Humanizing Security Operations – Allie Mellen – ESW #239
The security industry spends a lot of time talking about the tools of the SOC, especially around making the SOC more 'autonomous'. But is this really what we need?
Allie is also presenting "How to effectively manage XDR" at Maintaining Endpoint Security: New opportunities and new risks (SC Media Virtual Event) on August 24, 2021. Register Now: https://www.scworld.com/virtual-conference/maintaining-endpoint-security-new-opportunities-and-new-risks
Segment Resources: https://go.forrester.com/blogs/stop-trying-to-take-humans-out-of-security-operations/ https://go.forrester.com/blogs/ransomware-survive-by-outrunning-the-guy-next-to-you/ https://go.forrester.com/blogs/xdr-faq-frequently-asked-questions-on-extended-detection-and-response/ https://go.forrester.com/blogs/top-5-lies-security-vendors-tell-about-the-siem/
Allie Mellen is a Forrester analyst covering security operations, nation-state threats, and the use of automation, machine learning, and AI in security tools. She has been in the technology industry for over a decade in various engineering roles: doing research at MIT, running her own engineering consultancy, and being a hacker before finally becoming a security practitioner. She now advises Fortune 500 CISOs and security teams on their detection and response practice and frequently speaks at industry-leading events and with the press.
InfoSec World 2021 is proud to announce its keynote lineup for this year’s event! Hear from Robert Herjavec plus heads of security at the NFL, TikTok, U.S. Department of Homeland Security, Stanford University, and more… Plus, Security Weekly listeners save 20% on Digital Pass registration! Visit https://securityweekly.com/isw2021 to register now!
Cybersecurity Tips & Challenges in the Hybrid Work Era – Darren Guccione – ESW #239
As organizations shift to respond to an ever-changing landscape of cybersecurity challenges, cybercriminals are trying to stay one step ahead. The last two years have brought an explosion of ransomware attacks and other cybersecurity threats that prey on existing security weaknesses and vulnerabilities that opened when moving to a remote or hybrid work environment. Our discussion will include ways to combat these threats, as well as learning to boost your existing cybersecurity policies and infrastructure.
This segment is sponsored by Keeper Security.
Visit https://securityweekly.com/keepersecurity to learn more about them!
Darren Guccione is the CEO and co-founder of Keeper Security, a leading provider of cloud-based zero-trust and zero-knowledge cybersecurity software designed to protect passwords, passkeys, secrets, connections and privileged access.
Darren drives the product vision, global strategy, customer experience, marketing and business development at Keeper. Under his leadership, the company has solidified its position as a market leader, advanced its enterprise and consumer product offerings and achieved significant global growth. Keeper’s FedRAMP and StateRAMP Authorizations enable it to effectively serve public sector organizations alongside commercial enterprises and consumers.
Darren has co-founded other successful ventures and advised industry-leading companies. In addition to Keeper, he co-founded Callpod, Inc. and OnlyWire, LLC. He also served as an advisor to NinthDecimal, formerly known as JiWire, the leading media and technology service provider for the Wi-Fi industry and as CFO and co-founder of Apollo Solutions, Inc., (acquired by CNET Networks; now CBS Interactive). Darren holds a master’s degree from the Kellstadt Graduate School of Business at DePaul University and a Bachelor of Science in Industrial and Mechanical Engineering from the University of Illinois at Urbana-Champaign.
CyberRisk Alliance, in partnership with InfraGard, has launched the Critical Infrastructure Resilience Benchmark study. Measure your readiness for ransomware by completing the survey and getting your score. Visit https://securityweekly.com/CIRB to take the survey
New iboss Features, CVSS Scores, Praetorian GoKart, & Anti Anti-Money Laundering – ESW #239
This week In the Enterprise News, iboss adds features to its Cloud Platform for visibility and control, SailPoint Workflows enable customers to automate security tasks, Digital Shadows launches two premium services streams, Praetorian launches and Open Source security scanner, Tigera addresses demand for security of containers and Kubernetes, API Security 101, CVSS scores, and more!
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
In an overabundance of caution, we have decided to flip this year’s SW Unlocked to a virtual format. The safety of our listeners and hosts is our number one priority. We will miss seeing you all in person, but we hope you can still join us at Security Weekly Unlocked Virtual! The event will now take place on Thursday, Dec 16 from 9am-6pm ET. You can still register for free at https://securityweekly.com/unlocked.
Adrian Sanabria
- TOOLS: New Anti Anti-Money Laundering Services for Crooks – Krebs on SecuritySo normally, when we mention tools, they're for defenders. In this case, this is a tool to help cybercriminals avoid airing their dirty laundry to law enforcement while laundering their criminal proceeds.
- MERGER: Norton and Avast are merging into an $8 billion antivirus empireClose your eyes and imagine this: It's February 2005 and you read the headline: "Hollywood Video and Blockbuster are merging into a video rental empire!". What are your immediate thoughts, given you have 16 years of hindsight on the outcome for both those businesses? The real kicker? The big concern wasn't Netflix, it was whether the FTC would allow it, citing anti-trust concerns! I'm betting the press release definitely won't mention the fact that they're representing the absolute bottom, gutter end of low-margin, discounted, shrinking consumer cybersecurity software. Symantec has been on a rollercoaster - first with the split from Veritas in 2014 when they also combined with Blue Coat and shuffled the exec team. Then, in 2019, the company was split into consumer and enterprise, with the consumer side becoming Norton LifeLock and the enterprise side going to Broadcom, which consumed Computer Associates a while back.
- ACQUISITION: Sophos Acquires Refactr to Optimize Managed Threat Response (MTR) and Extended Detection and Response (XDR) with Security Orchestration Automation and Response (SOAR) CapabilitiesPitched as SOAR, but not really competing with the SOAR you're thinking of. This is much more focused on pure DevOps/Cloud-first startup-style environments.
- Daniel Miessler joins Robinhood as Head of Vulnerability Management and Application SecurityDaniel Miessler is a very visible thought leader in the industry, so it's worth a mention when he starts a new gig. Especially interesting is that he (like many, many others) has been critical of Robinhood in the past, but took down a blog post he wrote last fall. http://web.archive.org/web/20201127174713/https://danielmiessler.com/blog/why-robinhood-is-dangerous-for-new-investors/ Overall, I see it as a positive development and I hope he can have some positive influence and impact on not just the security of the company and product, but on the company's ethics as well.
Paul Asadoorian
- Tigera addresses growing demand for security of containers, Kubernetes, and microservices – Help Net SecurityI need this single pane of glass, I'm not sure why, but I want it (I think?): "Calico provides automated capabilities to deliver an easy-to-understand and action-oriented view of Kubernetes networking, security and application layer that can be used to quickly resolve performance hotspots and troubleshoot connectivity issues. It provides a single pane of glass across multi-cluster and multi-cloud Kubernetes environments to deploy a standard set of egress access controls, enforce security policies for compliance, and observe and troubleshoot applications."
- Baffle raises $20M to secure cloud data – Help Net SecurityOh right, so here's $20 million: "Baffle’s no-code, simple-to-deploy security mesh takes a data-centric approach at cloud scale without a performance impact or changes to applications."
- iboss adds new features to its Cloud Platform to give organizations more visibility and control – Help Net Security
- SailPoint Workflows enables customers to automate security tasks with no coding required – Help Net Security"Automate use cases like event-driven certifications and custom approvals through APIs and event triggers, Accelerate innovation with easy drag-and-drop builder through no-code workflow, decreasing runtime and freeing up team power to focus on forward-looking projects, Connect to other SaaS applications, enabling a broad range of capabilities across a company’s technology ecosystem, Integrate into a customer’s cloud environment and SailPoint’s partner network" - This is hard as you have to have the right integrations with the right features and allow the user to tie it all together. I think we're getting closer, however, I also believe you will need people on staff that can write code to make it all work, at least for a while...
- CVSS Scores: A Practical Guide for ApplicationI can't see filling out the CVSS scoring form for each vulnerability in your environment. You really need a tool that will do that for you, based on generalized inputs to the system, or variables that can be inferred or discovered. For example, whether or not an asset is exposed to the Internet, whether or not the vulnerable application is being used and how much and how many instances of it do I have in the environment? I also believe you need a list, or a way to flag certain vulnerabilities, based on external factors, these you just patch. Vulnerabilities in Windows (like the recent string of print spooler vulnerabilities), select VPN appliance vulnerabilities, the recent sudo vulnerability, should just be fast-tracked regardless of CVSS score or environmental factors.
- API Security 101: Security Misconfiguration"Security misconfigurations are a constant threat against both APIs and non-API applications alike." - These often slip through the cracks, because often they are not in the code, but in the configuration. Web server configuration is often overlooked by developers, which is why I'm a huge fan of having a more well-rounded team so you can constantly evaluate security and improve security processes.
- Praetorian Launches GoKart – an Open Source Security Scanner for Go"GoKart puts Go code into single static assignment (SSA) form, structuring every value computed by the program as an assignment to a unique variable. SSA is used in compilers for optimization, and in a security context it helps trace the source of data used as input. Being able to follow data as it flows through a program, weaving in and out of objects and modules, is one of GoKart's primary features, and what makes GoKart so powerful."
- Digital Shadows launches two premium professional services streams"Takedowns-as-a-service is another part of this portfolio – especially for teams that don't have the time or expertise to launch and manage takedowns effectively. With an average of 1,100 impersonating domains registered against them each year, clients can ensure that malicious domains get taken down, and remain taken down. Digital Shadows custom intelligence provides additional threat intelligence tools for specific strategic or tactical requirements. This includes reporting into a VIP's exposure, tactical investigations into a suspicious domain, and deep investigations into an emerging tactic."
