Authentication and authorization might sound similar, but they are two distinct security processes. Joe Carson, Chief Security Scientist at Thycotic, joins us to discuss why privileges, not identities, are one of the biggest challenges for identity and access. Joe will share Thycotic's simple approach to solving privileged access.
This segment is sponsored by Thycotic. Visit https://securityweekly.com/thycotic to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw225
In the Enterprise News for this week: HackerOne Enhances Security Testing Platform, Palo Alto Networks Expands Unit 42 Cybersecurity Consulting Group, Thoma Bravo to take cyber security firm Proofpoint private, BlackRock, Tudor Group Back Cybersecurity Startup Deep Instinct, and more!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw225
Rickard Carlsson, CEO at Detectify, joins us to talk about collaboration as the modern approach application security. During the discussion, we'll cover: - why organizations should challenge transparency and open up their security practices and information internally, - how to approach security as a collaborative effort (with some real-life examples), - and Detectify’s vision of building a hub where security information and research is shared across the globe.
Segment Resources:
We recently published the ebook “A guide to modern web application security” for SaaS and tech organizations looking to bring their security up to speed with development. Download it here: https://blog.detectify.com/2021/04/09/modern-application-security-requires-speed-scale-and-collaboration/
This segment is sponsored by Detectify. Visit https://securityweekly.com/detectify to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw225
In the Enterprise News for this week, Darktrace targets listing for early May, KKR-backed cybersecurity firm KnowBe4 aims for $3 Billion valuation in U.S. IPO, Dell spins off VMware to fuel post-pandemic PC growth opportunities, lots of funding announcements, and more!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw224
Phishing links are getting past existing protections and clicked. How do you prevent these attacks? In this segment, Chris Cleveland, CEO at Pixm, will demonstrate how computer vision protection in the browser stops these attacks in real time and how you can know your own gaps.
Segment Resources:
Threat Report: https://pixm.net/wp-content/uploads/2021/03/Pixm-Q4-2020-Threat-Report.pdf
This segment is sponsored by Pixm. Visit https://securityweekly.com/pixm to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw224
In cybersecurity attackers have a structural advantage over defenders: they can succeed with a staggeringly high failure-rate (not caring that most attacks get blocked at the perimeter). Meanwhile, defenders lose when that single successful attack goes unnoticed regardless of how many attacks were successfully stopped. Disproportionate consequences similarly advantage attackers: typical times to detect and contain that one successful attack are still measured in weeks and months. Yet high-availability and resiliency characteristics built-in to "Well-Architected" microservices offer defenders an opportunity to turn the tables and rob attackers of their asymmetric advantages. The key missing ingredient is a sufficient early-warning system that can detect and respond to advanced threats.
In this presentation, Jeff Deininger, a Principal Cloud Security Engineer, will use a simulated attack to demonstrate how advanced threat detection works with commonplace architectural elements to deny attackers the crucial traction needed to establish a foothold at the beginning of a campaign, leaving attackers feeling like they are inescapably 'walking on ice'.
This segment is sponsored by ExtraHop Networks. Visit https://securityweekly.com/extrahop to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw224
This week in the Enterprise News, Cyble raises $4M, ThreatQuotient raises $22.5M, OneTrust acquires Convercent, Digital Shadows announces new threat intelligence capabilities, Rapid7 Announces Kubernetes Open Beta in InsightVM, LogRhythm Releases Version 7.7, Imperva unveils new data security platform built for cloud, Acronis releases a new version of Acronis Cyber Protect Cloud, Minerva Labs Launches Cloud Version of its Endpoint Threat Prevention Platform, What's Behind the Surge in Cybersecurity Unicorns? Cisco Umbrella unlocks the power of SASE and more!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw223
83% of businesses have experienced at least one firmware attack in the past two years - and yet most organizations lack visibility into this attack surface. We'll discuss why hackers are increasingly targeting firmware and what enterprises need to do to detect and prevent these attacks.
Segment Resources: Assessing Enterprise Firmware Security Risk in 2021 - https://eclypsium.com/2021/01/14/assessing-enterprise-firmware-security-risk-in-2021/
https://github.com/chipsec/chipsec
The Top 5 Firmware Attack Vectors - https://eclypsium.com/2018/12/28/the-top-5-firmware-and-hardware-attack-vectors/
Request a demo of the Eclypsium platform - https://eclypsium.com/
This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw223
Ryan Noon joins ESW team this week to chat through the significance of recent hacks (namely: SolarWinds and Hafnium), unpack growing enterprise demand for a “digital seatbelt,” and illuminate why Material takes a fresh approach to email security: building products with the assumption that bad actors will successfully hack inboxes.
Segment Resources: https://material.security/blog/email-is-too-important-to-protect-like-a-tsa-checkpoint https://www.cnbc.com/2021/03/09/microsoft-exchange-hack-explained.html
This segment is sponsored by Material Security. Visit https://securityweekly.com/materialsecurity to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw223
This week in the Enterprise News: Funding announcements from Clearsense, Morphisec, Feedzai, Jumio, Ketch, Living Security, Productiv and Socure. ServiceNow acquires Intellibot, Accenture acquires Cygni, Astadia acquires Anubex, AutoRABIT acquires CodeScan, Kroll Acquires Redscan. GRIMM launches a Private Vulnerability Disclosure program, AttackIQ automates the validation of AI and ML, CircleCI offers CI/CD for ARM in the cloud, Elastic Observability updates, Gigamon and FireEye collaborate on integration of Gigamon Hawk, McAfee unveils MVision cloud, Red Hat OpenShift Service Available on AWS, Sysdig Adds Unified Threat Detection Across Containers and Cloud & more!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw222
Security technology roll-outs often fail because of the following: 1) Weak Security Culture - users don't see value or understand the importance of taking action. 2) Security teams often fail to consider user experience in purchase, configuration, set-up and training of security technology, like endpoint security 3) End User communication about new technology is not communicated to the right users, at the right time, during the right stage of the project.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw222