ESWEpisode161

From Paul's Security Weekly
Jump to: navigation, search

Recorded November 13, 2019 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • John Strand
    Security analyst, Founder of Black Hills Information Security, and CTO of Offensive Countermeasures.
  • Matt Alderman
    CEO at Security Weekly, Strategic Advisor, and Wizard of Entrepreneurship
  • Annoucements:

    • Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020 and click the register button to register with our discount code!
    • Attend RSA Conference 2020, February 24-28 and join thousands of security professionals, forward-thinking innovators and solution providers for five days of actionable learning, inspiring conversation and breakthrough ideas. Register before January 24 and save $900 on a Full Conference Pass. Save an extra $150 by going to securityweekly.com/rsac2020 and use our code to register!
    • Our next webcast is February 13th with Sri Sundaralingam, Vice President, Product and Solutions Marketing at ExtraHop where we will discuss Cloud Native Network Detection and Response! Register for our upcoming webcasts by visiting securityweekly.com, selecting the webcast drop down from the top menu bar and clicking registration.


    Enterprise News

    Topic: STEALTHbits, Tenable, Aqua Security

    1. STEALTHbits releases StealthDEFEND 2.2, its real-time threat detection and response platform - Help Net Security
    2. Appsian extends platform to SAP customers - Help Net Security
    3. Bitdefender GravityZone enhanced with new endpoint defense capabilities - Help Net Security
    4. Top Application Security Vendors
    5. Stellar Cyber adds a new Data Streaming Application to its Starlight platform - Help Net Security
    6. CloudVector's API Threat Protection platform monitors and secures APIs to prevent data breaches - Help Net Security
    7. Tenable to Secure Enterprise Cloud Environments with Microsoft Azure Integration
    8. Five Points buys GrammaTech - PE Hub
    9. Aqua Security buys CloudSploit to expand into cloud security posture management - SiliconANGLE


    Interview: Baber Amin, Ping Identity

    Topic: Zero Trust architecture

    Description:
    Security has always been perimeter centric with an "US" vs "THEM" approach. Multiple factors are forcing a change to this design pattern, and exposing it's shortcomings. The concept of "zero trust" is really a concept of "defence in depth" applicable when our perimeters are ephemeral and fluid.

    Resources:

    Baber Amin is the CTO West at Ping Identity
    At Ping Identity, Mr. Amin is currently CTO for West, helping customers with their IAM strategy, zero trust architecture, and modeling for a privacy first approach. At Ping Identity he is guiding product roadmap for Zero Trust, AI/ML strategy, championing privacy by design principals, and evaluating M&A fit. Previously, he was responsible for Ping’s solution offering around OpenBanking, GDPR, Privacy, and Consent, across Ping’s product portfolio; solution centric go-to market and pricing strategy, and for Ping Identity solutions in Employee, and Consumer centric Identity and Access Management.
    Prior to Ping Identity, Mr. Amin served as Senior Director of product management for IDaaS solutions at Oracle Corp. and CA Technologies. Before that, Mr. Amin served as Director of Cloud Security with Novell Identity and Security. He was responsible for crafting Oracle’s IDaaS strategy and setting direction for the future of Identity Services.
    At CA Technologies, Mr. Amin’s primary responsibility was for CA Advanced Risk Based and Multifactor Authentication offering and CA IAM product and service strategy in the cloud, including it's next generation cloud security service offerings. During his time at Novell, he helped position Novell as a thought leader in Identity based services, cloud and enterprise security. His primary role was to lead the overall strategy for Novell Cloud Security and oversee ongoing product direction in the area.
    Mr. Amin is also an author on several patents in software security, web caching and content distribution, and speaker at various events.


    Interview: Ward Cobleigh, VIAVI Solutions

    Ward Cobleigh is the Sr. Product Manager at VIAVI Solutions
    Ward Cobleigh, Sr Product Manager for VIAVI Solutions, understands the balancing act between network ops and security that IT pros are facing today along with the challenges they have in solving issues due to limited visibility and complexity. His experience in engineering, product management plus design and marketing give him a unique ability to cut to the heart of the problem and demonstrate solutions that give engineers a sigh of relief. He brings a refreshing bit of humor to the dry, technical topic of network performance management and security threat hunting.

    Segment Topic:
    Threat Detection: The Network Scavenger Hunt

    Segment Description:
    There’s an abundance of potential data sources that can be found within you network. Where should you look? Which data sources offer unique perspectives and value? How can you use these data sources to speed threat identification, understand scope and impact, and aide in remediation steps to minimize impact? This segment will include a brief demonstration of how commonly available data sources can be effectively leveraged by SecOps and NetOps teams.
    1. Brief demo/intro to our new Splunk integration

    Slides: VIAVI Slides

    Segment Resources:
    - SANS OnDemand Webinar Recording:

    - Blogs: