ESWEpisode162

From Security Weekly Wiki
Jump to navigationJump to search

Recorded November 20, 2019 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Matt Alderman
    CEO at Security Weekly, Strategic Advisor, and Wizard of Entrepreneurship
  • Annoucements:

    • Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!
    • OSHEAN and the Pell Center are partnering together to present Cybersecurity Exchange Day on Wednesday, March 18th from 9am-3pm at Salve Regina University in the beautiful Newport, RI! Visit securityweekly.com/OSHEAN2020 to register for free and come join in the fun!
    • We have officially migrated our mailing list to a new platform! Sign up for the list to receive invites to our virtual trainings, webcasts, and other content relative to your interests by visiting securityweekly.com/subscribe and clicking the button to join the list! You can also submit your suggestions for guests by going to securityweekly.com/guests and submitting the form! We'll review them monthly and reach out if they are a good fit!
    • Our first-ever virtual training is happening on March 19th @11:00am ET, with Adam Kehler & Rob Harvey from Online Business Systems Risk, Security & Privacy Team. In this training you will learn how to generate a complex SHA-256 hashed password and then use password cracking tools to break it. Register for our upcoming trainings by visiting securityweekly.com, selecting the webcast/training drop down from the top menu bar and clicking registration.


    Enterprise News

    1. Illusive Networks Extends Cyber Protection to OT and IoT Attack Surfaces - "Adversaries are increasing their focus on non-traditional IT attack surfaces, and concerns raised by evaporating perimeter security in the areas of IoT and OT are impacting transformation efforts," said Ofer Israeli, CEO and founder of Illusive Networks. Really? I'd like to see the research to back up this claim please.
    2. Vista Acquires a Majority Interest in Sonatype: A Great Day for our Customers, Partners and Community
    3. iTWire - Check Point Software says Cymplify acquisition brings new IoT cyber security technology - According to Check Point the proliferation of Internet-of-things (IoT) devices in consumer, enterprise, industrial and healthcare organisations, and their inherent security weaknesses, have created a security blind spot where cybercriminals launch 5th and 6th generation of cyber attacks to breach devices (IP camera surveillance), manipulate their operation (medical device infiltration) or even take over critical infrastructure (manufacturing plant) to generate “colossal damage”.
    4. StackRox Kubernetes Security Platform 3.0 Introduces Advanced Features and New Workflows for Configuration and Vulnerability Management
    5. After selling enterprise biz, Docker lands $35M investment and new CEO TechCrunch
    6. WhiteSource acquires automated dependency update solution Renovate
    7. Cyber Risk Analytics Firm CyberCube Raises $35 Million
    8. New infosec products of the week: November 15, 2019 - Hive Fabric enables users to deploy virtual desktops, virtual servers, and software-defined storage in a single install, eliminating the need for a multi-vendor and multi-contract approach. The latest software release brings increased security and integrations, furthering operational-focused capabilities and removing overhead associated with the day-to-day support of virtualization.
    9. Sysdig supports Google Cloud Run for Anthos to secure serverless workloads in production
    10. 1Password Raises $200 Million in Series A Funding
    11. NeuVector releases Security Policy as Code capability for Kubernetes - The release – built into the NeuVector platform – enables DevOps teams to automate container security by using Kubernetes Custom Resource Definitions (CRDs) to define and manage application security policies throughout application development and production.


    Interview: Reuven Harrison, Tufin

    Reuven Harrison is the Chief Technology Officer at Tufin.

    Reuven Harrison is CTO and Co-Founder of Tufin. He led all development efforts during the company’s initial fast-paced growth period, and is focused on Tufin’s product leadership. Reuven is responsible for the company’s future vision, product innovation and market strategy. Under Reuven’s leadership, Tufin’s products have received numerous technology awards and wide industry recognition.

    Reuven brings more than 20 years of software development experience, holding two key senior developer positions at Check Point Software, as well other key positions at Capsule Technologies and ECS. He received a Bachelor's degree in Mathematics and Philosophy from Tel Aviv University.

    Segment Topic:
    Cloud, containers, and microservices


    Interview: Jorge Salamero, Sysdig

    Jorge Salamero is the Director of Product Marketing at Sysdig

    Jorge enjoys playing with containers and Kubernetes, home automation and DIY projects. Currently, he is part of the Sysdig team, and in the past was a Debian developer. When he is away from computers, you will find him walking with his 2 dogs in the mountains or driving his car through a twisted road.

    Segment Description:

    • What are the challenges of implementing security in Kubernetes environments?
    • What are the approaches you have seen out there?
    • Scan for vulnerabilities pre-deployment (CI/CD)
    • Continuously check compliance and audit changes across the stack
    • Block runtime threats and attacks
    • Respond to incidents and conduct forensics on Kubernetes
    • Use cases when monitoring and security come together
    • Can you tell me a bit more about the open source project Falco?