This week in the Enterprise News, Mission Secure Announces Series B, Akamai Technologies Acquires Inverse, for Microsoft, Security is a $10 Billion Business, Sontiq acquires Cyberscout, IRONSCALES improves the ability to detect phishing attacks, Imperva updates its WAAP and Data Security offerings, SonicWall Confirms A Zero-Day Vulnerability with NO other details, Arista intros Multi-Domain Macro-Segmentation Service (I don't know what it means, but its provocative), & more!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw215
Do we really need to be freaking out? What could we and should we be doing in general regardless of SolarWinds?
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw214
Fredrik Nordberg Almroth, Security Researcher at Detectify, tells the story of how he managed to claim the top-level domain of an entire country - the Congo (DRC), .cd - before any bad actors could snatch it up. He will also discuss domain takeovers (TLD as well as subdomains) and how they can be prevented. Key to this is to keep track of your assets and monitor them for vulns.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw214
This week, in the Enterprise Security News, Platform9 unburdens users from the complexities of Kubernetes, Swimlane Raises $40 Million, SonicWall hacked by zero-days in its own products, Deloitte Buys Root9B, Cygilant and SentinelOne Partnership, Fortinet announces AI-powered XDR, AlgoSec Announced updates to A32, ESET Launches Enhanced Cloud-based Endpoint Security Management, Entrust acquires HyTrust, LogRhythm acquires MistNet, Huntress Acquires EDR Technology From Level Effect, & more!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw214
The DBoM consortium is a Linux Foundation project to be able to share information with third parties safely, securely, and with control over the information, even after handing it over! Unisys has just open-sourced the code to make this possible, and Chris was a big part of their effort. Using a blockchain-based approach, DBoM works to share software bill of materials (SBoM)s in a fashion that works in a cloud-centric, internet time approach.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw213
We all know asset management is one of the basics. In fact, it's literally the first two items on the Center for Internet Security's list of top 20 critical security controls. https://www.cisecurity.org/controls/cis-controls-list/ The term "basics" can be deceptive though. We typically expect something basic to also be easy. This is InfoSec though, and the basics aren't simple or easy. We call them basics because they're foundational. Put another way, the other 18 critical security controls on that top 20 list can't be applied to assets that haven't been discovered yet! In the past few years, we've seen a resurgence in asset management. There are a few players taking a fresh crack at solving this problem and we're hearing positive things. Could this be the year we get a better handle on discovering and managing assets? Join us as we discuss.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw213
This week, Beyond Security partners with Vicarius, Amazon’s Parler removal and what it means for Cloud onfidence, Kount sold to Equifax, McAfee vs Crowdstrike, JumpCloud raises some funds, Red Hat acquires StackRox, and SolarWinds warnings of weak security and more!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw213
The current ransomware, breaches, and nation state attacks have defenders feeling overwhelmed and under resourced. Can defensive teams really have defended against this type of supply chain attack and what can every security team do for best practices within Active directory and Azure federation to reduce your enterprises risk.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw212
A casual and candid conversation on database security. Talking through the current data trends including the transition to the cloud and what this means for the database security practitioner. What pitfalls and tools can be used to help simplify and maximize the security professional's transition to a fully monitored data environment solving for Cloud/Hybrid cloud and traditional on-premise.
This segment is sponsored by Imperva.
Visit https://securityweekly.com/imperva to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw212
This week, Tyler Shields joins us for his first episode as Co-Host, and John Strand returns! In the Enterprise News, Two data security companies merge, Veracode's products are now available in the AWS Marketplace, Zscaler launches a program for organizations dealing with the SolarWinds attack, SolarWinds is being sued in a class action lawsuit, funding announcements from Weaveworks, iBoss and Venafi!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw212
When you roll-out the Mimecast Awareness Training best practices to your organization and embrace your employees, you will achieve something magical - employees who become an extension of your security team. Remember security is a team sport which requires the hearts of your employees and the minds of all. So, when do you that you’re successful? One, would be when your employees recognize threats and share it with others in the office to not click on malicious items, creating community defense. The other, is when your employees are taking their best practices home to train their families. More importantly, it is when your company as a whole is excited about cyber security and see it as an enabler and fun!
This segment is sponsored by Mimecast. Visit https://securityweekly.com/mimecast to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw211
As organizations come to terms with continued uncertainty in 2021, Martyn will discuss the importance of hybrid network visibility in building an IT infrastructure that can meet the needs of this environment. Specifically, how visibility is the key to supporting and securing the fluid workforce in the post-COVID world even with budget constraints and limited resources.
This segment is sponsored by Gigamon. Visit https://securityweekly.com/gigamon to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw211
This week in the Enterprise security News, A Hack brought unwanted attention to SolarWinds, Datadog and Snyk unveil GitHub integration to automate software development workflow, Thoma Bravo Invests In Machine Identity Management/Security Startup Venafi, FireEye Closes $400M Blackstone Investment, and DigiCert now enables manufacturers to embed certificates on chips prior to manufacturing!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw211
Polarity uses computer vision that works like augmented reality for your data. It's not a new dashboard to search or a new portal to manage. Polarity augments your existing workflows, enriching your view as you do your work so you can see the story in your data without sacrificing thoroughness or speed. We'll be talking about how analysts are using Polarity to balance thoroughness and speed.
This segment is sponsored by Polarity. Visit https://www.polarity.io/esw to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw210
These days, we're all learning about human immunology from the headlines. What are the equivalent defenses for our networks? How do we achieve resilience at scale, when we don't really have a network immune system?
This segment is sponsored by RedSeal. Visit https://securityweekly.com/redseal to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw210
This week in the Enterprise News, How Kali Linux creators plan to handle the future of penetration testing, Tenable founders launch cybersecurity foundation to hand out grants, FireEye cybersecurity tools compromised in state-sponsored attack, Bitdefender launches cloud-based endpoint detection, response platform for companies, and Sysnet acquires Viking Cloud to enhance its cloud security platform and boost market expansion!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw210
How bad is the diversity problem in the Cybersecurity industry? Have we made any progress or is it all talk? In this special Enterprise Security Weekly segment, we are joined by industry professionals to learn where have we been, where do we need to be, and how do we get there?
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw209
Before you go picking technologies, you have to have a plan. How does one create that plan? Ferruh will focus on some concrete steps to create an AppSec plan using Netsparker's simple framework.
This segment is sponsored by Netsparker. Visit https://securityweekly.com/netsparker to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw209
This week in the Enterprise Security News, securing Amazon EKS, Attivo Networks announces a new integration, a cloud security mapping startup comes out of Stealth, recent funding announcements from DefenseStorm, GoSecure, EclecticIQ and more!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw209
Vulnerability prioritization has traditionally relied on CVSS scores and other subjective measurements (e.g. asset tagging) that don't factor in internal context. A new approach integrates asset context and application activity to derive rich, internal data.
This segment is sponsored by Vicarius. Visit https://securityweekly.com/vicarius to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw208
It's widely-accepted that multifactor is a best practice for authentication, but there are a variety of implementations (e.g., smart cards, push notifications, OTPs). We'll talk through the benefits and drawbacks of each and explore why Microsoft's director of identity security just published a blog post about abandoning text messages for Office365/Azure authentication.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw208
This week, Why Companies Should Outsource Cybersecurity During COVID and Beyond, Sectigo Adds Five PKI DevOps Integrations, a Drupal vulnerability press statement from ExtraHop, Palo Alto Networks launches Industry’s first 5G-Native Security offering, And Passwords exposed for almost 50,000 vulnerable Fortinet VPNs!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw208
Osquery has grown in popularity because of its broad applicability in enterprise environments. In this tech segment, Ganesh Pai and Julian Wayte from Uptycs will talk about how organizations are using osquery to solve thorny problems such as fleet visibility, compliance and audit, and threat detection and investigation (including MITRE ATT&CK coverage).
This segment is sponsored by Uptycs. Visit https://securityweekly.com/uptycs to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw207
The recent surge of ransomware attacks has highlighted a shift in tactics employed by threat actors looking to extort organizations. Their methodology has changed from a quick, opportunistic attack to a prolonged, targeted approach. This shift in methodology presents threat groups with the opportunity to encrypt more critical data, but also presents security teams with the opportunity to detect activity before data is encrypted. In this talk we'll explore how this allows security analysts to use network detection and response capabilities to discover malicious activity between initial compromise and encryption.
This segment is sponsored by Gigamon. Visit https://securityweekly.com/gigamon to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw207
In the Enterprise News, the all new AWS Network Firewall, Zero Trust for kubernetes, interactive coding simulations, DNS monitoring, and Twitter appoints a new head of security! The latest acquisitions from Cisco, Acronis, Palo Alto Networks, and Flashpoint, and recent funding announcements from Unbound, Havoc Shield, Menlo Security and Cato networks!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw207