Check out this interview from the ESW Vault, hand picked by main host Adrian Sanabria! This segment was originally published on September 22, 2021.
Chris will discuss the relevance of intelligence and threat hunting today and how they work together. He will also talk about his EASY framework for creating impactful intelligence and its relation to hunting!
Show Notes: https://securityweekly.com/vault-esw-8
This is almost a special episode on crazy new products. For the first half of the show, we discuss startup funding, market forces, acquisitions - stuff we usually discuss.
Then we get into all the crazy new AI and non-AI products being announced and coming out. Have some disposable cash to pre-order crazy gadgets? This is the episode for you!
Show Notes: https://securityweekly.com/esw-350
In this segment, featuring guest Amer Deeba, we'll explore how the SEC's new breach reporting rules will affect companies. We've got a ton of questions: What behavior has to change? What additional preparation needs to take place? How does this rule affect data security? How does it affect crisis communications?
And most importantly, when is an incident "material"?
Show Notes: https://securityweekly.com/esw-350
This week, we discussed how a quick (minutes) and cheap ($15 a pop) fake ID service creates VERY convincing IDs that are possibly good enough to fool ID verification services, HR, and a load of other scenarios where it's common to share images of an ID. Kudos to 404Media's work there.
In the security market, we discuss who might be the first cybersecurity unicorn to go public in 2024, Oasis Security and Tenchi's funding rounds, Protect AI's acquisition of Laiyer AI and their FOSS project, LLM Guard. We discussed the seemingly inevitable M&A activity as unfunded security startups NEED to find a sale. Ross Haleliuk had an interesting LinkedIn post that goes deeper on this topic. Finally, we discussed Tyler's observation that Palo Alto Networks did the seemingly impossible - increased their valuation from $19B to over $100B in 5 years, despite having to weather a pandemic and market downturn along the way! Ryan pointed out that PANW joined the S&P 500 somewhere along the way - a watershed moment for them.
We discussed Bluesky and how it's likely too little too late when it comes to building back the community we lost when much of the InfoSec community left Twitter.
We also discussed a cybersecurity training scammer, Daniel Miessler's new Fabric tool, AnyDesk getting hacked, The Real Shim Shady vuln, new (voluntary) cybersecurity goals for healthcare, and the lack of toothbrush-enabled DDoS attacks!
Full show notes here: https://www.scmagazine.com/podcast-episode/3061-enterprise-security-weekly-349
Show Notes: https://securityweekly.com/esw-349
Legacy systems are riddled with outdated and unreliable cryptographic standards. So much so that recent proprietary research found 61 percent of the traffic was unencrypted, and up to 80% of encrypted network traffic has some defeatable flaw in its encryption
No longer can enterprises take their cryptography for granted, rarely evaluated or checked.
Knowing when, where and what type of cryptography is used throughout the enterprise and by which applications is critical to your overall security policy, zero-trust approach, and risk management strategy. After all, zero-trust is meaningless if your cryptography isn't working.
Segment Resources: https://www.businesswire.com/news/home/20231030166159/en/Proprietary-Research-from-Quantum-Xchange-Shows-the-Dreadful-State-of-Enterprise-Cryptography
https://www.forbes.com/sites/forbestechcouncil/people/vincentberk/?sh=3d88055852c1
This segment is sponsored by Quantum Xchange. Visit https://securityweekly.com/quantumxchange to learn more about them!
Show Notes: https://securityweekly.com/esw-349
In this week's Enterprise Security News, Adrian, Tyler, and Katie discuss: 1. Tons of funding! 2. A notable acquisition! 3. The line is blurring between services and product firms 4. Apparently IronNet isn’t dead? 5. The toxicity of Hero culture in tech 6. Knowing when to quit 7. AI-powered fraud is hitting close to home 8. Quantum snake oil is getting worse 9. Prompt injection 10. Are you being hacked by your washing machine?
All that and more, on this episode of Enterprise Security Weekly.
Show Notes: https://securityweekly.com/esw-348
We've seen general users targeted with phishing, financial employees targeted for BEC scams, and engineers targeted for access to infrastructure. The truly scary attacks, however, are the indirect ones that are automated. The threats that come in via software updates, or trusted connections with third parties.
The software supply chain is both absolutely essential, and fragile. A single developer pulling a tiny library out of NPM can cause chaos. A popular open source project changing hands could instantly give access to millions of systems. Every day, a new app store or component repository pops up and becomes critical to maintaining infrastructure.
In this interview, we'll chat with Pete Morgan about how these risks can be managed and mitigated.
Segment Resources:
Show Notes: https://securityweekly.com/esw-348