410 avsnitt • Längd: 95 min • Månadsvis
News, analysis, and insights into enterprise security. We put security vendors under the microscope, and explore the latest trends that can help defenders succeed. Hosted by Adrian Sanabria. Co hosts: Katie Teitler-Santullo, Darwin Salazar.
The podcast Enterprise Security Weekly (Audio) is created by Security Weekly Productions. The podcast and the artwork on this page are embedded on this page using the public podcast feed (RSS).
Celebrating and Elevating Women in Cyber: Recently, International Women in Cyber Day (September 1) highlighted the ongoing challenges women face in the cybersecurity field, as well as the progress made in recent years. Women bring exceptional skills and knowledge to cybersecurity; however, it is estimated that they make up only 20% to 25% of the cybersecurity workforce—a percentage that has remained stagnant for years. Even more concerning, women often hit a glass ceiling just six to ten years into their cybersecurity careers. Lynn Dohm sheds light on these issues and emphasizes what the industry needs to focus on to continue celebrating and elevating women in cyber.
Segment Resources:
This week, we've added an extra news segment just on AI. Not because we wanted to, but because the news cycle has bludgeoned us into it. My mom is asking about Chinese AI, my neighbor wants to know why his stocks tanked, my clients want to know how to prevent their employees from using DeepSeek, it's a mess.
First, a DeepSeek primer, so we can make sure all Enterprise Security Weekly listeners know what they need to know. Then we get into some other AI news stories.
DeepSeek PrimerI think the most interesting aspect of the DeepSeek announcements is the business/market impact, which isn't really security-related, but could have some impact on security teams. By introducing models that are cheaper to train, sell access to, and less demanding to run on systems, DeepSeek has opened up more market opportunities. That means we'll see generative AI used in markets and ways that didn't make sense before, because it was too expensive.
Another aspect that's really confusing is what DeepSeek is or does. For the most part, when someone says "DeepSeek", they could be referring to:
From a security perspective, there's little to no operational risk around downloading and using the models, though they're likely to get banned, so companies could get in trouble for using them. As for the app, API, or SaaS service, assume everything you type into them is getting collected by China (so, significantly less safe, probably no US companies should do this).
But because these services are crazy cheap right now, I wouldn't be surprised if some suppliers and third parties will start using DeepSeek - if your third party service provider is using DeepSeek behind the scenes with your data, you still have problem #2, so best to ensure they're not doing this through updated contract language and call to confirm that they're not currently doing it (can take a while to get a new contract in place).
This week in the enterprise security weekly news, we discuss
All that and more, on this episode of Enterprise Security Weekly!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-392
HackerOne's co-founder, Michiel Prins walks us through the latest new offensive security service: AI red teaming.
At the same time enterprises are globally trying to figure out how to QA and red team generative AI models like LLMs, early adopters are challenged to scale these tests. Crowdsourced bug bounty platforms are a natural place to turn for assistance with scaling this work, though, as we'll discuss on this episode, it is unlike anything bug hunters have ever tackled before.
Segment Resources:
This interview is a bit different from our norm. We talk to the founder and CEO of OpenVPN about what it is like to operate a business based on open source, particularly through trying times like the recent pandemic. How do you compete when your competitors are free to build products using your software and IP? It seems like an oxymoron, but an open source-based business actually has some significant advantages over the closed source commercial approach.
In this week's enterprise security news,
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-391
Today's data landscape is undergoing a seismic shift with increasing regulatory pressures, rapid acceleration to the cloud, and AI adoption. Join BigID's CEO and Co-Founder, Dimitri Sirota, to learn how organizations can adopt a holistic approach to their data security and compliance strategy to keep up with the revolution in data, transforming their data into a competitive advantage.
This segment is sponsored by BigID! Start protecting your sensitive data wherever your data lives at https://securityweekly.com/bigid.
I've been so excited to see the external attack surface management (EASM) market take off in the past few years. This market category focuses exclusively on security issues exposed to the public Internet - issues ANYONE can see.
All organizations have exposure management problems, but industries that are traditionally underfunded when it comes to cybersecurity and IT are particularly worse off. We see breaches in these industries every day - industries like manufacturing, healthcare, and education. Of course, exposure issues don't stop at the network boundary - all organizations have internal exposures to worry about as well.
With all the breaches we see every week, we've become somewhat desensitized to them. Is it possible to address even just the most critical exposures (a fraction of 1% of all vulnerabilities) in one of the most underfunded industries? In this episode, we dive into how a small school system in New Mexico took on this challenge.
This week in the enterprise news - Cymulate acquires CYNC Secure, Tidal Cyber acquires Zero-Shot, Amazon ransomware attack, and more!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-390
We're thrilled to have Frank Duff on to discuss threat-informed defense. As one of the MITRE folks that helped create MITRE ATT&CK and ATT&CK evaluations, Frank has been working on how best to define and communicate attack language for many years now. The company he founded, Tidal Cyber is in a unique position to both leverage what MITRE has built with ATT&CK and help enterprises operationalize it.
Segment Resources:
We're a fan of hacker lore and history here at Security Weekly. In fact, Paul's Security Weekly has interviewed some of the most notable (and notorious) personalities from both the business side of the industry and the hacker community.
We're very excited to share this new effort to document hacker history through in-person interviews. The series is called "Where Warlocks Stay Up Late", and is the creation of Nathan Sportsman and other folks at Praetorian. The timing is crucial, as a lot of the original hackers and tech innovators are getting older, and we've already lost a few.
References:
In this latest Enterprise Security Weekly episode, we explored some significant cybersecurity developments, starting with Veracode’s acquisition of Phylum, a company specializing in detecting malicious code in open-source libraries. The acquisition sparked speculation that it might be more about Veracode staying relevant in a rapidly evolving market rather than a strategic growth move, especially given the rising influence of AI-driven code analysis tools. We also covered One Password's acquisition of a UK-based shadow IT detection firm, raising interesting questions about their expansion into access management. Notably, the deal involved celebrity investors like Matthew McConaughey and Ashton Kutcher, suggesting a trend where Hollywood influence intersects with cybersecurity branding.
A major highlight was the Cyber Haven breach, where a compromised Chrome extension update led to stolen credentials. The attack was executed through a phishing campaign disguised as a Google policy violation warning. To their credit, Cyber Haven responded swiftly, pulling the extension within two hours and maintaining transparency throughout. This incident underscored broader concerns around the poor security of browser extensions, an issue that continues to be exploited due to lax marketplace oversight.
We also reflected on Corey Doctorow's concept of "Enshittification," critiquing platforms that prioritize profit and engagement metrics over genuine user experiences. His decision to disable vanity metrics resonated, especially considering how often engagement numbers are inflated in corporate settings. The episode wrapped with a thoughtful discussion on how CISOs can say "no" more effectively, emphasizing "yes, but" strategies and the importance of consistency. We also debated the usability frustrations of "magic links" for authentication, arguing that simpler alternatives like passkeys or multi-factor codes could offer a better balance between security and convenience.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-389
Since D3FEND was founded to fill a gap created by the MITRE ATT&CK Matrix, it has come a long way. We discuss the details of the 1.0 release of D3FEND with Peter in this episode, along with some of the new tools they've built to go along with this milestone.
To use MITRE's own words to describe the gap this project fills:
"it is necessary that practitioners know not only what threats a capability claims to address, but specifically how those threats are addressed from an engineering perspective, and under what circumstances the solution would work"
Segment Resources:
In the enterprise security news,
All that and more, on this episode of Enterprise Security Weekly
As we wrap up the year, we have an honest discussion about how important security really is to the business. We discuss some of Katie's predictions for AppSec in 2025, as well as "what sucks" in security!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-388
For our second year now, Mike Privette, from Return on Security and the Security, Funded newsletter joins us to discuss the year's highlights and what's to come in the next 12 months.
In some ways, it has been a return to form for funding, though some casualties of a tough market likely had to seek acquisition when they might have otherwise raised another round and stayed independent a while longer. We'll cover some stats, talk 2025 IPO market, and discuss the likelihood of (already) being in another bubble, particularly with regards to the already saturated AI security market.
It won't be all financial trends though, we'll discuss some of the technical market trends, whether they're finding market fit, and how ~50ish AI SOC startups could possibly survive in such a crowded space.
In this segment, we discuss two new FIDO Alliance standards focused on credential portability. Specifically, if passwordless is going to catch on, we need to minimize friction and maximize usability. In practice, this means that passkeys must be portable!
Rew Islam of Dashlane joins us to discuss the new standards and how they'll help us enter a new age of secure authentication, both for consumers and the enterprise.
Segment Resources:
This week, in the enterprise security news,
NOTE: We didn't get to 2, 3, 5, or 7 due to some technical difficulties and time constraints, but we'll hit them next week! The show notes have been updated to reflect what we actually discussed this week: https://www.scworld.com/podcast-segment/13370-enterprise-security-weekly-387
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-387
In this final installment of a trio of discussions with Theresa Lanowitz about Cyber Resilience, we put it all together and attempt to figure out what the road to cyber resilience looks like, and what barriers security leaders will have to tackle along the way. We'll discuss:
Also, be sure to check out the first two installments of this series!
This segment is sponsored by LevelBlue. Visit https://securityweekly.com/levelblue to learn more about them!
When focused on cybersecurity through a vulnerability management lens, it's tempting to see the problem as a race between exploit development and patching speed. This is a false narrative, however. While there are hundreds of thousands of vulnerabilities, each requiring unique exploits, the number of post-exploit actions is finite. Small, even.
Although Log4j was seemingly ubiquitous and easy to exploit, we discovered the Log4Shell attack wasn't particularly useful when organizations had strong outbound filters in place.
Today, we'll discuss an often overlooked advantage defenders have: mitigating controls like traffic filtering and application control that can prevent a wide range of attack techniques.
This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them!
This week, in the enterprise security news,
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-386
Check out this episode from the ESW Vault, hand picked by main host Adrian Sanabria! This segment was originally published on December 22, 2023.
We're excited to give an end-of-year readout on the performance of the cybersecurity industry with Mike Privette, founder of Return on Security and author of the weekly Security, Funded newsletter. This year, this podcast has leaned heavily on the Security, Funded newsletter to prep for our news segment, as it provides a great summary of all the funding and M&A events going on each week.
In this segment, we look back at 2023, statistics for the year, comparisons to 2022, interesting insights, predictions, and more!
Segment Resources:
Mike's blog; Return on Security: https://www.returnonsecurity.com/ Mike's newsletter; Security, Funded: https://www.returnonsecurity.com/subscribe
Show Notes: https://securityweekly.com/vault-esw-17
This is a topic our hosts are very passionate about, and we're excited to discuss with Mariana Padilla, co-founder and CEO of Hackerverse. She wants to change how cybersecurity sales works, with a focus on making the process more transparent and ideally demonstrating a product's efficacy before buyers even need to talk to a sales team.
We'll discuss why existing sales processes are broken, how VC funding impacts vendor sales/marketing, and why community-led growth is so important.
Why a special segment on Microsoft Ignite announcements?
In the enterprise security news,
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-385
There have been a lot of bold claims about how generative AI and machine learning will transform the SOC. Ironically, the SOC was (arguably) invented only because security products failed to make good on bold claims. The cybersecurity market is full of products that exist only to solve the problems created by other security products (Security Analytics, SOC Automation, Risk-Based Vulnerability Management).
Other products are natural evolutions and pick up where others leave off. In this interview, we'll explore what AI can and can't do, particularly when it comes to alert triage and other common SOC tasks.
Segment Resources:
Naturally, the next approach to try is a federated one. How do we break down cybersecurity into more bite-sized components? How do we alleviate all this CISO stress we've heard about, and make their job seem less impossible than it does today?
This will be a more standards and GRC focused discussion, covering:
This week in the enterprise security news,
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-384
CISOs struggle more with reactive budgets than CIOs or CTOs. It's not that part of the CISO's budget shouldn't be reactive, it's certainly necessary to an extent. The problem is when proactive measures suffer as a result. In this interview, we'll discuss some of the causes behind this and some strategies for breaking out of this loop.
This segment is sponsored by LevelBlue. Visit https://securityweekly.com/levelblue to learn more about them!
Is it a product or a feature? Is it DLP 4.0, or something legitimately new? Buy now, or wait for further consolidation?
There are SO many questions about this market. It's undeniably important - data hygiene and governance continues to be a frustrating mess in many organizations, but is this the solution? We'll discuss with Todd to find out.
In the enterprise security news,
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-383
The future is here! Imagine if you could get into the office, a datacenter, or even an apartment building as easily as you unlock your smartphone. Alcatraz AI is doing exactly that with technology that works similarly to how smartphones unlock using your face. It works in the dark, if you shave off your beard, and so quickly you don't even need to slow down for the scan - you can just keep on walking.
We don't often cover physical security, so this interview is going to be a treat for us. There are SO many questions to ask here, particularly for our hosts who have done physical penetration tests, social engineering, and tailgating in the past to get past physical security measures.
This week, in the enterprise security news:
All that and more, on this episode of Enterprise Security Weekly.
Segment description coming soon!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-382
Ever heard someone say, "the attacker only has to be right once, but the defender has to get it right every time"? On this episode, we'll dispel that myth. There is some truth to the saying, but only with regards to initial access to the target's environment. Once on the inside, the attacker's advantage flips to the defender. Call it the 'Home Alone' effect. Or the Goonies effect? Die Hard? So many movie metaphors work here!
The conversation isn't just about setting traps for attackers, however, there's also a conversation to have about fundamentals and ensuring practitioners are prepared for whatever attackers might throw at them. This segment is inspired by the essay from Lenny by the same name: Transform the Defender’s Dilemma into the Defender’s Advantage
The vast majority of the folks working polls and elections are volunteers. This creates a significant training challenge. Not only do they have to learn how to perform a complex and potentially stressful job in a short amount of time (most training is one day or less), cybersecurity-related concerns are usually not included for individual poll location and election workers.
Kirsten Davies has a passion project that attempts to solve this, with some concise, accessible, and straightforward training material. It is made available through two PDFs on her new organization's website, instituteforcybercivics.org.
Customer Identity is everywhere. It's powering secure experiences for billions - enabling people to check their luggage at the airport, watch their favorite Major League Soccer games, or take their favorite Peloton class. Because it’s everywhere, threat actors now see customer identity as a path to financial gain. Bots now make up nearly 50% of all internet traffic and are being used to steal sign-up bonuses or breach accounts. And cybercriminals are bypassing the login box completely, stealing authenticated session cookies at record rates. Bhawna Singh. Chief Technology Officer of Customer Identity Cloud at Okta joins host Mandy Logan, from Security Weekly, to discuss the current state of customer identity, what developers need to know about securing their applications and what Okta is doing to help developers build applications that decipher a human from a bot.
Segment Resources: https://www.okta.com/oktane/ https://www.okta.com/press-room/press-releases/okta-helps-builders-easily-implement-auth-for-genai-apps-secure-how/
Whether it’s phishing techniques, password spraying, or social engineering, security leaders today are constantly needing to see past blindspots, educate their workforces, and rethink the enterprise security checklist. Many companies, like Okta, are finding ways to incorporate security within their company culture, as every employee has a role to play in keeping a company secure. Charlotte Wylie, Deputy CSO at Okta, joins Security Weekly's Mandy Logan to discuss what security leaders are being challenged with today when it comes to securing their workforce and from experience with implementing Okta’s Secure Identity Commitment how companies can be prioritizing security within their culture to help prevent threat actors from taking advantage of the weakest link.
Segment Resources: https://www.okta.com/blog/2024/08/how-okta-fosters-a-security-culture/ https://www.okta.com/press-room/press-releases/okta-openid-foundation-tech-firms-tackle-todays-biggest-cybersecurity/
This segment is sponsored by Oktane. Visit https://securityweekly.com/oktane2024 and use discount code OKTNSC24 to pay only $100 for your full conference pass!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-381
Secure by design is more than just AppSec - it addresses how the whole business designs systems and processes to be effective and resilient. The latest report from LevelBlue on Cyber Resilience reveals security programs that are reactive, ill-equipped, and disconnected from IT and business leaders.
Most security problems are out of security teams' hands. Addressing them requires input, buy-in, and action from business leaders and IT. Security cannot afford to be separate from the rest of the organization.
In this interview, we'll discuss how we could potentially solve some of these issues with Theresa Lanowitz from LevelBlue.
Segment Resources:
This segment is sponsored by LevelBlue. Visit https://securityweekly.com/levelblue to learn more about them!
Implementing SASE can be tricky and onerous, but it doesn't have to be. Today, we discuss Unified SASE as a Service with Renuka Nadkarni, Chief Product Officer at Aryaka. Particularly, how can Unified SASE make both networking and security more flexible and agile?
IT and security professionals need to ensure secure and performant applications and data access to all users across their distributed global network without escalating cost, risk or complexity, or sacrificing user experience.
This segment is sponsored by Aryaka. Visit https://securityweekly.com/aryaka to learn more about them!
Finally, in the enterprise security news,
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-380
For this interview, Ben from CyberNest joins us to talk about one of my favorite subjects: information sharing in infosec. There are so many amazing skills, tips, techniques, and intel that security professionals have to share. Sadly, a natural corporate reluctance to share information viewed as privileged and private has historically had a chilling effect on information sharing.
We'll discuss how to build such a community, how to clear the historical hurdles with information sharing, and how to monetize it without introducing bias and compromising the integrity of the information shared.
Aaron was already a skilled bug hunter and working at HackerOne as a triage analyst at the time. What he discovered can't even be described as a software bug or a vulnerability. This type of finding has probably resulted in more security incidents and breaches than any other category: the unintentional misconfiguration.
There's a lot of conversation right now about the grey space around 'shared responsibility'. In our news segment later, we'll also be discussing the difference between secure design and secure defaults. The recent incidents revolving around Snowflake customers getting compromised via credential stuffing attacks is a great example of this. Open AWS S3 buckets are probably the best known example of this problem. At what point is the service provider responsible for customer mistakes? When 80% of customers are making expensive, critical mistakes? Doesn't the service provider have a responsibility to protect its customers (even if it's from themselves)?
These are the kinds of issues that led to Aaron getting his current job as Chief of SaaS Security Research at AppOmni, and also led to him recently finding another common misconfiguration - this time in ServiceNow's products. Finally, we'll discuss the value of a good bug report, and how it can be a killer addition to your resume if you're interested in this kind of work!
Segment Resources:
In the enterprise security news,
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-379
Our latest in a series of interviews discussing cybersecurity career paths, today we talk to Jayson Grace his path into cybersecurity and his experience building red teams at national labs and purple teams at Meta. We also talk about his community impact, giving talks and building open source tools. Jayson just left Meta for an AI safety startup named Dreadnode, which we'll discuss as well.
Segment Resources:
This week in the enterprise security news, we've got:
All that and more, on this episode of Enterprise Security Weekly!
The way we use browsers has changed, so has the way we need to secure them. Using a secure enterprise browser to execute content away from the endpoint, inside a secure cloud browser is a dramatically more effective and cost-effective approach to protect users and secure access.
This segment is sponsored by Menlo Security. Visit https://securityweekly.com/menloisw to learn more about them!
Sevco is a cloud-native vulnerability and exposure management platform built atop asset intelligence to enable rapid risk prioritization, mitigation, validation, and metrics.
Segment Resources: Customer Testimonials: https://www.sevcosecurity.com/testimonials/ Product Videos: https://www.sevcosecurity.com/sevcoshorts/
This segment is sponsored by Sevco Security. Visit https://securityweekly.com/sevcoisw to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-378
The SIEM market has undergone some significant changes this summer. This is a great opportunity to talk about the current state of SIEM! In this conversation, we'll discuss:
Both Seth and Adrian have a long history when it comes to SIEMs, so this conversation will be packed with anecdotes, stories, and lessons learned!
This segment is sponsored by Graylog. Visit https://securityweekly.com/graylog to learn more about them!
We've been hearing a lot lately about how the talent gap in cybersecurity is much more complex than some folks have been making it out to be. While making six figures after going through a six week boot camp might be overselling the cybersecurity job market a bit, it is definitely a complex space with lots of opportunities.
Fortunately, we have folks building passion projects like My Cyber Path. When Jason transitioned into cyber from the military, he took note of the path he took. He also noticed how different the path was for many of his peers. Inspired by NIST NICE and other programs designed to help folks get a start in cyber, he created My Cyber Path.
My Cyber Path has a very organized approach. There are 12 paths outlined, which fall into 4 main areas. After taking a personality test, this tool suggests the best paths for you. Hmmm, this sounds a lot like the sorting hat in Harry Potter, and there are 4 "houses" you could get put into... coincidence?
Segment Resources: My Cyber Path has a free account where people can get matched to a cybersecurity work role based on their interests and personality traits and get access to free areas in the platform without having to save a credit card.
In the Enterprise News, the hosts discuss various trends and challenges in the cybersecurity landscape, including the evolution of terminology, funding trends, the emergence of new startups, and the impact of AI on security practices. They also explore the challenges faced by CISOs, the importance of humor in the industry, and the future of quantum readiness. The conversation highlights the need for clarity in cybersecurity messaging and the potential for consolidation in the market.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-377
A month ago, my friend Wolfgang Goerlich posted a hot take on LinkedIn that is less and less of a hot take these days.
He posted, "our industry needs to kill the phish test",and I knew we needed to have a chat, ideally captured here on the podcast.
I've been on the fence when it comes to phishing simulation, partly because I used to phish people as a penetration tester. It always succeeded, and always would succeed, as long as it's part of someone's job to open emails and read them. Did that make phishing simulation a Sisyphean task? Was there any value in making some of the employees more 'phishing resistant'?
And who is in charge of these simulations? Who looks at a fake end-of-quarter bonus email and says, "yeah, that's cool, send that out."
Segment Resources:
In this episode, we explore some compelling reasons for transitioning from traditional SOAR tools to next-generation SOAR platforms. Discover how workflow automation and orchestration offers unparalleled speed and flexibility, allowing organizations to stay ahead of evolving security threats. We also delve into how advancements in AI are driving this shift, making new platforms more adaptable and responsive to current market demands.
Segment Resources:
This segment is sponsored by Tines. Visit https://securityweekly.com/tines to learn more about them!
This week, the cybersecurity industry's most basic assumptions under scrutiny. Following up our conversation with Wolfgang Goerlich, where he questions the value of phishing simulations, we discuss essays that call into question:
Also some whoopsies:
Fortinet has a breach, but is it really accurate to call it that?
Some Coalfire pentesters that were arrested in Iowa 5 years ago share some unheard details about the event, and how it is still impacting their lives on a daily basis five years later.
The news this week isn't all negative though! We discuss an insightful essay on detection engineering for managers from Ryan McGeehan is a must read for secops managers.
Finally, we discuss a fun and excellent writeup on what happens when you ignore the integrity of your data at the beginning of a 20 year research project that resulted in several bestselling books and a Netflix series!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-376
This week, in the enterprise security news,
We are a month away from Oktane -- the biggest identity event of the year. Okta is bringing thousands of identity industry thought leaders, IT and security executives, and other tech leaders together on October 15-17 to discuss the changing landscape for security and identity, how organizations are putting identity first, new Okta products, and more. Harish Peri, Senior Vice President of Product Marketing, joins Enterprise Security Weekly to discuss what people should expect from Oktane this year, the conversations that will take place at the event and why it’s important for security professionals to attend/tune in.
This segment is sponsored by Oktane. Visit https://securityweekly.com/oktane2024 and use discount code OKTNSC24 to pay only $100 for your full conference pass!
Ever wondered what it's like to be responsible for the cybersecurity of a sports team? How about when that sports team is one of the world's most successful Formula One teams? I can't describe how excited we are to share this interview. This interview is basically two huge F1 nerds who happen to also be cybersecurity veterans asking everything they've always wanted to know about what it takes to secure an F1 team.
For the folks out there that aren't familiar with this sport, Formula One is arguably the fastest, most watched, and most international automotive racing sport today. In the 2024 season, the racing series will feature ten teams traveling to 24 race tracks located in 21 different countries. Also, did you know that only two countries get more than one race? Italy gets to host two Grand Prix, and the United States gets to host three.
A HUGE thanks to Keeper Security and Darren Guccione for making this interview possible. This isn't a sponsored interview, but it was Keeper's PR team that pitched the idea for this interview to us, and as F1 fans, we're super grateful they did!
Segment Resources:
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-375
Check out this episode from the ESW Vault, hand picked by main host Adrian Sanabria! This episode was initially published on April 21 2023.
Quantum computers are scaling rapidly. Soon, they will be powerful enough to solve previously unsolvable problems. But they come with a global challenge: fully-realized quantum computers will be able to break some of the most widely-used security protocols in the world. Dr. Vadim Lyubashevsky will discuss how quantum-safe cryptography protects against this potential future.
Segment Resources:
IBM Quantum Safe: https://www.ibm.com/quantum/quantum-safe IBM scientists help develop NIST’s quantum-safe standards: https://research.ibm.com/blog/nist-quantum-safe-protocols Government and industry experts recommend moving to quantum-safe cryptography: https://research.ibm.com/blog/economist-quantum-safe-replay
Show Notes: https://securityweekly.com/vault-esw-16
The top priority on the CIS Critical Security Controls list has never changed: inventory and control of enterprise assets. Yet it remains one of the most challenging controls to implement, much less master. The refrain, "you can't secure what you don't know about" is as old as information security itself.
Complicating this task is the fact that improving asset management isn't an aspiration unique to the security team. IT, finance, facilities, and other groups within large enterprises are concerned with this as well. This often leads to challenges: should all these groups attempt to standardize on one common asset database or CMDB? Or should security go their own way, and purchase their own asset management tool?
Answering these questions would be a lot easier if we had someone with an IT asset management (ITAM) perspective, and fortunately, we do! Jeremy Boerger of Boerger Consulting joins us to help us understand the IT perspective, so we can understand if there are opportunities for security and IT to help each other out, or at least find some common ground!
Boerger Consulting Resources:
I often say that it isn't the concepts or ideas in cybersecurity that are bad, but the implementations of them. Sometimes the market timing is just wrong and the industry isn't ready for a particular technology (e.g. enterprise browsers). Other times, the technology just isn't ready yet (e.g. SIEMs needed better database technology and faster storage). Since the ideas are solid, we see these concepts return after a few years.
Application allowlisting is one of these product categories. Threatlocker has been around since 2017 and is now a late stage startup that has achieved market fit. We chat with the company's CEO and founder, Danny Jenkins to find out how they learned from the mistakes made before them, and differentiate from the technology some of us remember from the late 2000s and early 2010s.
Segment Resources:
This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them!
In this interview, Maor Bin, CEO and Co-Founder of Adaptive Shield, discusses the evolving landscape of SaaS Security. He highlights the challenges posed by the security gap resulting from the rapid adoption of SaaS applications and why SaaS security is beyond just misconfiguration management.
Segment Resources: https://www.adaptive-shield.com/landing-page/the-annual-saas-security-survey-report-2025-ciso-plans-and-priorities/
This segment is sponsored by Adaptive Shield. Visit https://securityweekly.com/adaptiveshieldbh to download the Annual SaaS Security Survey Report!
Cybersecurity professionals are often confronted with ethical dilemmas that need to be carefully navigated. In 25 years of teaching incident handling and penetration testing, Ed has often been asked by his students for help in ethical decision-making. Ed will share some of their questions and his recommended approaches for addressing them. Ed also has a new book out, The Code of Honor, about cybersecurity ethics. All proceeds go to scholarships for college students.
Segment Resources: 1) Ed's book, published June 18, 2024: https://www.amazon.com/Code-Honor-Embracing-Ethics-Cybersecurity/dp/1394275862/ref=sr11?crid=1DSHPCXDIQ1VT&dib=eyJ2IjoiMSJ9.rmZX2-3mj1nI74iKkjbKkQSNKCuRjjn-QQ8qrzVy21tMRAXuKu5Qr5rPgtszkVd7zJMV7oVTuImUZIxMQfecnaRlNRfAVI5G7azyWi8lY.WHOujvlsQXPTJaHuEafwRC2WVKZe474eVXHn46kLiEY&dib_tag=se&keywords=skoudis&qid=1722767581&sprefix=skoudis%2Caps%2C90&sr=8-1
2) Holiday Hack Challenge - sans.org/holidayhack
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-374
This week, in the enterprise security news,
All that and more, in the news this week on Enterprise Security Weekly!
SquareXWith employees spending most of their working hours on the browser, web attacks are one of the biggest attack vectors today. Yet, both enterprises and security vendors today aren’t focused on securing the browser – a huge risk given that attackers can easily bypass Secure Web Gateways, SASE and SSE solutions.
This segment will demonstrate the importance of a browser-native solution, discuss the limitations of current solutions and how enterprises can better protect their employees from web attacks.
Segment Resources:
This segment is sponsored by Square X. Visit https://securityweekly.com/squarexbh to learn how SquareX can protect your employees from web attacks!
TaniumThe recent CrowdStrike outage and subsequent disruption tested organizations' resiliency and confidence as the world went offline. It served as a reminder that in an increasingly technology-dependent world, things will go wrong – but security leaders can plan accordingly and leverage emerging technologies to help minimize the damage.
In this interview, Tanium’s Vice President of Product Marketing Vivek Bhandari explains how AI and automation can help with remediation and even prevent similar outages from happening in the future, and breaks down the future of Autonomous Endpoint Management (AEM) as the solution for continuous cyber resilience in the face of disruption.
Segment Resources:
This segment is sponsored by Tanium. Visit https://securityweekly.com/taniumbh to learn more about them!
Swimlane and GenAIJoin Swimlane CISO, Mike Lyborg and Security Weekly’s Mandy Logan as they cut through the AI peanut butter! While Generative AI is the not-so-new hot topic, it's also not the first time the cybersecurity industry has embraced emerging technology that can mimic human actions. Security automation and its ability to take action on behalf of humans have paved the way for generative AI to be trusted (within reason). The convergence and maturity of these technologies now have the potential to revolutionize how SecOps functions while force-multiplying SOC teams.
This segment is sponsored by Swimlane. Visit https://securityweekly.com/swimlanebh to learn more about them!
Swimlane and ProCircularProCircular, is a security automaton power-user and AI early adopter. Hear from Swimlane customer, Brandon Potter, CTO at ProCircular, about how use of Swimlane, has helped his organization increase efficiency, improve security metrics and ultimately grow their customer base without increasing headcount.
Segment Resources:
This segment is sponsored by Swimlane. Visit https://securityweekly.com/swimlanebh to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-373
In this conversation, the hosts discuss patchless patching, vulnerabilities in the Windows TCP/IP stack, and the trustworthiness of Microsoft. They highlight the challenges of marketing in the cybersecurity industry and the importance of building trust with customers. The conversation also touches on the need for vendors to prioritize security and code quality over rushing products to market. Overall, the hosts express concerns about the frequency of security vulnerabilities and the potential impact on customer trust. Other topics of discussion include the Innovators and Investors Summit at Black Hat, the potential sale of Trend Micro, layoffs in the industry, and the controversy surrounding room searches at DEF CON. They also touch on the concept of time on the moon and its implications for future lunar missions.
Devo, the security analytics company, recently launched data orchestration, a data analytics cloud, and security operations center (SOC) workflow enhancements. Enterprise security teams are struggling with growing data volumes—and they’re also up against headcount and budget constraints. These solutions offer security teams data control, cost optimizations, and efficient automation for better security outcomes.
Segment Resources: https://www.devo.com/defend-everything/
This segment is sponsored by Devo. Visit https://securityweekly.com/devobh to learn more about how Devo's new solutions can streamline your security operations.
As security monitoring has gotten more mature over the years, remediating security vulnerabilities is still stuck in the dark ages requiring mountains of CVE reports and thousands of manual tasks to be done by network engineers at the wee hours of the nights and weekends. Cyber resilience requires a more continuous approach to remediation, one that does not depend on manual work but also one that can be trusted not to cause outages.
This segment is sponsored by BackBox. Visit https://securityweekly.com/backboxbh to learn more about them!
Many cybersecurity experts are calling recent attacks on healthcare more sophisticated than ever. One attack disrupted prescription drug orders for over a third of the U.S. and has cost $1.5 billion in incident response and recovery services. Separately, an operator of over 140 hospitals and senior care facilities in the U.S. was also victimized. These attacks are becoming all too common. Disruptions can lead to life-and-death situations with massive impacts on patient care. All industries, especially healthcare, have to better prepare for ransomware attacks. Are you ready to turn the tables on threat actors? Marty Momdjian, Semperis EVP and General Manager provides advice on how hospitals can regain the upper hand.
This segment is sponsored by Semperis. Visit https://securityweekly.com/semperisbh to learn more about them!
The annual report details the latest ransomware attack trends and targets, ransomware families, and effective defense strategies. Findings in the report uncovered an 18% overall increase in ransomware attacks year-over-year, as well as a record-breaking ransom payment of US$75 million – nearly double the highest publicly known ransomware payout – to the Dark Angels ransomware group.
Segment Resources: For a deeper dive into best practices for protecting your organization and the full findings, download the Zscaler ThreatLabz 2024 Ransomware Report Link below - https://zscaler.com/campaign/threatlabz-ransomware-report
This segment is sponsored by Zscaler. Visit https://securityweekly.com/zscalerbh to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-372
In this interview we explore the new and sometimes strange world of redteaming AI. I have SO many questions, like what is AI safety?
We'll discuss her presence at Black Hat, where she delivered two days of training and participated on an AI safety panel.
We'll also discuss the process of pentesting an AI. Will pentesters just have giant cheatsheets or text files full of adversarial prompts? How can we automate this? Will an AI generate adversarial prompts you can use against another AI? And finally, what do we do with the results?
Resources:
We chat with Sounil Yu, co-founder of LLM access control startup, Knostic. We discuss both the experience of participating in Black Hat's startup competition, and what his company, Knostic, is all about. Knostic was one of four finalists for Black Hat's Startup Spotlight competition and was announced as the winner on August 6th.
References
, in the enterprise security news,
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-371
Remember 20 years ago? When we were certain SIEMs would grant our cybersecurity teams superpowers? Or 10 years ago, when we were sure that NGAV would put an end to malware as we knew it? Or 15 years ago, when we were sure that application control would put an end to malware as we knew it? Or 18 years ago, when NAC would put an end to unauthorized network access?
Why do we keep thinking that the next vendor offering is going to solve all our problems? In this interview, we talk with Fred Wilmot about the hard work of building effective processes and resilient architectures that will actually yield reductions in risk and detection/response capabilities that actually work.
We'll discuss shifts in thinking that can move us past the latest distractions, and keep security teams focused on work that moves the needle. Fred may also mention his past transgressions against the industry and what he's doing to "wipe out the red from his ledger".
There's plenty of content out there detailing how vendors fall short:
So what should they doing? In this episode, we chat with Dani Wolff, about how marketers can adopt the skills and mindsets of security researchers to improve GTM strategies, without resorting to awful tactics. Drawing from extensive experience in qualitative interviews and collaborations with enterprise security executives and researchers, Dani will uncover how the innate curiosity and analytical prowess of researchers can dismantle unhealthy habits within vendor organizations.
We'll also discuss Dani's various projects, including the WTF Did I Just Read podcast, CyberNest, and CyberSynapse. Dani will explain how these are all designed to address the gap between vendors and buyers in the cybersecurity industry.
This week, in the enterprise security news,
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-370
The emergence of generative AI has caused us to rethink things on two fronts:
But wait - is GenAI even useful for defenders or attackers? We'll dive deep into the state of AI as it pertains to security operations, just as Gartner announces that AI is hitting the trough of disillusionment. What better time to dispel the hype and focus on where real progress can be made?
Edward Wu thinks so! Understandably so, as his startup, Dropzone.ai is making a big bet on generative AI to change the face (and pace) of security operations.
We'll talk about what has changed here, and I have so many questions:
Finally, we'll wrap by talking about where this tech goes next, and can we get there with current technology, or are we dependent on more breakthroughs from companies like OpenAI, Anthropic, and Meta?
This week, on Enterprise Security Weekly, we've got:
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-369
In this episode of Enterprise Security Weekly, we revisit the insightful book "Jump-start Your SOC Analyst Career" with authors Jarrett Rodrick and Tyler Wall, exploring updates on career paths, opportunities, and the industry's reality. We delve into the myths versus the truths about cybersecurity careers, discussing the viability of high salaries and the best entry points into the field. Next, we tackle the critical issues plaguing the cybersecurity industry despite its rapid growth and increased influence at the board level. We ask why, despite ample resources, are failures more prevalent than ever? Lastly, we cover significant news in enterprise security, including the rumored historic acquisition of Wiz by Google, recent company acquisitions, and the evolving concept of shared responsibility in cybersecurity. Join us for a comprehensive discussion that spans career guidance, industry analysis, and the latest news in enterprise security.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-368
I'm always thrilled to chat with ex-analysts, and Henrique Teixeira can cover a lot of ground with us on the topic of identity management and governance. The more I talk to folks about IAM/IGA, the more I'm shocked at how little has changed. If anything, it seems like we've gone backwards a bit, with the addition of cloud SaaS, mobile devices, and shadow IT. Identity is one of the most common entry points for attacks, so we've got to do better as an industry here.
We'll cover a variety of topics in this interview, including:
This segment is sponsored by Saviynt. Visit https://securityweekly.com/saviynt to learn more about them!
In this week's enterprise security news,
All that and more, on this episode of Enterprise Security Weekly!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-367
We all might be a little worn out on this topic, but there's no escaping it. Executives want to adopt GenAI and it is being embedded into nearly every software product we use in both our professional and personal lives. In this interview, Anurag joins us to discuss how his company evaluated and ultimately integrated AI-based technologies into their products. We discuss:
For decades, security teams have been focused on preventing and detecting threats, only to find themselves buried so deep in alerts, they can't detect anything at all! We clearly need a different approach, which will be the topic of our conversation today with Marty. We'll be discussing a shift in philosophy and tactics. We'll discuss whether SecOps has a hoarding problem, and possible paths out of the current situation preventing today's teams from successfully detecting attacks. Finally, we'll discuss the impact AI has on all this (if any).
Segment Resources:
We've made a slight tweak to the news format, only focusing on the most interesting funding and acquisition stories. As always, you can go check out Mike Privette's Return on Security newsletter for the full list of funded and acquired companies every week.
This week, we discuss two $100M+ rounds, from Huntress and Semperis. We also discuss NetSPI's acquisition of Hubble, and the future of the CAASM market.
We focus on the important of detection engineering, echoing some of Martin Roesch's thoughts from our interview with him just before the news. One story is from the excellent DFIR report, a website and newsletter you should absolutely be subscribed to if detection engineering is important to you. The other story is from Thinkst, and showcases their ability to create file share honeypots with file listings that can now be tailored to specific industries.
We discuss the results of some polls that RSnake ran on Twitter, to get feedback from folks on what they think about these models where CISOs are reportedly getting kickbacks for buying products from companies they advise.
We also discuss the latest whistleblower insights about Microsoft and the state of security there, and the recent Polyfill.io incident that targeted over 100k websites with malware.
Finally, we spend the rest of the news segment discussing the current state of Generative AI, from our own perspectives, but also through the lens of Bruce Schneier's latest blog post, a year old post from Marc Andreesen, and a rage-fueled rant from an angry Aussie.
Don't miss the squirrel story - we highly recommend sending it to all your PhD friends (or not, if they're easily insulted and/or likely to hold a grudge).
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-366
Traditional approaches to access management are no longer sufficient to safeguard enterprise security. Tim will explain why the most effective approach to modern enterprise security requires a Zero Trust model that extends beyond just access to encompass every action, no matter how minor.
Tim will describe the importance of implementing a Zero Trust framework that evaluates each command, query, and configuration change in real-time, and how that delivers the most effective and complete security solution. Doing so involves the application of fine-grained authorization policies that adapt to the context of the user, the sensitivity of the action, and the prevailing threat landscape.
Segment Resources: https://www.strongdm.com/blog/pam-was-dead-strongdm-just-brought-it-back-to-life https://www.strongdm.com/whitepaper/technical-overview
This segment is sponsored by StrongDM. Visit https://securityweekly.com/strongdmidv to learn more about them!
Traditional IGA solutions are not risk-focused by design, and as audit and compliance focus continues to expand beyond core ERP systems and into line of business apps and point solutions, organizations must plan holistically how to address risk across their application landscape. It’s never too late to start kicking off your risk reduction journey, and utilizing an innovative, unified platform for both identity and access risk governance has significant, compounding benefits and helps organizations realize faster time to value, lower TCO and longer term consistent risk exposure reduction. Ensuring access to all of your business-critical applications is provisioned seamlessly, efficiently, and cost-effectively while meeting risk, audit and compliance requirements should be the primary goal of any identity and access risk governance solution implementation.
Segment Resources: https://get.pathlock.com/demo-sem-kuppingercole-access-control-tools-multi-vendor-lob https://pathlock.com/learn/access-provisioning/ https://pathlock.com/compliant-provisioning-copy/ https://pathlock.com/learn/what-is-identity-governance-and-administration/ https://pathlock.com/distressed-iga-deployments/
This segment is sponsored by Pathlock. Visit https://securityweekly.com/pathlockidv to learn more about them!
Remote identity verification is one of the biggest challenges in the digital age, especially with the use of AI-generated deepfakes which are now impossible to distinguish from real imagery with the human eye. AI-powered biometrics have emerged as the most robust defense against deepfakes - and therefore, the only reliable method for remote identity verification.
Segment Resources: iProov.com https://www.iproov.com/ iProov Threat Intelligence Report 2024: The Impact of AI on Remote Identity Verification - https://www.iproov.com/reports/iproov-threat-intelligence-report-2024
This segment is sponsored by iProov. Visit https://securityweekly.com/iproovidv to learn more about them!
The criminal opportunity shaping the landscape today and how authoritative, accurate and automated processes are helping others increase their conversion rates by 20% while preventing 99% of all fraudulent attempts. What is the Criminal Opportunity facing us all right now? Data breaches and mail theft have resulted in a record level of available compromised Identity Information, payment information, and login information and even stolen checks. It has been said that ’At this point, all of our information is out on the dark web and it's now just a matter of when is it going to be used against us.’ Combined with inadequate fraud strategies, fraudsters have the key to the castle, it’s a perfect scenario of having the answers to the quiz ahead of time.
This segment is sponsored by Intellicheck. Visit https://securityweekly.com/intellicheckidv to learn more about them!
Show Notes: https://securityweekly.com/vault-esw-14
FIDO security keys are not new in the authentication workflow. They have been around now for 10 years. What is new is the combination of the most secure multi-factor authentication method not only for logical but also for physical access control with the highest FIPS140-3 security certification in the market.
Segment Resources: Video "Swissbit iShield Key Pro: Protecting Digital Identities" https://www.youtube.com/watch?v=kxtqOyZ6e80
This segment is sponsored by Swissbit. Visit https://securityweekly.com/swissbitidv to learn more about them!
While AI artificial intelligence is up-and-coming, automating your organization's PKI infrastructure is very much a reality, and can help save your IT team on hardware costs and employee costs in the long term. Additionally, a powerful PKI-as-a-Service solution provides the cryptoagility your organization can rely on as artificial intelligence, post-quantum computing, and shortened certificate validity periods become reality.
This segment is sponsored by HID. Visit https://securityweekly.com/hididv to learn more about them!
Cyberattacks, fraud and breaches, we’ve all studied them, and we are all aware that identity is under attack. And if we thought it was bad up until now, we haven't fully seen the impact of GenAI based identity attacks. Going beyond just Deepfakes, GenAI-powered malicious services such as FraudGPT, lets novices craft targeted and sophisticated attacks that bypass common IAM and security controls. Identity and security leaders must brace themselves for an increase in the volume, velocity and variety of attacks ("the three V's:). In this talk, former Gartner analyst David Mahdi and CIO of Transmit Security cover what you need to know about GenAI these attacks, and what you can do about it. Specifically, the types of attacks fraudsters are conducting across the identity lifecycle, insight into their tactics and services, and finally recommendations for a path forward.
This segment is sponsored by Transmit Security. Visit https://securityweekly.com/transmitidv to learn more about them!
Show Notes: https://securityweekly.com/vault-esw-13
Log4j, solar winds, tesla hacks, and the wave of high profile appsec problems aren’t going to go away with current approaches like SAST and SCA. Why? They are:
-40 years old, with little innovation
-Haven’t solved the problem.
In this segment, we talk about fully autonomous application security. Vetted by DARPA in the Cyber Grand Challenge, the approach is different:
-Prove bugs, rather than trying to list all of them.
-Zero false positives, which leads to better autonomy.
Segment Resources:
Article on competition: https://www.darpa.mil/about-us/timeline/cyber-grand-challenge
Technical article on approach: https://spectrum.ieee.org/mayhem-the-machine-that-finds-software-vulnerabilities-then-patches-them
Example vulns discovered:
https://forallsecure.com/blog/forallsecure-uncovers-critical-vulnerabilities-in-das-u-boot
https://github.com/forallsecure/vulnerabilitieslab
Show Notes: https://securityweekly.com/vault-esw-12
This week, we've got data security being both funded AND acquired. We discuss Lacework's fall from unicorn status and why rumors that it went to Fortinet for considerably more than Wiz was willing to pay make sense.
Microsoft Recall and Apple Intelligence are the perfect bookends for a conversation about the importance of handling consumer privacy concerns at launch.
How can the Snowflake breach both be one of the biggest breaches ever, but also not a breach at all (for Snowflake, at least). It's time to have a conversation about shared responsibilities, and when the line between CSP and customer needs to shift.
The CSA's AI Resilience Benchmark leaves much to be desired (like, an actual usable benchmark) and Greg Linares tells a wild story about how the first Microsoft Office 2007 vulnerability was discovered.
Finally, the Light Phone III was announced. Do we finally have a usable minimalist, social media detox-friendly phone option? Will Adrian have to buy one to find out?
Several recent trends underscore the increasing importance of Know Your Business (KYB) practices in today's business landscape. One significant trend is the rise in financial crimes, including money laundering, fraud, and terrorist financing. Technological advancements have transformed the way businesses operate, leading to increased digitization, online transactions, and remote customer interactions. While these developments offer numerous benefits, they also create opportunities for criminals to exploit vulnerabilities. Higher value remote transactions are performed at higher volumes. In addition, government programs such as the PPP program created a need for onboarding business quickly. This created a influx of fraudulent entities and claim who are now exploiting other channels. The convergence of these trends highlights the critical role of KYB in safeguarding businesses, ensuring regulatory compliance, and fostering trust among stakeholders in today's dynamic and interconnected business environment.
Segment Resources: https://files.scmagazine.com/wp-content/uploads/2024/05/idi-Identiverse-Brochure_05-2024-KYB-PRINT.pdf
This segment is sponsored by IDI. Visit https://securityweekly.com/idiidv to learn more about them!
From wrestling with integration complexities to managing unexpected glitches, the realities of SSO implementation can produce very different results than what you want. Are users actually using SSO to login or are they still using the direct logins they gained before enabling SSO? We explore the reasons behind why SSO efficacy isn't always what it seems and what you can do about it.
This segment is sponsored by Savvy. Visit https://securityweekly.com/savvyidv for a no cost SaaS-Identity checkup!
With identity being the new security perimeter, identity platforms are now an integral part of the core security stack. Inherently these platforms are complex and it takes months and years for organizations to realize the business value. And this is going to get worse. The sheer volume and velocity with which new identity types are being added, as well the sophistication of attacks on identity platforms, requires a transformational shift to Identity security and governance. 50% operational efficiency and delivering security at scale are the two big initiatives which organizations have embarked on. In this session, Vibhuti Sinha, Chief Product Officer of Saviynt will share his insights and discuss how Saviynt is at the forefront of this transformation.
This segment is sponsored by Saviynt. Visit https://securityweekly.com/saviyntidv to learn more about them!
Enterprises often struggle with achieving business value in identity programs. This is typically the result of technology choices that require a disproportionately greater amount of effort and focus and underestimating the workforce required for organizational change management. With 30 years in the industry and a depth of accumulated knowledge working with large, global customers and vendors, we share how to identify and realize the business value in your organization’s identity program.
Segment Resources: https://files.scmagazine.com/wp-content/uploads/2024/05/SDG-IAM-Brief-1.pdf https://files.scmagazine.com/wp-content/uploads/2024/05/SDG-IAM-Modernization-Service-Brief-1-1.pdf
This segment is sponsored by SDG. Visit https://securityweekly.com/sdgidv to learn more about them!
In today’s increasingly complex cloud environments, ensuring continuous access to identity services is critical for maintaining business operations and security. Gerry Gebel, VP of Product and Standards at Strata Identity, will discuss the recently announced Identity Continuity product, designed to provide uninterrupted identity services even during outages. Unlike traditional disaster recovery solutions, Identity Continuity autonomously fails over to alternate identity providers, ensuring seamless access management. Join us to explore how Strata Identity is enhancing resilience in the identity management space.
Segment Resources: Strata Identity Continuity Product page: https://www.strata.io/maverics-platform/identity-continuity/ State of Multi-Cloud Identity report: https://strata.io/wp-content/uploads/2023/08/State-of-multi-cloud-identity-2023_Strata-Identity.pdf Parametrix Survey = https://www.reinsurancene.ws/leading-cloud-service-providers-faced-1000-disruptions-in-2022-parametrix/
This segment is sponsored by Strata. Visit https://securityweekly.com/strataidv to learn more about them!
Digital businesses are under attack from account and platform fraud, including Account Takeover (ATO), account opening fraud, and many variations of fraudulent account scams, impersonations, transactions and collusions. Learn best practices to stop fraud with better detection and prevention that can also improve customer satisfaction and operating efficiencies.
This segment is sponsored by Verosint. Visit https://securityweekly.com/verosintidv to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-365
"Identity security has been around forever though", you might be thinking. Allow me to clarify. Identity is the largest cybersecurity product category, but most of it is focused on identity governance, authentication, multi-factor, etc. Very little of it is focused on operational identity security. It's this trend, where we recently (within the last 2 years) started seeing the ITDR (Identity Threat Detection and Response) acronym that we'll be focused on today. Particularly:
And it's difficult to do better for this conversation than Will Lin. He spent the last half decade as a VC. On a daily basis, he was looking at the big picture of cybersecurity markets and trends. He discussed security challenges with CISOs and other security buyers on a regular basis, both directly and through the Security Tinkerers community he founded. All this led to a decision to quit the VC world to become a founder himself. Of all the categories he could have chosen, he chose identity security, and that's why we're happy to have him for this conversation.
Segment Resources:
We start off discussing the latest round of fundings, centered largely around data security and securing LLM use. This dovetails into a discussion about marketing language and how difficult it can be for buyers to work out what the latest round of early stage startups are doing.
Next, we discuss Cloudflare and Bugcrowd's acquisitions, as well as Synopsys's divestiture of its appsec portfolio.
From here, we dive into a raft of new features across both IT and cybersecurity products, like Azure, Dashlane, LastPass, and PagerDuty. Discussing Huntress's active remediation feature triggers a conversation about this latest product trend: vendors seem to think buyers are ready for fully automated remediation actions. We're not so sure they are.
To wrap up the cybersecurity coverage, Brandon Dixon has an interesting tutorial regarding a Security Copilot use case that looks a LOT like the default phishing enrichment use case that has been used for every SOAR POC ever. To clarify, this is a great piece in that it is all practical, has no marketing fluff, and shows you how to do something useful with Security Copilot. Where it pulls up short is managing to live up to the hype we've been hearing about Security Copilot from day one.
We agree to table the discussion on Microsoft Recall until we know more about what GA of the feature will look like, and then dig into a VERY interesting squirrel story about an audio-based hacking puzzle created by a rock band.
The interview will delve into the healthcare industry's tumultuous year in 2023, marked by 124 million breached health records across 725 hacking incidents (according to The HIPAA Journal). This interview will explore the critical role that MSSPs play in safeguarding health data and systems against potential security incidents, such as ransomware and business email compromise attacks. Jim Broome will share how to proactively prepare for an incident - including establishing a comprehensive incident response plan, outlining strategies for containment, restoration, and ongoing security operations, and how an MSSP can help.
Segment Resources: Tales from the Road Blog: An External Pen Test at a Healthcare Organization Reveals the Dangers of the Dark Web - https://www.directdefense.com/tales-from-the-road-an-external-pen-test-reveals-the-dangers-of-the-dark-web/
2023 Security Operations Threat Report: https://go.directdefense.com/2023-Security-Operations-Threat-Report
This segment is sponsored by DirectDefense. Visit https://securityweekly.com/directdefensersac to learn more about them!
In the dynamic landscape of cybersecurity, the urgency to eliminate passwords as a security vulnerability has never been more critical. Organizations are continuing to face a surge in the variety and complexity of cyber threats at historical rates, often fueled by compromised employee login credentials – resulting from attacks such as phishing which has been exacerbated by the rise in use of Artificial Intelligence (AI). The 2023 Verizon Data Breach Investigations Report underscores the staggering impact of breaches caused by stolen credentials, accounting for a staggering 74% of incidents. Christopher Harrell, Yubico’s Chief Technology Officer, shares how organizations can achieve passwordless authentication at scale with high assurance phishing-resistant multi-factor authentication (MFA) to elevate their security posture against phishing attacks while creating phishing-resistant users.
Segment Resources: https://www.yubico.com/blog/empowering-enterprise-security-at-scale-with-new-product-innovations-yubikey-5-7-and-yubico-authenticator-7/
This segment is sponsored by Yubico. Visit https://securityweekly.com/yubicorsac to learn more about them!
In this podcast segment, we delve into Sophos' fifth annual State of Ransomware report, exploring significant findings and trends in the evolving ransomware landscape. We'll discuss the sharp increase in recovery costs, the strategic targeting of backups by hackers, and the evolving role of cyber insurance in ransom payments. Our discussion will provide insights into how organizations can adapt their cybersecurity measures to mitigate these heightened threats and recover more effectively from attacks.
Segment Resources: Blog: The State of Ransomware 2024 Report: https://assets.sophos.com/X24WTUEQ/at/9brgj5n44hqvgsp5f5bqcps/sophos-state-of-ransomware-2024-wp.pdf Press release: Ransomware Payments Increase 500% In the Last Year, Finds Sophos State of Ransomware Report
This segment is sponsored by Sophos. Visit https://www.securityweekly.com/sophosrsac to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-364
In this interview, join Swimlane Chief Information Security Officer, Mike Lyborg, and host Akira Brand as we discuss the value of cybersecurity marketplaces from a CISO perspective. Through insightful discussions, unpack the connection between outcomes-driven solutions and tangible business KPIs.
This segment is sponsored by Swimlane. Visit https://securityweekly.com/swimlanersac to learn more about them!
The past two years have witnessed an unprecedented surge in the adoption of generative artificial intelligence (AI) across various industries. And while this presents new efficiencies, with these benefits come significant security concerns. The widespread integration of AI applications increases the risk of data breaches and intellectual property theft, while also expanding organizations' vulnerability to malicious data injection and other AI-driven cyberattacks. During this interview Jim will explore why it’s imperative to implement robust security measures to mitigate these evolving risks effectively, and how working alongside an MSSP can benefit your overall security posture.
Segment Resources: https://go.directdefense.com/2023-Security-Operations-Threat-Report
This segment is sponsored by DirectDefense. Visit https://securityweekly.com/directdefensersac to learn more about them!
In recent years, ransomware attacks have undergone a transformative evolution, shifting from indiscriminate, mass-distributed assaults to highly targeted, sophisticated campaigns. Kris Lahiri is able to discuss the dynamic landscape of ransomware and dive into the techniques he has seen cybercriminals employ, the motivations behind these attacks, and the escalating impact on individuals, businesses, and critical infrastructure.
Segment Resources: https://www.egnyte.com/solutions/ransomware-detection https://www.egnyte.com/guides/governance/ransomware
This segment is sponsored by Egnyte. Visit https://securityweekly.com/egnytersac to learn more about them!
Show Notes: https://securityweekly.com/vault-esw-11
Organizations today are overwhelmed with the sheer magnitude of potential cybersecurity threats and there is plenty of vendor buzz around AI in Security products, but what is the reality? Threat detection and incident response (TDIR) strategy and execution have never been more critical and are essential in maintaining cyber resilience and strengthening the security posture of every organization. TDIR aims to identify potential threats and respond before they can impact a business. A layered defense focuses on identifying threat activity, prioritizing investigations, and measuring risk. As a result, organizations can take the appropriate threat mitigation steps. These security strategies and protocols signify a step forward with a TDIR strategy where everyone from the CISO to the security analyst wins.
This segment is sponsored by Graylog. Visit https://securityweekly.com/graylogrsac to learn more about them!
Axur is a cost-effective external cybersecurity solution that empowers security teams to handle threats beyond the perimeter. Our platform detects, inspects, and responds to brand impersonation, phishing scams, dark web mentions, threat intel vulnerabilities, and more.
This segment is sponsored by Axur. Visit https://securityweekly.com/axurrsac to learn more about them!
Segment Resources: https://www.axur.com/en-us/partners https://www.axur.com/en-us/outsourced-takedown https://www.axur.com/polaris/home
Vendors, sales channels, partners and other kinds of third parties are essential to most businesses. Ensuring that the information security risks of those other companies don't impact your own is the remit of Third Party Cyber Risk Management (TPCRM) teams. It is increasingly evident, however, that the existing practices and tools are not up to the challenge. They make the process even more adversarial than it needs to be, are focused on risk transfer and/or acceptance rather than reduction; are based on limited and low quality signals; and are often excruciatingly manual. We can do better as an industry, and in this conversation we are going to explore a new paradigm for TPCRM and its advantages for third and first parties.
Segment Resources: Alice in Supply Chains is a monthly marketing-free newsletter with curated news and commentary on TPCRM: https://www.linkedin.com/newsletters/alice-in-supply-chains-6976104448523677696/
This segment is sponsored by Tenchi Security. Visit https://securityweekly.com/tenchirsac to learn more about them!
Show Notes: https://securityweekly.com/vault-esw-10
As a special treat for this week's vault episode, we set up a conversation with Derek Manky to discuss Fortinet's FortiGuard Labs Threat Report. This is a bi-annual report put out by FortiGuard Labs, and in my opinion, it just keeps getting better and better. The report is chock full of actionable information and insights. It answered all my questions about the current state of threats and attacks, like:
There's not a dull moment in this conversation - I hope you enjoy listening to or watching it as much as I did making it!
Segment Resources:
Show Notes: https://securityweekly.com/vault-esw-9
Only one funding announcement this week, so we dive deep into Thoma Bravo's past and present portfolio. They recently announced a sale of Venafi to Cyberark and no one is quite sure how much of a hand they had in the LogRhythm/Exabeam merger, and whether or not they sold their stake in the process.
We also have a crazy stat Ross Haleliuk spotted in Bessemer's analysis: "13 out of 14 cybersecurity companies acquired in the past year for over $100M were from Israel". Is this an anomaly? Does it just mean that Israel wasn't shy about selling when the market was down? We discuss.
A number of new product announcements continue to trickle out post-RSA.
We'll also discuss Sam Altman and OpenAI's decision to use Scarlett Johansson's voice against her will and what it could mean for deepfakes, advanced social engineering techniques, and general big tech sliminess.
Do you know what a "product glorifier" is? How about a glowstacker? You will if you check out the second-to-last story in the show notes!
See the show notes for individual descriptions on each RSAC interview. This week, we feature speakers from Sailpoint, Okta, Ping Identity, LimaCharlie, QwietAI, and Picus!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-363
Suddenly SIEMs are all over the news! In a keynote presentation, Crowdstrike CEO George Kurtz talked about the company's "next-gen" SIEM. Meanwhile, Palo Alto, who was taken to task by some for not having an active presence on the RSAC expo floor, hits the headlines for acquiring IBM's SIEM product, just to shut it down!
Meanwhile, LogRhythm and Exabeam merge, likely with the hopes of weathering the coming storm. The situation seems clear - there's no such thing as "best of breed" SIEM anymore. It's a commodity to be attached to the existing dominant security platforms. Are the days numbered for the older pure-play SIEM/SOAR vendors out there? Crowdstrike and Palo Alto alone could displace a lot of incumbents, even with a less than stellar product.
Visit the show notes for full descriptions on each RSAC executive interview!
Show Notes: https://securityweekly.com/esw-362
Tune in to hear 9 executive interviews from RSA Conference 2024, featuring speakers from Zscaler, Open Systems, Aryaka, OpenText, Hive Pro, Critical Start, Anomali, Cyware, and Pentera!
Find individual descriptions for each interview on the show notes.
Show Notes: https://securityweekly.com/esw-361
It's the most boring part of incident response. Skip it at your peril, however. In this interview, we'll talk to Joe Gross about why preparing for incident response is so important. There's SO MUCH to do, we'll spend some time breaking down the different tasks you need to complete long before an incident occurs.
Resources
This segment is sponsored by Graylog. Visit https://securityweekly.com/graylog to learn more about them!
It's the week before RSA and the news is PACKED. Everyone is trying to get their RSA announcements out all at once. We've got announcements about funding, acquisitions, partnerships, new companies, new products, new features...
To make things MORE challenging, everyone is also putting out their big annual reports, like Verizon's DBIR and Mandiant's M-Trends!
Finally, we've got some great essays that are worth putting on your reading list, including a particularly fun take on the Verizon DBIR by Kelly Shortridge.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-360
A clear pattern with startups getting funding this week are "autonomous" products and features.
I'll believe it when I see it. Don't get me wrong, I think we're in desperate need of more automation when it comes to patching and security decision-making. I just don't think the majority of the market has the level of confidence necessary to trust security products to automate things without a human in the loop.
The way LimaCharlie is going about it, with their new bi-directional functionality they're talking up right now, might work, as detections can be VERY specific and fine-grained.
We've already seen a round of fully automated guardrail approaches (particularly in the Cloud) fail, however. My prediction? Either what we're seeing isn't truly automated, or it will become a part of the product that no one uses - like Metasploit Pro licenses.
We've talked about generative AI in a general sense on our podcast for years, but we haven't done many deep dives into specific security use cases. That ends with this interview, as we discuss how generative AI can improve SecOps with Ely Kahn. Some of the use cases are obvious, while others were a complete surprise to me. Check out this episode if you're looking for some ideas!
This segment is sponsored by SentinelOne. Visit https://securityweekly.com/sentinelone to learn more about them!
This is a great interview with Adam Shostack on all things threat modeling. He's often the first name that pops into people's heads when threat modeling comes up, and has created or been involved with much of the foundational material around the subject. Adam recently released a whitepaper that focuses on and defines inherent threats.
Resources:
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-359