Cybersecurity buzzwords tend to go through a process. They're used as a differentiator. Then everyone adopts them and things get out of control. The term Zero Trust originally gained traction in InfoSec thanks to the model designed by John Kindervag during his time at Forrester. These days, you could be seeing the term Zero Trust because:

1. a vendor makes a product that fits into any one of dozens of categories that contribute to a Zero Trust architecture (IAM, MFA, ZTNA, micro segmentation, directory services, etc)

2. a vendor is using 'zero trust' as a metaphor (small z, small t)

3. a vendor is using 'zero trust' as a philosophy, or company principle (small z, small t)

4. the CMO said it needs to be somewhere on the website for SEO

5. someone told a founder to put it in the sales and/or pitch deck

Steve joins us to separate the cyber virtue signaling from the truth of what Zero Trust actually looks like, why it's difficult, and what impact federal interest in Zero Trust will have on this trend.

Segment Resources:

NIST SP 800-207

https://csrc.nist.gov/publications/detail/sp/800-207/final

UK NCSC ZT Guidance

https://github.com/ukncsc/zero-trust-architecture

USA CISA/OMB ZT Guidance

https://zerotrust.cyber.gov/

DOD ZT Reference Architecture

https://dodcio.defense.gov/Portals/0/Documents/Library/(U)ZT_RA_v1.1(U)_Mar21.pdf

Microsoft ZT Guidance

https://docs.microsoft.com/en-us/security/zero-trust/

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw267

High School students represent the very beginning of the pipeline for the Cyber industry. What are the attitudes and perspectives of these young people? How can we attract the best and brightest into our industry?

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw267

In the Enterprise Security News for this week: Island raises another $115M to build a secure web browser, less than 2 months after raising $100M, Bionic raises $65M for application intelligence, Israeli startup HUB Security merges with a SPAC to go public on the NASDAQ at a $1.28B valuation, Cybersecurity now has 53 unicorns, which are the most interesting to follow? New data shows VCs pulling back on Series A, B, and C, but is this data any good? Over 90% of orgs had an incident tied to a third party last year, the SEC might require public companies to report hacks and hand over details, & more!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw266

The uptick in cyber incidents- and in particular ransomware- offer an opportunity if not serve as a clarion call for cyber insurance industry adaptation. In short, risk transfer that meets the needs of both industry and insurers demands more effective coordination of infosec controls, more complete and continuous optics, and more robust risk modeling.

Segment Resources: - https://www.linkedin.com/posts/ekenneally_cybersecurity-cyberinsurance-cyberrisk-activity-6831288006494814208-PVtE?utm_source=linkedin_share&utm_medium=member_desktop_web

- https://www.linkedin.com/posts/ekenneally_ransomware-a-darwinian-opportunity-for-cyber-activity-6763127736304201728-RriU?utm_source=linkedin_share&utm_medium=member_desktop_web

- https://www.linkedin.com/posts/ekenneally_ai-artificialintelligence-cyberrisk-activity-6857351155295514624-Sp2j?utm_source=linkedin_share&utm_medium=member_desktop_web

- https://www.dhs.gov/sites/default/files/publications/3950_CYRIE_Report_FINAL508.pdf

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw266

Since IT network secrets unlock access to highly privileged systems and data, securing secrets is just as critical to preventing cyberattacks as securing end-user passwords. One study found that 75% of ransomware attacks involve compromised credentials – most of the time, RDP credentials. However, secrets management is a challenge for IT teams, who must mitigate secrets sprawl, hardcoded and embedded credentials, and duplicative data stores in hybrid cloud and multi-cloud environments. Keeper Secrets Manager (KSM) is a fully cloud-based, Zero-Knowledge platform for managing IT infrastructure secrets such as API keys, database passwords, cloud access keys, certificates, SSH keys, service account passwords, and any other type of confidential data. KSM seamlessly integrates into nearly any data environment, with no additional hardware or cloud-hosted infrastructure required. It offers out-of-the-box integrations with a wide variety of DevOps tools, including Github Actions, Kubernetes, Ansible and more.

Segment Resources: https://www.keepersecurity.com/en_GB/secrets-manager.html

This segment is sponsored by Keeper Security. Visit https://securityweekly.com/keepersecurity to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw266

This week in the Enterprise News: Quincy man rescues coworker from Ukraine, Cloudflare Email Security Tools, New CISA Vulns, RSA Conference Acquired, Massive Rounds, & \Incident Reporting Signed into Law, & more!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw265

Learn how a proactive cybersecurity program can be a game changer for an organization's success through continuously assessing risk and evolving to stay ahead of threats. Join us as we discuss impactful ways to stay one step ahead with Pablo Zurro, Product Manager at Core Security, by HelpSystems.

Segment Resources: [

Guide] Taking Back Control: A Proactive Approach to Advance Your Security Maturity

- https://static.helpsystems.com/core-security/pdfs/guides/cs-advancing-your-security-maturity-gd.pdf

[Video] Core Impact Pen Testing Software Overview

- https://www.coresecurity.com/resources/videos/core-impact-overview

https://static.helpsystems.com/hs/pdfs/2022/datasheet/hs-security-maturity-matrix-ds.pdf

This segment is sponsored by Core Security, A Help Systems Company. Visit https://securityweekly.com/coresecurity to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw265

The segment will cover a brief overview of the attack surface market - what it is, why it’s necessary to have an additional tool along with DAST, SAST. It will also cover how Detectify’s unique advantage of crowdsourcing is a true differentiator in the EASM market and how the model differs from the big Bug Bounty Platforms. It will detail on how Detectify collaborates with ethical hackers to crowdsource security research from the forefront of the industry, so you can check for 2000+ common vulnerabilities.

Segment Resources:

https://detectify.com/external-attack-surface-management

https://detectify.com/crowdsource/what-is-crowdsource

This segment is sponsored by Detectify. Visit https://securityweekly.com/detectify to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw265

In the Enterprise Security News for this week: Google intends to acquire Mandiant HelpSystems to pick up Alert Logic - at least their 11th security acquisition in the past 3 years, Rumor that Abnormal Security could be our next security unicorn, Axonius raises a $200M Series E, A number of AppSec and cloud security startups raise their first big rounds, SEC requires public companies to report breaches within 4 days,Did we mention Google is buying Mandiant? All that and more, on this episode of Enterprise Security Weekly.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw264

There's a LOT of noise in the security industry. We've catalogued over 10,000 cybersecurity products and each of the companies behind these products has a marketing team, a twitter account, a blog, and a ton of content to blast at enterprise security buyers. There's an interesting connection between GreyNoise's product, founder, and principles. While building a product that filtered out the noise that wastes most security operations teams' time, Andrew was dead set against building a startup that resembled the typical security startup. We'll discuss Andrew's unique path to market, the latest features of GreyNoise, and where the lines are drawn between malicious and benign scanning.

Segment Resources: GreyNoise Visualizer (free web tool for researching scanner IPs): https://www.greynoise.io/viz/query/?gnql=last_seen%3A1d

GreyNoise Trends for Apache Log4j Exploit Attempts: https://www.greynoise.io/viz/tag/apache-log4j-rce-attempt

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw264

Managing firewall rule reviews, especially for PCI-DSS, can be complex but it doesn't have to be. Hear from Jeff Styles as he talks about how you can automate this process to keep you compliant and secure.

This segment is sponsored by FireMon. Visit https://securityweekly.com/firemon to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw264

We'll cover the cutting-edge recommendations in the US federal governments January 2022 memo on their "transition to zero trust". Then we'll talk about what the standard definition of "zero-trust" means in our industry, and why it doesn't mean "trust zero things". Finally, we'll chat about architectures that can get us closer to actually trusting zero things.

Segment Resources:

Analysis of the federal government's zero trust memo: https://www.bastionzero.com/blog/i-read-the-federal-governments-zero-trust-memo-so-you-dont-have-to

https://www.bastionzero.com/blog/bashing-vpns-for-fun-and-profit

Zero trust security models

https://docs.bastionzero.com/product-docs/home/security-model

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw263

Finally, in the Enterprise Security News, BlueVoyant raises a $250M Series D to become security’s newest unicorn (baby unicorn, awww), Balbix raises a $70M Series C, Scope Security announces a $20M Series A to specifically focus on monitoring and defense for healthcare, Palo Alto introduces a new product aiming to disrupt the SIEM market, Third Party Risk Management vendors come together to forge the one ring of standards to rule all of cyber (less forge, more rubber stamp though), Signal Science founder, former Etsy CISO, and honorary level 80 DevOps wizard Zane Lackey is now a general partner at Andreesen Horowitz (A16Z), All that and more, on this episode of Enterprise Security Weekly!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw263

90% of cloud runs on Linux, but current countermeasures are focused on addressing Windows-based threats, leaving multi-cloud deployments vulnerable to attacks. So, is it any wonder that malware is propagating in multi-cloud environments under the radar?

Segment Resources:

https://via.vmw.com/exposingmalware

This segment is sponsored by VMware. Visit https://securityweekly.com/vmware to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw263

This week in the Enterprise News: eSentire raises $325M as it expands into services Beyond Identity raises $100M to build out MFA, Secureframe raises $56M to help folks with SOC 2 and HIPAA compliance, Nashville-based Phosphorus Cybersecurity raises $38M to secure IoT devices (curious about the name - what kind of Phosphorus? Could be dangerous!), anecdotes raises a $25M Series A to compete in the same space as Secureframe (lots of money for folks that ease compliance pains!), Cloudflare acquires, Area 1 Security for $162M, Darktrace acquires ASM vendor Cybersprint, Snyk acquires Fugue, Andy Ellis drops an SBOM in his latest opinion piece, the latest of several thought-provoking hot takes from him, CISA publishes a list of free tools and services, & more!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw262

This discussion will provide a brief overview of the Incident Command System for Industrial Control Systems processes and describe how ICS4ICS will help companies better manage industrial cyber incidents. We will discuss how ICS4ICS will enable companies to work with government agencies and mutual aid partners when a cyber incident impacts an entire industrial sector or multiple sectors.

Segment Resources:

General info and to sign up for more information in our newsletter: https://gca.isa.org/ics4ics

Learn more about our call to volunteers: https://gca.isa.org/blog/ics4ics-will-improve-management-of-ics-cybersecurity-incidents

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw262

Cloud, DevOps, Kubernetes - the world has gone crazy. We don't have servers anymore - we have workloads, instances, and serverless. We have CI/CD pipelines. These workloads are distributed, immutable, and ephemeral (aka 'DIE' - hi Sounil!) in many cases. Today, we chat with Jimmy Vo about what it was like, as a detection engineer, to come from a traditional banking environment and suddenly get thrown into a world full of 'cloud-first' startups. "DevOps folks are nuts." --Jimmy Vo

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw262

Finally, in the Enterprise Security News, Securonix raises $1B in Vista-led round (it’s like they ate a unicorn!), Salt Security becomes a Unicorn, has not been eaten (yet), Legit Security raises a totally legit $26.5M Series A, Vicarius and Calamu raise Series As ,Permit.io, KSOC, Titaniam, Canonic Security, Allure Security, and SecureThings all pick up seed funding! We look at Big Tech’s cybersecurity funding and acquisitions, The rumor mill goes nuts over a Cisco/Splunk deal that’s probably not happening (maybe?) Why are cybersecurity asset management startups so hot right now? New products, unhelpful legislation, a major acquisition, & of course a few squirrel stories!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw261

Definitions of the word intelligence include a collection of information of military or political value as well as the ability to acquire and apply knowledge or skills. In cybersecurity, when we possess intelligence, we feed that data in our Security Operations Center (SOC) to further analyze the risk present. In this case, the risk is based on the probability of threats materializing and the impact they would have on the organization. We’re calling the output of that SOC Cyber Risk Intelligence. Cyber Risk Intelligence is the ability to think holistically about risk and provide information that decision makers can act on...not just analyze. Traditional Vendor Risk Management (VRM) processes focus on the gap, which is essentially information that needs to be further analyzed against the risk to the business. This is an additional step that takes time and effort, especially when different compliance frameworks and threats are constantly emerging.

Segment Resources: https://www.cybergrx.com/resources/research-and-insights/blog/beyond-risk-management-how-cyber-risk-intelligence-tools-are-changing-the-tpcrm-game

This segment is sponsored by CyberGRX. Visit https://securityweekly.com/cybergrx to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw261

0patch is a simple but powerful service that provides tiny targeted security patches to Windows computers, eliminating the most critical vulnerabilities without restarting the computer or relaunching applications. A different approach to patching allows us to both create and deploy 0day patches much quicker than original vendors can with their traditional update processes.

Segment Resources:

0patch Blog with many posts on vulnerabilities and patches we make

https://blog.0patch.com/

0patch FAQ

https://0patch.zendesk.com/hc/en-us/categories/200441471

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw261

Finally, in the Enterprise Security News, Security automation startup Cerby raises $12M, Virtual CISO startup Cynomi raises 3.5M to help SMBs automate cybersecurity, Keeper Security acquires Glyptodon (I’m 90% certain Keeper hasn’t just purchased the remains of an ancient, long-extinct armadillo), SecurityScorecard acquires LIFARS, a DFIR consulting firm, There’s a rumor that Microsoft is considering picking up Mandiant with all the extra cash still laying around after the Activision/Blizzard buy, & DHS launches the first-ever cyber safety review board!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw260

We discuss the current state of identity challenges in the enterprise with Branden Williams.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw260

One of the key features of cryptocurrency, NFTs, and other blockchain-based technologies is the immutable ledger. Put another way, there's no clear way to implement an 'undo' button when it comes to blockchain. In more traditional situations, passwords can be reset. Financial institutions can issue a stop payment order.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw260

Finally, in the Enterprise Security News, Island raises $100M to introduce a new Chromium-based web browser, designed for the enterprise, Plextrac rasies a $70M Series B, HackerOne raises a $49M Series E, Tenable acquires BAS vendor Cymptom, Orca swallows up RapidSec (sorry, had to), Cybereason confidentially files for IPO, KKR looks to offload Optiv, Cybersecurity startup trends of 2022, 1000 Unicorns, Infosec Startup Buzzword Bingo, We’ve got fundings, IPOs, acquisitions, take privates, a $3B seed round, legislation that makes sense - all kinds of exciting stuff today, on this episode of Enterprise Security Weekly!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw259

In late 2019, Microsoft released their cloud-native SIEM, Sentinel. A lot in the world has changed since then so we'll be looking at Sentinel's progression, talking about it's features and what may make it attractive to enterprises in 2022 and beyond.

To register for Darwin’s upcoming workshop with Security Weekly, please visit: https://attendee.gotowebinar.com/register/2393226017093033995?source=esw

Microsoft Sentinel Ninja Training - https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/become-a-microsoft-sentinel-ninja-the-complete-level-400/ba-p/1246310#

Forrester MSFT Sentinel reports indicating 201% ROI over 3 years - https://www.microsoft.com/security/blog/2020/11/16/forrester-tei-study-azure-sentinel-delivers-201-percent-roi-over-3-years-and-a-payback-of-less-than-6-months/

If you want to get started with Kusto Query Language (KQL) without having to bootstrap your own environment, MSFT has a live log analytics workspace with tons of log data. You must have an Azure subscription to use. Link : https://aka.ms/lademo

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw259