Large Stacks – ESW #241
Full Audio
View Show IndexSegments
1. Transparency in Large Supply Chains – Philippe Lafoucrière – ESW #241
GitLab is unique in many ways, but our transparency value is pushing us to mature our Security posture faster than attackers. Discover how GitLab iterates quickly to adapt to a world where everyone can contribute.
Segment Resources:
https://about.gitlab.com/handbook/values/#transparency
This segment is sponsored by GitLab.
Visit https://securityweekly.com/gitlab to learn more about them!
Announcements
InfoSec World 2021 is proud to announce its keynote lineup for this year’s event! Hear from Robert Herjavec plus heads of security at the NFL, TikTok, U.S. Department of Homeland Security, Stanford University, and more… Plus, Security Weekly listeners save 20% on Digital Pass registration! Visit https://securityweekly.com/isw2021 to register now!
Guest
Philippe Lafoucriere is a Distinguished Security Engineer at GitLab.
Before joining GitLab, Philippe was the founder and CEO of Gemnasium, a SaaS company that helped developers mitigate security vulnerabilities in open source code. Gemnasium was acquired by GitLab to implement robust security scanning functionality natively into GitLab’s CI/CD pipelines.
Hosts
2. Putting the “R” in the NDR – John Smith – ESW #241
It's time to think more broadly about the R in NDR. Incident responders need a full spectrum of response–from hunting and investigations to remediation–not just another alert cannon. While blocking and containment are important steps, complete incident response is about gathering forensic evidence, sharing it across teams to establish root cause, pulling together an actionable plan, and eradicating the risk or vulnerability from the organization’s environment. ExtraHop's Principal Engineer John Smith joins Security Weekly to discuss.
Segment Resources:
ExtraHop Extends Response and Forensics Capabilities with Deep Threat Insights for Hybrid Cloud https://www.extrahop.com/company/press-releases/2021/revealx-360-innovations/?uniqueid=FJ07532845&utmsource=security-weekly&utmmedium=podcast&utmcampaign=2021-q3-security-weekly-pr-resource&utmcontent=press-release&utmterm=no-term&utmregion=global&utmproduct=security&utmfunnelstage=top&utm_version=no-version
ExtraHop free and interactive demo https://www.extrahop.com/demo/?uniqueid=AN07532846&utmsource=security-weekly&utmmedium=podcast&utmcampaign=2021-q3-security-weekly-demo&utmcontent=demo&utmterm=no-term&utmregion=global&utmproduct=security&utmfunnelstage=top&utm_version=no-version
This segment is sponsored by ExtraHop Networks.
Visit https://securityweekly.com/extrahop to learn more about them!
Announcements
In an overabundance of caution, we have decided to flip this year’s SW Unlocked to a virtual format. The safety of our listeners and hosts is our number one priority. We will miss seeing you all in person, but we hope you can still join us at Security Weekly Unlocked Virtual! The event will now take place on Thursday, Dec 16 from 9am-6pm ET. You can still register for free at https://securityweekly.com/unlocked.
Guest
John Smith has over twenty years’ experience in IT and Security, including eighteen years as a practitioner before joining ExtraHop. John is a frequent speaker on podcasts and webinars, and has delivered talks at conferences like RSAC and multiple B-Sides events. His experience includes securing and architecting the US Centers for Disease Control’s Pandemic Response and Telework solution in 2007 and pioneering data-driven analytics and investigations.
Hosts
3. “Lift & Drag”, BeyondTrust, Absolute DataExplorer, & RDP Exploits – ESW #241
This week in the Enterprise News, "inertia in cybersecurity strategy", Check Point acquires Avanan, Absolute DataExplorer, BreachQuest Launches with $4.4m in seed funding, Acronym Bingo, & More!!!
Announcements
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
Hosts
- 1. Comcast Business to Acquire Masergy, a Pioneer in Software-Defined Networking and Cloud Platforms
- 2. Elastic and Cmd Join Forces to Help Customers Take Command of Their Cloud Workloads
- 3. Incident Response Firm BreachQuest Launches With $4.4 Million in Seed Funding
- 4. IronNet Completes Business Combination with LGL Systems Acquisition Corp.
- 5. Check Point Software Technologies Acquires Avanan, the fastest growing cloud email and collaboration security company, to redefine security for cloud email
- 1. ThycoticCentrify Enhances DevOps Security with Certificate-Based Authentication and Configurable Time-to-Live for All Cloud Platforms" The latest version offers certificate-based authentication and the ability to configure Time-to-Live (TTL) for secrets, leading to even tighter DevOps security and easier management."
- 2. LogPoint Acquires SecBI to Add SOAR and XDR Platforms"LogPoint, a provider of security information event management (SIEM) platform and user behavior analytics tools, today revealed it has acquired SecBI, a provider of an integrated security orchestration and automated response (SOAR) and extended detection and response (XDR) platform." - Check the boxes on acronym bingo.
- 3. D3 Security raises $10M to accelerate advancement of its next-generation SOAR platform"D3’s SOAR platform helps many of the world’s most sophisticated security teams integrate their security tools, eliminate time-consuming tasks via automation, and orchestrate lightning-fast responses to threats."
- 4. Query.AI’s enhancements drive efficiencies in cybersecurity investigations"The Query.AI platform serves as a connective tissue that delivers federated search to conduct investigations across data silos and eliminates the antiquated approach of universal data centralization."
- 5. Absolute Software : Announces General Availability of Absolute DataExplorerKinda neat how it lives in firmware, we always talk about bad things that could live in firmware, this is a legit tool that lives in firmware: "Anchored by its firmware-embedded Persistence® capabilities residing in more than 500 million endpoints, Absolute provides an undeletable digital tether to every device - enabling customers to maintain enhanced visibility across their device fleets and reliably monitor critical hardware and software information."
- 6. Privileged Remote Access Version 21.2 Introduces BYOT for SSH, UI Enhancements, & More"With this release, Privileged Remote Access enables organizations to properly manage and inject credentials managed by Azure AD Domain Services. Administrators can now leverage the Secure Remote Access Vault to rotate account credentials managed by Azure Active Directory Domain Services"
- 7. BeyondTrust Labs Report Demonstrates Removing Admin Rights and Implementing Application Controls Highly Effective in Preventing Malware"Removal of admin rights and implementation of pragmatic application control are two of the most effective security controls for preventing and mitigating the most common malware threats." - Agree?
- 8. Lift and drag: confronting complacency and disrupting inertia in cybersecurity strategy"Psychological inertia, as it is known in medical literature, is prevalent in workplace change management because committing to the changes necessary to achieve higher-level objectives causes individuals to feel anxiety and fear. So, even though the workforce acknowledges the security benefits of a Zero Trust model, they resist the necessary changes in their daily routine." - This is so common! "In fact, most wildly successful organizations can point to one or more significant disruptions that served as the catalyst to overcome status quo bias and drive innovation." - I've always said you have to scramble a few eggs to make an omelet...
- 9. Exploiting CVE-2018-13379 – A Case Study"Successfully authenticated user credentials were saved, in plaintext, to this file. Any unauthenticated visitor could exploit the vulnerability to retrieve this file and collect plaintext credentials." - Why can't we just patch this? Did we not know it existed or we knew and got pushback? "The primary method of access and lateral movement was through the VPN and Remote Desktop Protocol (RDP)." - Curious if MFA could be implemented system-wide for RDP connections as I believe this is possible, not expensive, and not a huge inconvenience. "Four months into the incident, PsExec was run from a VPN source IP to create a scheduled task on domain controllers." - This should generate an alert, also curious how common this is for legitimate admins or software to create a scheduled task on a domain controller...