What are the practical ways to get that time to value in app security? How can we utilize devs in the process without creating massive SAST integration projects and training them on false positives and complex challenges. So just fitting into their daily process, and only sending them actionable and real findings.
To learn more about Netsparker, visit: https://securityweekly.com/netsparker
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/ESWEpisode178
New from BitDam, Ping, CrowdStrike, Automox, Ixia, Recorded Future, CyberArk, AlgoSec, Tufin, Unisys. Redis servers found exposed to the Internet and vulnerable!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/ESWEpisode178
Tod Beardsley, research director, will discuss some of the trends in Internet scanning and attacker behavior given there are new Windows vulnerabilities and the workforce working from home. Should you re-train your User Behavior Analytics (UBA) and/or rely on other technologies?
To learn more about Rapid7 or to get a free trial, visit: https://securityweekly.com/rapid7
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/ESWEpisode177
The cybersecurity challenges created by remote workforces and what it takes to deliver security to remote workers while avoiding impacting business operations. How do you continue vulnerability and patch management across endpoints and servers when everyone is working from home?
To learn more about Qualys, visit: https://securityweekly.com/qualys
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/ESWEpisode177
How to Write an Automated Test Framework in a Million Little Steps, Qualys remote endpoint protection solution helps enterprises secure remote workforces, Sysdig Provides the First Cloud-Scale Prometheus Monitoring Offering, Kaspersky Security for Microsoft Office 365 adds protection for SharePoint Online and Microsoft Teams and more!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/ESWEpisode177
Fortinet Introduces Self-Learning AI Appliance for Sub-Second Threat Detection Enterprise IT World, GreatHorn Offers Free Email Protection for 60 Days, ZeroNorth raises $10M to further expand engineering, customer support and sales, WordPress to get automatic updates for plugins and themes, and more!!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/ESWEpisode176
Acunetix: Automation as a Solution for Web Application Security - Mark Ralls - RSAC 2020 Mark Ralls, President and Chief Operating Officer at Acunetix, discusses web security challenges in small and medium enterprises and how automation can help fill the skills gap. To schedule a demo with Acunetix, visit: https://securityweekly.com/acunetix Netsparker: How to Scale Web Application Security - Kevin Gallagher - RSAC 2020 Kevin Gallagher, Chief Revenue Officer at Netsparker, discusses how to scale web application security including asset discovery, application scanning, prioritization of results, and more!
To get a demo of NetSparker, please visit: https://securityweekly.com/netsparker
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/ESWEpisode176
SaltStack: Managing Configuration & Patches with SaltStack - Mehul Revankar - RSAC 2020 Offering open-source and commercial solutions for configuration, patch, and vulnerability management, SaltStack is a must-have! Mehul Ravankar provides us with details about the various products and new features including the ability to import vulnerability scan data and remediate! To request a demo with SaltStack, visit: https://securityweekly.com/saltstack Synopsys: Enabling Developers Without Negatively Impacting Their Velocity - Utsav Sanghani - RSAC 2020 Utsav Sanghani, Senior Product Manager from Synopsys, discusses the latest efforts to enable developers in ensuring that software security is accounted for in their work without negatively impacting their velocity.
To get a demo of Synopsys, please visit: https://securityweekly.com/synopsys
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/ESWEpisode176
ExtraHop - Agents and logs don't play well in an IoT environment, however the network doesn't lie. Looking at the behaviors of IoT devices through the lens of the network traffic can help build an asset inventory help detect attacks. Corey Bodzin is the VP of Product Management for ExtraHop and discusses how network visibility can help with IoT security. To try RevealX Cloud for Free visit: https://securityweekly.com/extrahop Bandura - Todd Weller, Chief Strategy Officer at Bandura Cyber, provides an update on Bandura Cyber and discusses the latest trends and dynamics in threat intelligence. To find out more about Bandura Cyber, please email Todd.Weller@banduracyber.com Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode175
The pain caused by bad pricing models in cybersecurity and analytics tools Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode175
Neustar's enhanced UltraDNS capabilities boast greater capacity, global reach and security, WatchGuard acquires Panda Security to expand endpoint capabilities, Ping Identity launches two hybrid IT focused solution packages, and Fortinet updates FortiOS & launches next-gen firewall product!Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode175
Dashboards are a great way to enable junior security analysts to be more effective when trying to discover security events. Cory Thuen is the Founder and CEO of Gravwell, and they want to your logs, all of your logs. Gravwell's solution allows you to run queries and create dashboards that lead to actionable events. Cory explains how this works and even how customers are using Gravwell to collect logs on-premise and in the cloud. Vulnerabilities and exposures come from many different sources. Plextrac allows you to bring in data from anywhere and track those findings across your entire organization.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/ESWEpisode174
It is no secret that elections are under constant attack. Attacks take many shapes and forms, from dis-information to malware to denial of service, its all in play as adversaries look to disrupt enemy infrastructure. Tod Beardsley, Director of Research at Rapid 7 brings unique and insightful perspectives on this topic as he is analyzing data from scans of the entire Internet and monitoring over 250 honeypots.Mike Nichols, Head of Product at Elastic, discusses election security and their partnership with the DDC to offer 2020 campaigns free security. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode174
News from Nozomi Networks, Code42, CrowdStrike, SCYTHE, Palo Alto Networks, Gurucul, SentinelOne and more!
Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode174
Ben Budge and Lyle Beck will discuss the problems they faced at Litehouse in regards to network and system monitoring and troubleshooting and how that ultimately took them to Extrahop. They will also discuss the value ExtaHop has brought to Litehouse and share some of those experiences.
Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode173
Scott Lyons will provide an overview of their CTF at InfoSec World 2020, including their training class, CTF 101.
Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode173
his week, in the enterprise news segment, IBM announces RSA Conference withdrawal, Dell Offloads RSA, 12 hottest new cybersecurity startups at RSA 2020, and lots of funding announcements.
Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode173
As K-12 schools and students move into a digital world, the traditionally separate areas of campus safety and cybersecurity are converging. Cyberbullying, the increase in violence on campus, hackers targeting school information systems and student data, and the technological overlap between campus safety and cybersecurity are all driving this trend. The segment will look at how schools are taking a layered approach to protecting Google G Suite and Microsoft Office 365 data from risks focused on the K-12 education environment.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/ESWEpisode172
This week in the Enterprise News, Paul and Matt cover the following stories: Insight Completes Venture Acquisition of Armis, Salt Security API Protection Explained, RSA NetWitness Platform Bolsters Threat Detection and Incident Response, Thycotic Leads the Way for Cloud-based Privileged Access Management, Deep learning cybersecurity co Deep Instinct raises $43m, LogicHub launches MDR+ to provide flexible end-to-end detection and response, CipherCloud CASB+ for Slack: Visibility, protection and control of all user activity on Slack, ZeroFOX launches AI-powered Advanced Email Protection for Google and Microsoft platforms, 12,000+ Jenkins servers can be exploited to launch, amplify DDoS attacks, Elastic Stack 7.6 delivers automated threat analysis and response, and Tufin SecureCloud Enables Companies to Secure Hybrid Cloud Environments Without Compromising Business Speed or Agility.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/ESWEpisode17
Migrating to the cloud is increasingly a business imperative, but there are pressing security challenges unique to cloud environments that can slow, halt, or even reverse progress. Here's how cloud-native network detection and response addresses those challenges, with a real-world example from Wizards of the Coast.
Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode172
We interview Wilson Bautista is the Founder of Jun Cyber. Wilson will talk about leadership, DevOps and Secrity working together to provide security for the business, how does that work? Building secure culture, breaking down silos, communication between teams, security working in teams, IR teams talking, Threat intel teams, pen testers, and compliance.
Visit: https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode171
Malcolm Harkins is the Chief Security & Trust Officer at Cymatic. Malcolm will discuss the security profits from the insecurity of computing thus at a macro economic level has no real economic incentive to solve many of the risk issues we face. The lack of good economic incentives has turned the notion of Defense in Depth in to one of Expense in Depth where we continue to use outdated approaches to control for risks which results in needing to purchase other solutions to make up for the weakness of the solutions we bought that did not properly control for the risks.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/ESWEpisode171
This week in the Enterprise Security News segment, Paul, Jeff, and Matt cover the following news stories: Preempt Security Becomes First in Industry to do Real-Time Threat Detection for Encrypted Authentication Protocol Traffic, Wallarm announces CircleCI Orbs for Wallarm FAST, Automox raises $30 million, Radiflow Launches Business-Driven Industrial Risk Analytics Service, Check Point Delivers Unified Security Management as a Cloud Service, Now available: eSentire's 2019 Annual Threat Intelligence Report, STEALTHbits' free program helps orgs mitigate risks associated with Microsoft's pending AD update, NETSCOUT enables streamline monitoring and reduces risk, If You're Only Focused on Patching, You're Not Doing Vulnerability Management, 2019 Vulnerability Report: Cybercriminals Continue to Target Microsoft Products, Actionable Searching and Data Download with Vulnerability Management Dashboards, Companies and employees embrace BYOD but with compliance and risk challenges.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/ESWEpisode171
Edward Snowden is a prime example of an Insider Threat. Steven Bay was his manager at the time as says: "My missing employee, Edward Snowden, revealed himself to be the person behind the Top Secret NSA leaks that rocked the country in the preceding days. I felt my life came tumbling down around me. My worst day had come. I had to act - I had to lead. " We discuss insiders and why they are so dangerous and gain unique insights into the Edward Snowden story. The lessons learned we can apply to both identify and protect ourselves from such threats.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/ESWEpisode170
Whether you're trying to migrate a "homegrown" application or an open-source tool, getting into containers and to the cloud can be challenging. There are many ways to achieve the same goal, and as always, some not-so-great advice on the Internet. This segment will cover some of the technical details and considerations for moving applications into Docker and eventually into cloud services. We'll review Docker configurations and strategies for building, maintaining and securing containers.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/ESWEpisode170