Do we really need to be freaking out? What could we and should we be doing in general regardless of SolarWinds?
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw214
Fredrik Nordberg Almroth, Security Researcher at Detectify, tells the story of how he managed to claim the top-level domain of an entire country - the Congo (DRC), .cd - before any bad actors could snatch it up. He will also discuss domain takeovers (TLD as well as subdomains) and how they can be prevented. Key to this is to keep track of your assets and monitor them for vulns.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw214
This week, in the Enterprise Security News, Platform9 unburdens users from the complexities of Kubernetes, Swimlane Raises $40 Million, SonicWall hacked by zero-days in its own products, Deloitte Buys Root9B, Cygilant and SentinelOne Partnership, Fortinet announces AI-powered XDR, AlgoSec Announced updates to A32, ESET Launches Enhanced Cloud-based Endpoint Security Management, Entrust acquires HyTrust, LogRhythm acquires MistNet, Huntress Acquires EDR Technology From Level Effect, & more!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw214
The DBoM consortium is a Linux Foundation project to be able to share information with third parties safely, securely, and with control over the information, even after handing it over! Unisys has just open-sourced the code to make this possible, and Chris was a big part of their effort. Using a blockchain-based approach, DBoM works to share software bill of materials (SBoM)s in a fashion that works in a cloud-centric, internet time approach.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw213
We all know asset management is one of the basics. In fact, it's literally the first two items on the Center for Internet Security's list of top 20 critical security controls. https://www.cisecurity.org/controls/cis-controls-list/ The term "basics" can be deceptive though. We typically expect something basic to also be easy. This is InfoSec though, and the basics aren't simple or easy. We call them basics because they're foundational. Put another way, the other 18 critical security controls on that top 20 list can't be applied to assets that haven't been discovered yet! In the past few years, we've seen a resurgence in asset management. There are a few players taking a fresh crack at solving this problem and we're hearing positive things. Could this be the year we get a better handle on discovering and managing assets? Join us as we discuss.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw213
This week, Beyond Security partners with Vicarius, Amazon’s Parler removal and what it means for Cloud onfidence, Kount sold to Equifax, McAfee vs Crowdstrike, JumpCloud raises some funds, Red Hat acquires StackRox, and SolarWinds warnings of weak security and more!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw213
The current ransomware, breaches, and nation state attacks have defenders feeling overwhelmed and under resourced. Can defensive teams really have defended against this type of supply chain attack and what can every security team do for best practices within Active directory and Azure federation to reduce your enterprises risk.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw212
A casual and candid conversation on database security. Talking through the current data trends including the transition to the cloud and what this means for the database security practitioner. What pitfalls and tools can be used to help simplify and maximize the security professional's transition to a fully monitored data environment solving for Cloud/Hybrid cloud and traditional on-premise.
This segment is sponsored by Imperva.
Visit https://securityweekly.com/imperva to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw212
This week, Tyler Shields joins us for his first episode as Co-Host, and John Strand returns! In the Enterprise News, Two data security companies merge, Veracode's products are now available in the AWS Marketplace, Zscaler launches a program for organizations dealing with the SolarWinds attack, SolarWinds is being sued in a class action lawsuit, funding announcements from Weaveworks, iBoss and Venafi!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw212