Why is continuous security here to stay? How is Red Teaming getting automated and moving towards continuous?
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw258
This week, in the Enterprise Security News, Hunters raises a series C to continue building XDR, Anitian raises a $55M Series B, Four new startups emerge from stealth with seed funding, BugAlert is a new tool for notifying the public of new vulnerabilities, Turns out, Crypto.com WAS hacked, but it wasn’t Matt Damon’s fault, Who is at fault if a hacked car kills someone?, Merck wins - it was NOT an act of war, according to one court...Pearson is fined $1M for misleading investors about their 2018 data breach, Secrets of Successful Security Programs, & Why employees don’t care about your security policies!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw258
If 2021 taught us anything, it’s that our supply chain–especially our technical supply chain–hangs in the balance of a very fragile system. In this interview, ExtraHop's Jamie Moles examines the impact of the Log4Shell zero day and how enterprises can be assured that they're in the clear with the help of a live demo of the vulnerability in a lab environment.
This segment is sponsored by ExtraHop Networks. Visit https://securityweekly.com/extrahop to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw258
In the Enterprise Security News: 1Password plans to do some shopping with their massive Series C, Devo announces a $250M round, Permiso Security and Tromzo emerge backed by both traditional VCs and industry execs, STG spins out McAfee’s MVISION XDR product as Trellix - the first of many spinouts, they say, Microsoft reminds us that, in addition to being the industry’s largest security vendor, they can also drop $70B on video games if they feel like it, More reminders that open source is essential, but orgs with massive budgets will still treat it as worthless and disposable, Real-world stories of CI/CD pipeline compromises, Is Uber’s former CSO going to jail?, and Tom Brady NFTs!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw257
An open discussion of challenges facing software and system architects in small and medium sized businesses.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw257
Modern tech stacks are becoming increasingly complex puzzles of components built in-house and sourced from third-party vendors. With DNS at the center of the infrastructure, and staging and production being sometimes just minutes apart, scanning for CVEs is not enough to stay on top of web threats. There are lots of critical things traditional app scanners won’t catch, like dangling DNS records, subdomain takeover and open S3 buckets. To keep their growing attack surface secure, companies need to combine crowdsourced vulnerability detection with solutions that detect outliers and anomalies in their software - before these become an attack vector. In this episode we’ll discuss:
- Why hunting for vulnerabilities is no longer enough to stay on top of threats
- Vulnerability Management vs Attack Surface Management
- How security teams can adapt their vulnerability management process to modern dev cycles.
Segment Resources:
More insights on how to secure your external attack surface: https://detectify.com/resources
Free trial of Detectify's attack surface management solutions: https://detectify.com/product/surface-monitoring
https://detectify.com/product/application-scanning
This segment is sponsored by Detectify. Visit https://securityweekly.com/detectify to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw257
In the Enterprise Security News for this week: Pentera announces a $150m Series C - YAU (Yet Another Unicorn), Herjavec Group merges with Fishtech, Google acquires SOAR vendor SIEMplify, A European grocery store buys BAS vendor XM Cyber, Flashpoint acquires vuln intel vendor Risk Based Security, Recorded Future acquires SecurityTrails, Drama in the Israeli cybersecurity news, Security, Analyst is the #1 best job of 2022, Microsoft to start rolling out its own hardware security chip, & Some annoying words get banned!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw256
2021 was the most active year in federal cybersecurity policy. Ever. The Biden administration used executive orders, new regulations, public/private partnerships and novel law enforcement strategies to shore up federal systems and engage with industry. Meanwhile, an otherwise active year in Congress took a hit when several major pieces of legislation like incident reporting mandates and federal cybersecurity reform were left of the NDAA. SC Media government reporter Derek B. Johnson will discuss what came out last year's flurry and what we can expect Congress to prioritize in 2022.
Segment Resources: https://www.scmagazine.com/feature/policy/every-month-has-been-cybersecurity-awareness-month-for-the-biden-administration
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw256
It’s a new year and a time when we make resolutions…which often drop off by the start of February. To keep your security resolutions for 2022, today’s show will be about enterprise security pitfalls and the areas corporations should focus on when planning their cybersecurity strategy for the year. Topics will include proper data hygiene; ransomware prevention and recovery techniques; challenges in securing a distributed workforce and the changing role of IT and containing data sprawl. We’re looking forward to keeping you informed throughout 2022!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw256