This week in the Enterprise News: Aqua Security Introduces new Aqua Platform, Decryption Tools, Security Summit 2021: Google expands Trusted Cloud, Clearview AI raises $30M to accelerate growth in image-search technology, & more!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw236
Security starts before detection, it starts before investigations. Mature security teams understand the importance of good hygiene and take proactive measures to secure themselves against the ever-increasing threat landscape. Join us this week as Stephanie Aceves, Threat Response SME Lead, talks through a holistic approach to security using the Tanium platform approach. Learn why the best security teams rely heavily on Tanium to get smarter, faster, better in responding to threats and how your organizations can do the same.
For folks interested in a trial of Tanium, check out https://try.tanium.com/
To stay connected with Tanium's Endpoint Security Specialist team, join our community site: https://community.tanium.com/s/ues-discussion-group or find us on Slack: https://docs.google.com/forms/d/e/1FAIpQLSf56reMK4BQPkoLO4MTp-QPMJsxOlJD-MqargZxhW3kNsA3dA/viewform?usp=sf_link
This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw236
Brief chat around the rise in Ransomware attacks, campaigns against our Infrastructure, the deficit in Cyber Talent, and how we could address the issue by extending Corporate Cyber Training programs to extend past the Corporate boundary.
Segment Resources:
https://www.infragardnational.org/
https://inl.gov/critical-infrastructure-protection-training/
https://www.ymcalouisville.org/chestnut/kids-and-teens/black-achievers.html
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw236
The shift away from web application security, caused by the pandemic and the focus on remote workforces, resulted in an increased number of web vulnerabilities. In this segment, Mark talks about the best starting point for organizations to get back on track and prioritize your web app security.
This segment is sponsored by Acunetix. Visit https://securityweekly.com/acunetix to learn more about them!
Security can be somewhat of a mystery at a lot of organizations. Most companies choose to be tight-lipped about the security measures they have implemented. Rightfully so, there is an underlying fear that publicizing your security efforts could make you more vulnerable to security attacks and damage your reputation with your customers. However, there is another way. Transparency can be your ally in security.
This segment is sponsored by GitLab. Visit https://securityweekly.com/gitlab to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw235
In the Enterprise News, SafeBreach adds support for new advanced attacks to the Microsoft Defender for Endpoint evaluation lab, Stellar Cyber XDR Kill Chain allows security analyst teams to disrupt cyberattacks, Bugcrowd Awarded U.S. Patents for Crowd-Enabled Vulnerability Detection, Microsoft puts PCs in the cloud with Windows 365, some funding and acquisition updates from Sysdig, AttackIQ, Stytch, SentinelOne, & more!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw235
Security teams relying on asset inventory from their IT counterparts can be a challenge due to a lack of security context for assets. This gap can lead to missed opportunities to identify and fix asset-centric issues like EOL or unauthorized software that they can address even before running their vulnerability management program. Ed will discuss the role asset inventory plays in your overall security strategy. This will include the importance of security context for IT assets, which teams benefit from the information, how to identify and assess the health of critical databases and how to effectively implement a cybersecurity asset management practice.
Segment Resources:
CSAM free trial: https://www.qualys.com/forms/cybersecurity-asset-management/
CSAM video overview: https://vimeo.com/551723071
Webpage: https://www.qualys.com/apps/cybersecurity-asset-management/
This segment is sponsored by Qualys. Visit https://securityweekly.com/qualys to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw235
Against the ubiquitous backdrop of Zero Trust initiatives, we have all come to accept the motto of "Verify, then trust". Yet, here we are building an entire stack of Zero Trust enabled technologies, upon a broken implicit-trust foundation. Nowhere is this risk more apparent, than at the device and firmware level. Indeed this is why both nation-state and criminal actors have converged upon a strategy that combines supply chain attack dynamics, with readily exploitable devices. This allows them to impart maximum impact against victim organizations, and even those victim’s downstream partners and customers. In order to address this evolving threat, organizations must take back security control of their devices, and stop trusting the fox that has quite frankly, become the hen house.
This segment is sponsored by Eclypsuim. Visit https://securityweekly.com/eclypsium to learn more about them!
Data privacy and Web security teams are converging across enterprises and we are seeing more Privacy use cases like cookie banner consent and limiting data sharing (vendors like Facebook, Google etc. are capturing sensitive user data, accessing cameras, microphones, geolocation etc.) via security policies, under the security teams purview. At Tala we offer a Privacy scan that gives enterprises a full view of which vendors have access to sensitive data and how this data is being shared. This in turn helps set the right security controls in place.
This segment is sponsored by Tala Security. Visit https://securityweekly.com/talasecurity to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw234
In the Enterprise News, Contrast Security partners with Secure Code Warrior, Bandura releases the Cyber Intelligence Marketplace, Illumio beefs up zero-trust security with automated policy enforcement, Rapid7 Launches InsightCloudSec to Automate Continuous Security and Compliance, Leaked email shows Tanium just lost its fourth chief marketing officers in five years, Bitdefender launches eXtended EDR platform, ThycoticCentrify Releases a new version of Server Suite, Outpost24 acquires threat intelligence solution Blueliv, Microsoft acquires RiskIQ, Cybereason raises $275 million led by Steven Mnuchin's VC fund, and Arctic Wolf triples valuation and raises an additional $150m!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw234
Gas South and Extrahop have partnered to give Gas South visibility in areas of the network that are normally invisible or dark to the regular network team.
To learn more about ExtraHop, visit: https://securityweekly.com/extrahop
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw234
Threat hunters are under increased pressure to rapidly analyze, classify, detect and respond to malicious files. ReversingLabs is stepping forward to address these needs with its new Malware Lab Solution. The ReversingLabs Malware Lab solution powers the next generation of threat hunting by delivering a unique combination of static and dynamic analysis capabilities at scale to identify malicious files including those in the software supply chain.
This segment is sponsored by Reversing Labs. Visit https://securityweekly.com/ReversingLabs to learn more about them!
The development life cycle as we know it is rapidly changing, and today’s AppSec testing needs to keep up with shorter and faster processes. A shift-left approach is no longer enough to protect web assets - you need much more dynamic tools and ways of working.
This segment is sponsored by Detectify. Visit https://securityweekly.com/detectify to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw233
This week, In the Enterprise News, Atos launches thinkAI, AWS welcomes Wickr to the team, U.S. DoD approves two (ISC)² certifications as requirements for staff, JFrog to acquire Vdoo, & more!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw233