Jason Rolleston, Chief Product Officer at Kenna Security & Michael Roytman, Chief Data Scientist at Kenna Security join Paul, Matt, and Jeff on this week's episode of ESW to discuss how risk-based vulnerability management is transforming the vulnerability management industry by enabling enterprises to understand the true risk of their infrastructure and applications, saving them time and resources by prioritizing efforts around actions that reduce the most risk.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/ESWEpisode166
In the Enterprise News, we talk about how MITRE updates ATT&CK for the cloud, Ping Identity builds and matures Zero Trust Infrastructures, SaltStack integrates with ServiceNow to deliver Closed-Loop IT and Security Automation, and some acquisition updates from Fortinet, CyberSponse, Guardsquare, Zimperium, and more!
Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode166
DevSecOps is all the rage, but what does it really mean? How do you achieve the integration of Security into DevOps? This segment explores the people and process challenges of DevSecOps and where to integrate security seamlessly into the DevOps pipeline. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode166
Jamie Butler is the Tech Lead at Elastic. The vast majority of breaches are not launched by nation states or foreign militaries, but individuals and cyber crime groups with varying degrees of experience, often looking for weaknesses in enterprise systems or processes. One of the primary reasons these actors are successful is the complex web of technologies deployed across enterprise networks by defenders in the search for a security panacea that does not exist. This discussion will focus on ways an organization can reduce complexity and improve security efficiency and scale. To learn more about Elastic, visit: https://securityweekly.com/elastic
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/ESWEpisode165
James Carder is the Chief Security Officer (CSO) and Vice President at LogRhythm. Overview of our security operations maturity model (SOMM), discussion around measurement and road-map to advancing your organization's maturity level. What are mature organizations measuring, who are they reporting that to, what key uses cases are on the roadmap, etc.
To learn more about LogRhythm, visit: https://securityweekly.com/logrhythm
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/ESWEpisode165
Barracuda launches Cloud Security Guardian integration with Amazon Detective, Booz Allen Hamilton announces support for AWS Outposts, 10 Notable Cybersecurity Acquisitions of 2019, Part 2, Sophos launches new cloud-based threat intelligence and analysis platform, and much more!
Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode165
Heather Paunet is the VP of Product at Untangle. Untangle is releasing an SD-WAN Router, which has advanced routing capabilities and provides the ability for a business to build a comprehensive, secure Software Defined Network at a fraction of the cost. Our SD-WAN Router provides interoffice connectivity across multiple sites, optimizes the internet over existing infrastructure and prioritizes business critical application to maximize employee productivity.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/ESWEpisode164
Ferruh Mavituna is the CEO at Netsparker. Ferruh will be talking about How to start building a web security program and a realistic approach to starting a web security security program in enterprises. To learn more about Netsparker, visit: https://securityweekly.com/netsparker
Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode164
In the news, Mimecast Challenges Shadow IT for Cloud App Usage on Mobile and Desktop Devices, CloudKnox Security Announces Integration with AWS IAM Access Analyzer, Morphisec Achieves AWS Security Competency Status for Cloud Server Workload Protection, and more!
Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode164
From Fortune 500 to Education, from startup to running a consulting firm, Brendan's experience in information security has served him well. It all started with his boss speaking outloud about how they 'needed to get someone to handle security', and deciding he wanted to be that someone. Now a CISSP, CISM, and a couple of decades, and many industry changes, later he is still at it. Brendan joins Matt and Paul this week to discuss Patch Management, and how using Automox is helping him in the space!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/ESWEpisode163
Kenneth F. Belva, CISSP, CEH is a cybersecurity expert practicing in the field since 1998 serving in both technical and non-technical roles. Ken joins Matt and Paul today to talk about Why scanning for default credentials missing from the rest of the scanning vendors! The problem of default and weak credentials. Why they're still low hanging fruit after all these years. And new solutions to detecting default and weak credentials on the network.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/ESWEpisode163
Cloudflare Open-Sources its Network Vulnerability Scanner, Qualys brings its Market Leading Vulnerability Management Solution to the next level, and some acquisition and funding updates from Palo Alto, Cymulate, Detectify, and Perimeter 81!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/ESWEpisode163
Jorge Salamero is the Director of Product Marketing at Sysdig. Jorge joins us on the show to talk about Kubernetes, Project Falco, vulnerability pre-deployment, and containers.
To learn more about Sysdig, visit: https://securityweekly.com/sysdig Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode162
Reuven Harrison is the Chief Technology Officer at Tufin. Reuven brings more than 20 years of software development experience, holding two key senior developer positions at Check Point Software, as well other key positions at Capsule Technologies and ECS. He received a Bachelor's degree in Mathematics and Philosophy from Tel Aviv University.
To learn more about Tufin, visit: https://securityweekly.com/tufin Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/ESWEpisode162
In the enterprise news, discussing how Sysdig supports Google Cloud Run for Anthos to secure serverless workloads in production, StackRox Kubernetes Security Platform 3.0 Introduces Advanced Features and New Workflows for Configuration and Vulnerability Management, and some acquisition and funding updates from CyberCube, 1Password, Docker, WhiteSource, and more!
Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode162
Ward Cobleigh is the Sr. Product Manager at VIAVI Solutions. There's an abundance of potential data sources that can be found within you network. Where should you look? Which data sources offer unique perspectives and value? How can you use these data sources to speed threat identification, understand scope and impact, and aide in remediation steps to minimize impact? This segment will include a brief demonstration of how commonly available data sources can be effectively leveraged by SecOps and NetOps teams.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/ESWEpisode161
Baber Amin is the CTO West at Ping Identity. Security has always been perimeter centric with an "US" vs "THEM" approach. Multiple factors are forcing a change to this design pattern, and exposing it's shortcomings. The concept of "zero trust" is really a concept of "defense in depth" applicable when our perimeters are ephemeral and fluid.
To learn more about Ping Identity, visit: https://securityweekly.com/ping
Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode161
STEALTHbits releases StealthDEFEND 2.2, its real-time threat detection and response platform, Tenable to Secure Enterprise Cloud Environments with Microsoft Azure Integration, Aqua Security buys CloudSploit to expand into cloud security posture management, and much more!
Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode161
Tim Callan is the Senior Fellow at Sectigo. Quantum computing and what its arrival means for IT, traditional computing and infosecurity. TC expects that both architectures will live side by side, with traditional computing serving most tasks and quantum computing being employed for the specific operations where it offers improved efficiency. He will discuss expected outcome of quantum computing is that the world’s existing cryptographic infrastructure will have to change in a fundamental way and future encryption platforms need to be resistant to attacks not just from quantum computers but traditional computers as well.
Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode160
Adrian is an Advocate at Thinkst, the company behind the awesome and much loved Thinkst Canary. A former practitioner, PCI QSA, penetration tester, industry analyst and entrepreneur, he has explored many angles of the security industry, attempting to understand what makes it tick and what makes it fail. Adrian is an outspoken researcher that doesn't shy away from uncomfortable truths. He loves to write about the industry, tell stories and still sees the glass as half full.
Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode160
In the news, talking about how Trustwave offers threat detection and response for Microsoft Azure, LogRhythm offers migration service to Splunk customers to address security challenges, CrowdStrikes Falcon security platform lands on AWS, and how GitLab plans to ban hires in China and Russia due to espionage concerns!
Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode160
Carter Manucy is the Cybersecurity Manager at Municipal Power Agency. Fireside chat around the differences in IT and OT cybersecurity, challenges finding the right folks, challenges facing securing OT specific equipment, workforce development.
Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode159
Paul and Matt talk about Deployment, Practice, and Reporting concerning Vulnerability Management.
Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode159
In the Enterprise News, discussing how IaaS cloud vulnerabilities are expected to increase 50% over 2018 figures, examining security process maturity in 400 organizations, Snow Software Unveils Risk Monitor to Combat Security and Compliance Threats, and some funding and acquisition updates from Aviatrix and enSilo!
Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode159
This week, In our first segment, we talk Enterprise News, discussing how ManageEngine launched a holistic take on privileged access security, Avast faced a security breach aimed at messing up its CCleaner, Recorded Future enhanced partnership with ServiceNow to reduce organizational risk, and the Sophos Cloud Optix are now available on AWS marketplace!
Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode158