View More ESW Episodes

Crushing It – ESW #239

This week, in our first segment, we welcome Allie Mellen, Industry Analyst at Forrester Research, to talk about Humanizing Security Operations! Then, we welcome Darren Guccione, CEO & Co-Founder of Keeper Security, to talk! Finally, In the Enterprise News, iboss adds features to its Cloud Platform for visibility and control, SailPoint Workflows enable customers to automate security tasks, Digital Shadows launches two premium services streams, Praetorian launches and Open Source security scanner, Tigera addresses demand for security of containers and Kubernetes, API Security 101, CVSS scores, and more! Visit https://securityweekly.com/keepersecurity to learn more about them! Visit https:/...

This episode is sponsored by
Full Show Notes
Segment One

Humanizing Security Operations – Allie Mellen – ESW #239

The security industry spends a lot of time talking about the tools of the SOC, especially around making the SOC more 'autonomous'. But is this really what we need?

Allie is also presenting "How to effectively manage XDR" at Maintaining Endpoint Security: New opportunities and new risks (SC Media Virtual Event) on August 24, 2021. Register Now: https://www.scworld.com/virtual-conference/maintaining-endpoint-security-new-opportunities-and-new-risks

Segment Resources: https://go.forrester.com/blogs/stop-trying-to-take-humans-out-of-security-operations/ https://go.forrester.com/blogs/ransomware-survive-by-outrunning-the-guy-next-to-you/ https://go.forrester.com/blogs/xdr-faq-frequently-asked-questions-on-extended-detection-and-response/ https://go.forrester.com/blogs/top-5-lies-security-vendors-tell-about-the-siem/

Guest
Principal Analyst at Forrester Research

Allie Mellen is the author of Code War: How Nations Hack, Spy, and Shape the Digital Battlefield. She is a leading industry analyst who advises the Global 2000 on cybersecurity policy and practice, with a focus on detecting and responding to nation-state attacks. She is a featured speaker at many leading security conferences, including RSA Conference, Black Hat, SANS events, and others. Her insights are frequently featured in top business and technology outlets such as NPR, The Wall Street Journal, and The Washington Post. 

Announcements

  • InfoSec World 2021 is proud to announce its keynote lineup for this year’s event! Hear from Robert Herjavec plus heads of security at the NFL, TikTok, U.S. Department of Homeland Security, Stanford University, and more… Plus, Security Weekly listeners save 20% on Digital Pass registration! Visit https://securityweekly.com/isw2021 to register now!

Segment Two

Cybersecurity Tips & Challenges in the Hybrid Work Era – Darren Guccione – ESW #239

As organizations shift to respond to an ever-changing landscape of cybersecurity challenges, cybercriminals are trying to stay one step ahead. The last two years have brought an explosion of ransomware attacks and other cybersecurity threats that prey on existing security weaknesses and vulnerabilities that opened when moving to a remote or hybrid work environment. Our discussion will include ways to combat these threats, as well as learning to boost your existing cybersecurity policies and infrastructure.

This segment is sponsored by Keeper Security.

Visit https://securityweekly.com/keepersecurity to learn more about them!

Guest
CEO and Co-Founder at Keeper Security

Darren Guccione is the co-founder and CEO of Keeper Security, a leading provider of cloud-based zero-trust and zero-knowledge cybersecurity software designed to protect passwords, passkeys, secrets, connections and privileged access.

Announcements

  • CyberRisk Alliance, in partnership with InfraGard, has launched the Critical Infrastructure Resilience Benchmark study. Measure your readiness for ransomware by completing the survey and getting your score. Visit https://securityweekly.com/CIRB to take the survey

Segment Three

New iboss Features, CVSS Scores, Praetorian GoKart, & Anti Anti-Money Laundering – ESW #239

This week In the Enterprise News, iboss adds features to its Cloud Platform for visibility and control, SailPoint Workflows enable customers to automate security tasks, Digital Shadows launches two premium services streams, Praetorian launches and Open Source security scanner, Tigera addresses demand for security of containers and Kubernetes, API Security 101, CVSS scores, and more!

Announcements

  • Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.

  • In an overabundance of caution, we have decided to flip this year’s SW Unlocked to a virtual format. The safety of our listeners and hosts is our number one priority. We will miss seeing you all in person, but we hope you can still join us at Security Weekly Unlocked Virtual! The event will now take place on Thursday, Dec 16 from 9am-6pm ET. You can still register for free at https://securityweekly.com/unlocked.

List of Articles

Adrian Sanabria

  1. TOOLS: New Anti Anti-Money Laundering Services for Crooks – Krebs on Security
    So normally, when we mention tools, they're for defenders. In this case, this is a tool to help cybercriminals avoid airing their dirty laundry to law enforcement while laundering their criminal proceeds.
  2. MERGER: Norton and Avast are merging into an $8 billion antivirus empire
    Close your eyes and imagine this: It's February 2005 and you read the headline: "Hollywood Video and Blockbuster are merging into a video rental empire!". What are your immediate thoughts, given you have 16 years of hindsight on the outcome for both those businesses? The real kicker? The big concern wasn't Netflix, it was whether the FTC would allow it, citing anti-trust concerns! I'm betting the press release definitely won't mention the fact that they're representing the absolute bottom, gutter end of low-margin, discounted, shrinking consumer cybersecurity software. Symantec has been on a rollercoaster - first with the split from Veritas in 2014 when they also combined with Blue Coat and shuffled the exec team. Then, in 2019, the company was split into consumer and enterprise, with the consumer side becoming Norton LifeLock and the enterprise side going to Broadcom, which consumed Computer Associates a while back.
  3. ACQUISITION: Sophos Acquires Refactr to Optimize Managed Threat Response (MTR) and Extended Detection and Response (XDR) with Security Orchestration Automation and Response (SOAR) Capabilities
    Pitched as SOAR, but not really competing with the SOAR you're thinking of. This is much more focused on pure DevOps/Cloud-first startup-style environments.
  4. Daniel Miessler joins Robinhood as Head of Vulnerability Management and Application Security
    Daniel Miessler is a very visible thought leader in the industry, so it's worth a mention when he starts a new gig. Especially interesting is that he (like many, many others) has been critical of Robinhood in the past, but took down a blog post he wrote last fall. http://web.archive.org/web/20201127174713/https://danielmiessler.com/blog/why-robinhood-is-dangerous-for-new-investors/ Overall, I see it as a positive development and I hope he can have some positive influence and impact on not just the security of the company and product, but on the company's ethics as well.

Paul Asadoorian

  1. Tigera addresses growing demand for security of containers, Kubernetes, and microservices – Help Net Security
    I need this single pane of glass, I'm not sure why, but I want it (I think?): "Calico provides automated capabilities to deliver an easy-to-understand and action-oriented view of Kubernetes networking, security and application layer that can be used to quickly resolve performance hotspots and troubleshoot connectivity issues. It provides a single pane of glass across multi-cluster and multi-cloud Kubernetes environments to deploy a standard set of egress access controls, enforce security policies for compliance, and observe and troubleshoot applications."
  2. Baffle raises $20M to secure cloud data – Help Net Security
    Oh right, so here's $20 million: "Baffle’s no-code, simple-to-deploy security mesh takes a data-centric approach at cloud scale without a performance impact or changes to applications."
  3. iboss adds new features to its Cloud Platform to give organizations more visibility and control – Help Net Security
  4. SailPoint Workflows enables customers to automate security tasks with no coding required – Help Net Security
    "Automate use cases like event-driven certifications and custom approvals through APIs and event triggers, Accelerate innovation with easy drag-and-drop builder through no-code workflow, decreasing runtime and freeing up team power to focus on forward-looking projects, Connect to other SaaS applications, enabling a broad range of capabilities across a company’s technology ecosystem, Integrate into a customer’s cloud environment and SailPoint’s partner network" - This is hard as you have to have the right integrations with the right features and allow the user to tie it all together. I think we're getting closer, however, I also believe you will need people on staff that can write code to make it all work, at least for a while...
  5. CVSS Scores: A Practical Guide for Application
    I can't see filling out the CVSS scoring form for each vulnerability in your environment. You really need a tool that will do that for you, based on generalized inputs to the system, or variables that can be inferred or discovered. For example, whether or not an asset is exposed to the Internet, whether or not the vulnerable application is being used and how much and how many instances of it do I have in the environment? I also believe you need a list, or a way to flag certain vulnerabilities, based on external factors, these you just patch. Vulnerabilities in Windows (like the recent string of print spooler vulnerabilities), select VPN appliance vulnerabilities, the recent sudo vulnerability, should just be fast-tracked regardless of CVSS score or environmental factors.
  6. API Security 101: Security Misconfiguration
    "Security misconfigurations are a constant threat against both APIs and non-API applications alike." - These often slip through the cracks, because often they are not in the code, but in the configuration. Web server configuration is often overlooked by developers, which is why I'm a huge fan of having a more well-rounded team so you can constantly evaluate security and improve security processes.
  7. Praetorian Launches GoKart – an Open Source Security Scanner for Go
    "GoKart puts Go code into single static assignment (SSA) form, structuring every value computed by the program as an assignment to a unique variable. SSA is used in compilers for optimization, and in a security context it helps trace the source of data used as input. Being able to follow data as it flows through a program, weaving in and out of objects and modules, is one of GoKart's primary features, and what makes GoKart so powerful."
  8. Digital Shadows launches two premium professional services streams
    "Takedowns-as-a-service is another part of this portfolio – especially for teams that don't have the time or expertise to launch and manage takedowns effectively. With an average of 1,100 impersonating domains registered against them each year, clients can ensure that malicious domains get taken down, and remain taken down. Digital Shadows custom intelligence provides additional threat intelligence tools for specific strategic or tactical requirements. This includes reporting into a VIP's exposure, tactical investigations into a suspicious domain, and deep investigations into an emerging tactic."
Show More

Stay in the Know, No Smoke and Mirrors – Join Our Newsletter

Get expert insights and technical breakdowns straight to your inbox.
Join Now

Related Episodes

Related Content

You can skip this ad in 5 seconds