice. Liran Tal explains his approach to teaching developers through examples that start with exploiting known vulns and end with discussions on possible fixes. Not only does this create a more engaging experience, but it also relies on code that looks familiar to developers rather than contrived or overly simplistic examples.

Segment resources:

Show Notes: https://securityweekly.com/asw-286

May 21, 2024

In this segment, Theresa will unpack the complexities of cyber resilience, and dive into new research that examines dynamic computing. She’ll discuss how it merges IT and business operations, taps into data-driven decision-making, and redefines computing for the modern era.

This segment is sponsored by LevelBlue. Visit https://www.Securityweekly.com/levelbluersac to learn more about them!

In this segment, Jim can discuss how organizations can enhance their cybersecurity posture with Blumira’s automated threat monitoring, detection and response solutions. Jim can talk about the exciting plans Blumira has in store for the next 3 years, emphasizing how the company is lowering the barrier to entry in cybersecurity for SMBs.

Segment Resources:

https://www.blumira.com/customer-stories/

 https://www.blumira.com/why-blumira/

This segment is sponsored by Blumira. Visit https://securityweekly.com/blumirarsac to learn more about them!

Show Notes: https://securityweekly.com/bsw-351

May 20, 2024

This week, it’s time for security money, our quarterly review of the money of security, including public companies, IPOs, funding rounds and acquisitions from the previous quarter. This quarter, Rubrick's IPO saves the index, as Cisco finishes the acquisition of Splunk. The index is now made up of the following 25 pure play cybersecurity public companies:

Secureworks Corp Palo Alto Networks Inc Check Point Software Technologies Ltd. Rubrik Inc Gen Digital Inc Fortinet Inc Akamai Technologies, Inc. F5 Inc Zscaler Inc Onespan Inc Leidos Holdings Inc Qualys Inc Verint Systems Inc. Cyberark Software Ltd Tenable Holdings Inc Darktrace PLC SentinelOne Inc Cloudflare Inc Crowdstrike Holdings Inc NetScout Systems, Inc. Varonis Systems Inc Rapid7 Inc Fastly Inc Radware Ltd A10 Networks Inc

Show Notes: https://securityweekly.com/bsw-351

May 17, 2024

Artificial intelligence isn’t a magic wand… but could AI actually solve the alert triage problem every security operations center faces? In this interview with Jim McDonough from Intezer, we’ll talk about how 2023 was a tipping point for the maturity of AI tech, what these solutions actually bring to the table, how SOC teams in the real world are automating their processes with new AI tools, and why MSSPs are driving early adoption.

This segment is sponsored by Intezer. Visit https://securityweekly.com/intezerrsac to learn more about them!

This interview examines the state and future of cybersecurity. Join the conversation as a cybersecurity expert delves into the failings of current defenses, the relentless tactics of attackers, and the imperative for innovative solutions. Explore how Lumu’s latest announcement delivers the innovation that cybersecurity analysts need to operate cybersecurity and meet the demands of the moment.

This segment is sponsored by Lumu Technologies. Visit https://securityweekly.com/lumursac to learn more about them!

On April 1, Nightwing, formerly a business unit of Raytheon, launched as a standalone company. The company’s Vice President of Cyber Protection Solutions, Jon Check, will discuss the transition to Nightwing and its approach to the most pressing cybersecurity challenges, helping customers stay ahead of today’s threats.

This segment is sponsored by Nightwing. Visit https://securityweekly.com/nightwingrsac to learn more about them!

Show Notes: https://securityweekly.com/esw-362

May 17, 2024

Microsoft, North Korea, Santander, CISA, Deepfakes, Aaran Leyland & more on this edition of the Security Weekly News.

Show Notes: https://securityweekly.com/swn-387

May 17, 2024

Vulnrichment (I just like saying that word), Trustworthy Computing Memo V2, SSID confusion, the Flipper Zero accessory for Dads, the state of exploitation, Hackbat, Raspberry PI Connect, leaking VPNs, exploiting faster?, a new Outlook 0-Day?, updating Linux, and a 16-year-old vulnerability.

Show Notes: https://securityweekly.com/psw-829

May 17, 2024

The danger of post-breach disruption and downtime is extremely real. And while we should work to prevent these breaches in the first place, we must also be practical and pre-empt any potential incidents. Organisations armed with the most extensive software-based cybersecurity protection today continue to fall prey to hackers, have their operations disrupted and struggle to overcome the loss of data and system corruption. And with more business assets moving to the cloud than ever before - we are just asking for it aren't we? The answer to this lies in advanced engineering at the hardware layer. Easily integrated into enterprise servers and data centers to provide full-stack protection across the entire life cycle of a potential attack.

Segment Resources: https://x-phy.com/flexxon-fortifies-data-center-security-with-x-phy-server-defender/

This segment is sponsored by Flexxon. Visit https://www.securityweekly.com/flexxonrsac to learn more about them!

Over the past two years, we’ve seen the degree of digital trust in our day-to-day lives being pushed to its limits due to the unintended consequences of innovation. From GenAI to IoT security to quantum computing, we will see a “crescendo of trust” that will push trust to its absolute limits. Here, we will focus on IoT/device trust.

This segment is sponsored by DigiCert. Visit https://securityweekly.com/digicertrsac to learn more about them!

Security needs to be everywhere a potential threat exists – from an IOT device to an OT device, a factory floor, an element of infrastructure, an oil rig, a robotic device or an MRT machine – Cisco recognized that with increased connection comes a greater risk than ever before and that you must bring the security to these workloads...not the other way around. In order to keep up with today’s sophisticated and expansive threat landscape, security can no longer be a fence; it needs to be embedded through the fabric of data centers, whether public or private. Cisco Hypershield does just that and gives defenders a fighting chance against adversaries, as now the industry has the advantage.

Segment Resources: Hypershield Keynote: https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2024/m04/unveiling-a-new-era-of-ai-native-security-with-cisco-hypershield.html

Cybersecurity Readiness Index: https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2024/m03/cybersecurity-readiness-index-2024.html

DUO trusted access report: https://duo.com/assets/ebooks/2024-Duo-Trusted-Access-Report.pdf

Jeetu's blog: https://blogs.cisco.com/news/cisco-hypershield-security-reimagined-hyper-distributed-security-for-the-ai-scale-data-center

Official announcement: https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2024/m04/unveiling-a-new-era-of-ai-native-security-with-cisco-hypershield.html

This segment is sponsored by Cisco. Visit https://securityweekly.com/ciscorsac to learn more about them!

Show Notes: https://securityweekly.com/esw-362

May 17, 2024

Has cryptocurrency done more harm than good? Our guest for this segment has some interesting views on its impacts!

Show Notes: https://securityweekly.com/psw-829

May 16, 2024

Suddenly SIEMs are all over the news! In a keynote presentation, Crowdstrike CEO George Kurtz talked about the company's "next-gen" SIEM. Meanwhile, Palo Alto, who was taken to task by some for not having an active presence on the RSAC expo floor, hits the headlines for acquiring IBM's SIEM product, just to shut it down!

Meanwhile, LogRhythm and Exabeam merge, likely with the hopes of weathering the coming storm. The situation seems clear - there's no such thing as "best of breed" SIEM anymore. It's a commodity to be attached to the existing dominant security platforms. Are the days numbered for the older pure-play SIEM/SOAR vendors out there? Crowdstrike and Palo Alto alone could displace a lot of incumbents, even with a less than stellar product.

Show Notes: https://securityweekly.com/esw-362

May 14, 2024

How companies are benefiting from the enterprise browser. It's not just security when talking about the enterprise browser. It's the marriage between security AND productivity. In this interview, Mike will provide real live case studies on how different enterprises are benefitting.

Segment Resources:

This segment is sponsored by Island. Visit https://www.securityweekly.com/islandrsac to learn more about them!

The cybersecurity landscape continues to transform, with a growing focus on mitigating supply chain vulnerabilities, enforcing data governance, and incorporating AI into security measures. This transformation promises to steer DevSecOps teams toward software development processes with efficiency and security at the forefront. Josh Lemos, Chief Information Security Officer at GitLab will discuss the role of AI in securing software and data supply chains and helping developers work more efficiently while creating more secure code.

This segment is sponsored by GitLab. Visit https://securityweekly.com/gitlabrsac to learn more about them!

Show Notes: https://securityweekly.com/asw-285

May 14, 2024

3000 Years Ago, Dell, Robocalls, PyPI, Cinterion, Cacti, Chat-GPT, Windows, Josh Marpet, and more, on this Edition of the Security Weekly News.

Show Notes: https://securityweekly.com/swn-386

May 14, 2024

Everyone is interested in generative AIs and LLMs, and everyone is looking for use cases and apps to apply them to. Just as the early days of the web inspired the original OWASP Top 10 over 20 years ago, the experimentation and adoption of LLMs has inspired a Top 10 list of their own. Sandy Dunn talks about why the list looks so familiar in many ways -- after all, LLMs are still software. But the list captures some new concepts that anyone looking to use LLMs or generative AIs should be aware of.

Show Notes: https://securityweekly.com/asw-285

May 14, 2024

AI is more than just a buzzword. Done right, AI can improve decision making and scale your identity security platform to manage every identity, human and machine, physical and digital. Learn about how Saviynt’s #1 Identity Security platform is leveraging a variety of AI capabilities to enhance the user experience and improve identity security and compliance, bringing AI to life in a practical, market leading way to drive value for our customers.

Segment Resources: https://saviynt.com/blog/analytics-ai-automation-and-abstraction-pioneering-the-next-chapter-in-identity-security/

This segment is sponsored by Saviynt. Visit https://www.securityweekly.com/saviyntrsac to learn more about them!

 

The common misperception that identity infrastructure and IAMs like Active Directory, Okta, or Ping can adequately secure the entire identity infrastructure is to blame for the continued barrage of cyber and ransomware attacks. Yes, each of these vendors has security controls baked into their solution, however they cannot extend those controls outside their environments to provide visibility, context, and protection beyond their walls. Hackers use the gaps between these tools to move throughout a company and evade detection. We don't expect Dell or Lenovo to protect our entire suite of endpoints. Nor do expect a single cloud provider to protect all your clouds; we rely on Wiz for that. Identity infrastructure remains the most unprotected part of the technology stack and needs dedicated protection, as organizations already apply for cloud, endpoints, or networks. Watch this conversation with Hed Kovetz as he takes us through why identity security remains the most unprotected part of the security stack, and what needs to change to advance the state of cybersecurity.

Segment Resources: https://www.silverfort.com/the-identity-underground-report/

https://www.forbes.com/sites/forbestechcouncil/2023/11/16/rethinking-the-framework-around-identity-security/

 https://techcrunch.com/2024/01/23/silverfort-now-valued-at-1b-after-raising-116m-for-its-holistic-approach-to-identity-security/

This segment is sponsored by Silverfort. Visit https://securityweekly.com/silverfortrsac to learn more about them!

Show Notes: https://securityweekly.com/bsw-350

May 13, 2024

Easy Passwords, BIG-IP, Ascension, Lockbit, Google, Poland, ZScaler, Aaran Leyland, and More, on this edition of the Security Weekly News.

Show Notes: https://securityweekly.com/swn-385

May 10, 2024

Despite building up impressive security stacks in the Cloud, organizations are still struggling to keep their environments safe. Pentera recently introduced Pentera Cloud as the first tool to provide automated pentesting capabilities for cloud environments. This conversation will focus on the challenge of security validation and pentesting in the cloud, and how Pentera Cloud is redefining the speed and scale of pentesting in the cloud.

This segment is sponsored by Pentera. Visit https://www.securityweekly.com/penterarsac to learn more about them!

Jason Keirstead, Cyware's VP of Collective Threat Defense, takes us beyond the AI buzz in cybersecurity. While AI has tremendous potential for cybersecurity, Jason emphasizes its pragmatic and deliberate application to modernize security operations — not as a panacea but as a strategic ally in enhancing threat intelligence, response capabilities, and operational collaboration. We discuss the practical benefits and limitations of AI, offering insights into how security professionals can leverage AI to augment, not replace, human decision-making and creativity in the ongoing fight against cyber threats.

This segment is sponsored by Cyware. Visit https://securityweekly.com/cywarersac to learn more about them!

Anomali’s AI-Powered Security Operations Platform is a cloud-native solution that delivers the industry’s most comprehensive set of integrated and automated security functions. Anthony Aurigemma discusses how Anomali Copilot automates mundane tasks and enables better analytics and reasoning for today’s security teams – automating half of an analyst’s day, enabling them to focus on strategic work. With the ability to augment or replace legacy security systems, Anomali’s Security Operations Platform helps security teams deliver intelligent, actionable, and accurate insights to their business.

This segment is sponsored by Anomali. Visit https://www.securityweekly.com/anomalirsac to learn more about them!

Show Notes: https://securityweekly.com/esw-361

May 10, 2024

The landscape of phishing attacks continues to rapidly evolve. In 2023, Zscaler ThreatLabz observed a year-over-year increase of 58.2% in global phishing attempts. This surge was characterized by emerging schemes, including voice phishing, recruitment scams, and browser-in-the-browser attacks.

This segment is sponsored by Zscaler. Visit https://securityweekly.com/zscalerrsac to learn more about them!

In today's complex world, organizations are challenged to modernize their network while also improving their security posture to support digital transformation initiatives. Tim Roddy will talk about what is driving the need for network transformation efforts and why organizations are moving to IAM and SASE (also known as Zero Trust Edge) solutions to support these efforts. He’ll discuss the fast-growing SASE market and the demand for SASE delivered as a managed service due to talent shortages.

This segment is sponsored by Open Systems. Visit https://securityweekly.com/opensystemsrsac to learn more about them!

It’s not rocket science, it’s network security. And yet for many organizations, the road to securing employees and information often results in trade-offs to performance, agility, scalable services, and user experience. While first-generation SASE solutions promised companies a way out of this complexity, those early deployments failed to resolve the root causes of these growth pains--enter Unified SASE as a Service. Going beyond SASE learn what Unified SASE as a Service is and why you should care.

This segment is sponsored by Aryaka. Visit https://securityweekly.com/aryakarsac to learn more about them!

Show Notes: https://securityweekly.com/esw-361

1 2 3 4 5 6 7 Next » 163