As more organizations explore edge computing, understanding the entire ecosystem is paramount for bolstering security and resiliency, especially within a critical industry like healthcare. In this segment, Theresa Lanowitz, Head of Cybersecurity Evangelism at AT&T Business, will provide a deep dive into the state of edge computing—specifically, how it is revolutionizing healthcare.
This segment is sponsored by AT&T Cybersecurity. Visit https://securityweekly.com/attcybersecuritybh to learn more about them!
With Active Directory (AD) exploited in 9 out of 10 cyberattacks, delaying AD modernization—especially after a merger or acquisition—can compound security risks. Security is the most compelling reason to migrate to a pristine AD forest or perform an AD forest or domain consolidation, but many organizations delay such projects due to the effort and planning they require. We talk with Mickey Bresman about the keys to a smooth and secure AD modernization strategy.
This segment is sponsored by Semperis. Visit https://securityweekly.com/semperisbh to learn more about them!
Security organizations are increasingly adopting data lakes and cloud services as additions or alternatives to traditional SIEMs, but face challenges like scarcity of data engineering expertise and high data ingestion and cloud compute costs. To overcome these, a new security data stack is emerging, guided by models like SecDataOps and supported by solutions like Tenzir. In this segment, we will be talking about what is driving the heavy use of data in security operations, why that is stressing traditional security operations tools and processes, and what some early-adopter organizations are doing to meet these challenges.
This segment is sponsored by Tenzir. Visit https://securityweekly.com/tenzirbh to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-328
In the enterprise security news,
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-328
We discuss Ian Amit's background and what led him to want to leave the CISO life to create a startup! It's one thing for a security product to report problems to a security team. Everyone has these tools, but the problem is that someone has to analyze and triage all those findings, leading to alert fatigue and not a lot getting fixed. Gomboc is proposing to address this gap by auto-generating the fix.
https://www.blackhat.com/us-23/spotlight.html
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-327
This week, we discuss Kubernetes attacks and CPU attacks. We also have a better idea of what valuation losses might be for security startups, thanks to the Check Point/Perimeter 81 acquisition. MITRE releases, ATLAS, an ATT&CK-style framework for machine learning models. Bloodhound's new rearchitected Community Edition is out, and Las Vegas's Sphere hasn't been hacked... yet.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-327
Binarly is one of only a few startups focused on highlighting security issues in firmware. The company has discovered a remarkable number of vulnerabilities in firmware in a very short time. Its' founder, Alex Matrosov, joins us to discuss insights discovered along his company's journey to convince vendors that firmware is worth securing.
https://www.blackhat.com/us-23/spotlight.html
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-327
This week in the Enterprise Security News: we discuss securing open source, Cyberinsurance, Hackerone Layoffs, and whether or not Sharks have noses!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-326
Fareedah Shaheed, aka CyberFareedah, has dedicated herself to educating the public on online safety. Today, we'll talk about the challenges she has faced in building a training company from scratch, targeting both consumers, and private business. Her journey is interesting from multiple perspectives: as a business owner, an immigrant, becoming an influencer, and establishing herself as a cybersecurity thought leader - all within less than half a decade!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-326
While malware and ransomware tend to dominate cybersecurity headlines, Fortra’s research shows that nearly 99% of email threats reaching corporate inboxes utilize impersonation rather than malware. Email impersonation is a key component of credential phishing, advance fee fraud, hybrid vishing, and business email compromise schemes. Because email impersonation scams rely on social engineering rather than technology, the barrier to entry for an aspiring cybercriminal is almost non-existent. In this segment, we’ll explore strategies for defending against email impersonation.
Segment Resources:
Fortra Cybersecurity Learning Resources: https://www.fortra.com/resources/cybersecurity-education?code=cmp-0000012210&ls=717710002&utm_source=cyberrisk-alliance&utm_medium=contsynd&utm_campaign=ft-brand-awareness
2023 BEC Trends, Targets, and Changes in Techniques: https://static.fortra.com/agari/pdfs/report/fta-ag-2023-bec-trends-targets-changes-in-techniques-rp.pdf
This segment is sponsored by Fortra. Visit https://securityweekly.com/fortra to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-326
This week, we discuss the state of the market as OneTrust announces a round, one year after they laid off nearly 1000 employees. We also note that we continue to see more and more non-US cybersecurity vendor activity - France and India specifically this week. An IBM report tries to tie security spending to breach costs, but we disagree. We discuss the impact of InfoSec leaving Twitter, and the odds of whether or not the Las Vegas Sphere will get hacked during DEF CON.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-325
The concept of Edge computing has evolved over the years and now has a distinct role alongside the public cloud. AT&T Cybersecurity just released their 12th report on this market, which explores insights from a massive, 1400 respondent survey. Theresa Lanowitz joins us to discuss the findings of the report, and the future of this market.
https://cybersecurity.att.com/insights-report
This segment is sponsored by AT&T Cybersecurity. Visit https://securityweekly.com/attcybersecurity to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-325
The traditional concept of the CISO may literally be 'too much', according to Nathan Case. It's based on systems of control and unrealistic assumptions that don't survive contact with real life. In this conversation, we'll discuss what the top security leadership role should be, and how it differs from the current/old school concept.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-325
Finally, in the enterprise security news, Secure Code Warrior raises $50M to continue educating developers on best security practices, Jamf acquires dataJAR, IronNet’s public run ends soon, Microsoft puts pressure on other cybersecurity stocks, We discuss the Microsoft Storm breach, How to make engineers not hate you, Securely build features using AI APIs WormGPT, National Cybersecurity Strategy Implementation Plan, Cybersecurity labels Google plans to scrape everything you post for AI, & the Year of the Linux Desktop!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-324
Zero Trust is an imperfect concept and is often impractical to deploy comprehensively at scale, but that doesn't mean it can't do any good. In this interview, we talk with practitioner Ryan Fried about his experiences implementing Zero Trust in real life. We'll also discuss his new role at Mandiant, and why the glue that holds together people, process, and tools is so important.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-324
Today, we talk to Juliet about what's wrong with security programs today and what security leaders should be doing to fix them. We'll discuss how security programs can look rosy... until the incident hits, and the true posture of the organization is laid bare. How can CISOs still look good and maintain the org's trust under the worst of circumstances? In this interview, Jules will tell us how.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-324
Finally, in the enterprise security news: We were off for a week, so there are 17 fundings to discuss! AI security startups emerge, and 8 acquisitions! Snyk loses 50% off its valuation is building security tools the wrong approach? SEC delays new cybersecurity rules, Why taylor swift fans should work in security, All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-323
Tim MalcolmVetter has been alternating between blue team and red team roles for years. Moving between the two has had its advantages, giving Tim a better understanding of what works, what doesn’t and why. We’ll discuss a variety of topics, including the pros and cons of industry talent pipelines, Kerberoasting, and AI trends.
2023 Cybersecurity Conversations Report: https://eb1x.co/NWn0RHK
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-323
InfoSec might have a hoarding problem, but it’s easy to understand why. It’s almost impossible to know what logs you’re doing to need, when you’re going to need them, or for what reason. SIEM vendors have taken advantage of these InfoSec data hoarding tendencies, however, and are making a killing charging a premium for storage - even when the storage in question is your own on-prem hardware. There ARE alternatives, however, but it seems most folks aren’t aware of this. In this interview with Eric Capuano, we’ll discuss both the practical and economic shortcomings of the traditional SIEM model. We’ll discuss the challenges of various SIEM use cases. Most importantly, we’ll discuss the new models actively replacing them. (No, they’re not branded as next-gen SIEMs)
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-323
Check out this interview from the ESW Vault, hand picked by main host Adrian Sanabria! This segment was originally published on August 11, 2022.
Following in the footsteps of an attacker and uncovering their digital footprints, this episode will uncover an attacker’s techniques used and how they went from zero to full domain admin compromise, which resulted in a nasty ransomware incident. It will also cover general lessons learned from Ransomware Incident Response.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/vault-esw-3
This week, for the enterprise security news, we discuss the continuing impact of the market downturn and how it might affect late stage startups. We also discuss the state of cyber insurance - is it improving? SEC is starting to get traction with new and proposed cyber rules. Enterprise browsers not living up to the hype isn't even a hot take anymore, it's merely smoldering. Valence Security's state of SaaS report is out, and finally - how much would you pay for an AI camera that has no lens?
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-322
Paddy Harrington joins us from Forrester research to discuss his findings in this year's state of IoT security report. Computers have been shoved into anything and everything, both in the home and in the workplace. Paddy will share some interesting insights from the report, and we'll discuss why some of the results seem to conflict.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-322
Securing data is hard. Business stops when data flows are hindered, stopped, sometimes even slowed. Placing controls around data traditionally leads to more friction and less productivity. Can it be a different story in the cloud? Today, we find out when we talk to Dan Benjamin about why he founded Dig and the space they're trying to fill in public cloud services.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-322
Check out this interview from the ESW Vault, hand picked by main host Adrian Sanabria! This segment was originally published on September 29, 2021.
No Man is an Island. Neither can a security program exist without interconnections and strong relationships to the rest of the business. Yet, over and over again I meet Security Leaders that thrive on designing security fiefdoms with large moats, and one bridge that they roll down only when they intend to roll out a new technology, initiative or need budget authority. There is no amount of authority or power that can provided to a CISO that makes he or she immunized against the need for communication, collaboration and diplomacy with peers, users and Senior Executives.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/vault-esw-2
This week, in the news segment, we discuss the user-facing security trend, bad ideas in company naming/branding, and why you might not want to be on a list of the top 200 most secure companies. We also discuss the right way to treat employees when doing layoffs, and the future for companies that probably shouldn't have received funding before the market downturn. Finally, France uses AI to discover untaxed pools.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-321
Explore the rapidly-evolving landscape of Managed Detection and Response (MDR) with insights from Sophos, a pioneering MDR provider. Understand how businesses can gain superior security outcomes and better value from their investments by integrating 3rd party products natively into an adaptive ecosystem backed up by 24/7/365 threat detection, incident response and proactive threat hunting from one of the largest global providers of MDR services.
Segment Resources:
https://www.sophos.com/en-us/x-ops
This segment is sponsored by Sophos. Visit https://securityweekly.com/sophos to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-321
The WAF has a relatively long history with InfoSec. A few years back, we saw the traditional architecture separated by new technologies and philosophies on the best way to detect and stop web-borne attacks. In this episode with Daniel Corbett, we'll take a deep dive into the latest on WAF capabilities, what it means to be 'next-gen' in the WAF world, and how LLM AI like ChatGPT could influence the attacks we see (and have to defend against) in the near future.
This segment is sponsored by Fastly. Visit https://securityweekly.com/fastly to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-321