Info

Enterprise Security Weekly (Video)

News, analysis, and insights into enterprise security. We put security vendors under the microscope, and explore the latest trends that can help defenders succeed. Hosted by Adrian Sanabria. Co hosts: Katie Teitler-Santullo, Darwin Salazar.
RSS Feed Subscribe in Apple Podcasts
Enterprise Security Weekly (Video)
2025
January


2024
December
November
October
September
August
July
June
May
April
March
February
January


2023
December
November
October
September
August
July
June
May
April
March
February
January


2022
December
November
October
September
August
July
June
May
April
March
February
January


2021
December
November
October
September
August
July
June
May
April
March
February
January


2020
December
November
October
September
August
July
June
May
April
March
February
January


2019
December
November
October
September
August
July
June
May
April
March
February
January


2018
December
November
October
September
August
July
June
May
April
March
February
January


2017
December
November
October
September
August
July
June
May
April
March
February
January


2016
December
November
October
September
August
July
June
May
April


Categories

All Episodes
Archives
Categories
Now displaying: December, 2024
Dec 21, 2024

As we wrap up the year, we have an honest discussion about how important security really is to the business. We discuss some of Katie's predictions for AppSec in 2025, as well as "what sucks" in security!

Show Notes: https://securityweekly.com/esw-388

Dec 20, 2024

Since D3FEND was founded to fill a gap created by the MITRE ATT&CK Matrix, it has come a long way. We discuss the details of the 1.0 release of D3FEND with Peter in this episode, along with some of the new tools they've built to go along with this milestone.

To use MITRE's own words to describe the gap this project fills:

"it is necessary that practitioners know not only what threats a capability claims to address, but specifically how those threats are addressed from an engineering perspective, and under what circumstances the solution would work"

Segment Resources:

Show Notes: https://securityweekly.com/esw-388

Dec 14, 2024

This week, in the enterprise security news,

NOTE: We didn't get to 2, 3, 5, or 7 due to some technical difficulties and time constraints, but we'll hit them next week! The show notes have been updated to reflect what we actually discussed this week: https://www.scworld.com/podcast-segment/13370-enterprise-security-weekly-387

  1. Snowflake takes security more seriously
  2. Microsoft takes security more seriously
  3. US Government takes telecom security more seriously
  4. Cleo Capital takes security more seriously
  5. EU’s DORA takes effect soon
  6. Is phishing and security awareness training worthless?
  7. CISOs need financial literacy
  8. Supply chain firewall is basic but useful

All that and more, on this episode of Enterprise Security Weekly.

Show Notes: https://securityweekly.com/esw-387

Dec 13, 2024

In this segment, we discuss two new FIDO Alliance standards focused on credential portability. Specifically, if passwordless is going to catch on, we need to minimize friction and maximize usability. In practice, this means that passkeys must be portable!

Rew Islam of Dashlane joins us to discuss the new standards and how they'll help us enter a new age of secure authentication, both for consumers and the enterprise.

Segment Resources:

Show Notes: https://securityweekly.com/esw-387

Dec 13, 2024

For our second year now, Mike Privette, from Return on Security and the Security, Funded newsletter joins us to discuss the year's highlights and what's to come in the next 12 months.

In some ways, it has been a return to form for funding, though some casualties of a tough market likely had to seek acquisition when they might have otherwise raised another round and stayed independent a while longer. We'll cover some stats, talk 2025 IPO market, and discuss the likelihood of (already) being in another bubble, particularly with regards to the already saturated AI security market.

It won't be all financial trends though, we'll discuss some of the technical market trends, whether they're finding market fit, and how ~50ish AI SOC startups could possibly survive in such a crowded space.

Show Notes: https://securityweekly.com/esw-387

Dec 7, 2024

This week, in the enterprise security news,

  1. Funding and acquisition news slows down as we get into the “I’m more focused on holiday shopping season”
  2. North Pole Security picked an appropriate time to raise some seed funding
  3. Breaking news, it’s still super easy to exfiltrate data
  4. The Nearest Neighbor Attack
  5. Agentic Security is the next buzzword you’re going to be tired of soon
  6. Frustrations with separating work from personal in the Apple device ecosystem
  7. We check in on the AI SOC and see how it’s going
  8. Office surveillance technology gives us the creeps

All that and more, on this episode of Enterprise Security Weekly.

Show Notes: https://securityweekly.com/esw-386

Dec 6, 2024

When focused on cybersecurity through a vulnerability management lens, it's tempting to see the problem as a race between exploit development and patching speed. This is a false narrative, however. While there are hundreds of thousands of vulnerabilities, each requiring unique exploits, the number of post-exploit actions is finite. Small, even.

Although Log4j was seemingly ubiquitous and easy to exploit, we discovered the Log4Shell attack wasn't particularly useful when organizations had strong outbound filters in place.

Today, we'll discuss an often overlooked advantage defenders have: mitigating controls like traffic filtering and application control that can prevent a wide range of attack techniques.

This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them!

Show Notes: https://securityweekly.com/esw-386

Dec 6, 2024

In this final installment of a trio of discussions with Theresa Lanowitz about Cyber Resilience, we put it all together and attempt to figure out what the road to cyber resilience looks like, and what barriers security leaders will have to tackle along the way. We'll discuss:

  • How to identify these barriers to cyber resilience
  • Be secure by design
  • Align cybersecurity investments with the business

Also, be sure to check out the first two installments of this series!

This segment is sponsored by LevelBlue. Visit https://securityweekly.com/levelblue to learn more about them!

Show Notes: https://securityweekly.com/esw-386

1