ESWEpisode178

From Security Weekly Wiki
Jump to navigationJump to search

Enterprise Security Weekly Episode 178 - 2020-04-08

Episode Audio

Enterprise Security Weekly Episode 178

Announcements

  • Is your Open Source code secure? Learn how to verify your code during development, not after the build in our next webcast with Synopsys. Going cloudnative? See how to integrate application security in our webcast with Signal Sciences! Register for our upcoming webcasts or virtual trainings by visiting securityweekly.com/webcasts. You can also access our on-demand library of previously recorded webcasts/trainings by visiting securityweekly.com/ondemand. Each webcast will earn you 1 CPE credit that we will submit on your behalf if you provide your ISC2 number.
  • We have officially migrated our mailing list to BACK to our original platform! We have our categories nailed down and you are now able to customize what you receive from us based on your preferences by visiting securityweekly.com/subscribe and clicking the button to join the list! Once you have joined, you will also be able to go back and update your "interests" so that we can grow with you as you progress through your journey in InfoSec!
  • We are looking for high-quality guest suggestions for our Enterprise Security Weekly podcast to fill our upcoming recording schedule! We're committed to educating and providing entertainment for the InfoSec community and we would love to hear from you about who you would like us to interview on the show! Submit your suggestions for guests by visiting securityweekly.com/guests and submitting the form! We review suggestions monthly and will reach out to you once reviewed!
  • Join Qualys for VMDR Live on April 21 at 2pm ET for a live demonstration of the game-changing Vulnerability Management, Detection & Response offering - a unified solution that integrates vulnerability management, threat prioritization and patching in a single app. Register at securityweekly.com/VMDR2020

News - CrowsdStrike, Automox, & Ixia

Description:

New from BitDam, Ping, CrowsdStrike, Automox, Ixia, Recorded Future, CyberArk, AlgoSec, Tufin, Unisys. Redis servers found exposed to the Internet and vulnerable!


Content:

https://www.helpnetsecurity.com/2020/04/03/bitdam-advanced-threat-protection/ BitDam Advanced Threat Protection solution now supports Microsoft Teams and Zoom - Help Net Security

https://www.helpnetsecurity.com/2020/04/03/ping-identity-pingid-aws/ Ping Identity PingID multi-factor authentication now available in AWS Marketplace - Help Net Security

https://www.helpnetsecurity.com/2020/04/03/automox-crowdstrike/ CrowdStrike customers can now reduce endpoint attack surface with Automox through CrowdStrike Store - Help Net Security

https://www.ixiacom.com/company/blog/simple-advanced-persistent-threat-emulation-breakingpoint-attack-campaigns Simple Advanced Persistent Threat Emulation with BreakingPoint Attack Campaigns | Ixia

https://www.securityweek.com/8000-unprotected-redis-instances-accessible-internet 8,000 Unprotected Redis Instances Accessible From Internet | SecurityWeek.Com

https://www.recordedfuture.com/servicenow-incident-detection/ Recorded Future and ServiceNow: Empowering Security Teams With Real-Time Incident Detection

https://www.cyberark.com/blog/enabling-developers-with-a-self-service-approach-to-secrets-management/ Enabling Developers with a Self-Service Approach to Secrets Management | CyberArk

http://www.globalsecuritymag.com/AlgoSec-has-released-the-version,20200402,97268.html AlgoSec has released the version A30.10

http://www.globalsecuritymag.com/Tufin-Announces-Free-Firewall,20200407,97457.html Tufin Announces Free Firewall Change Tracker to Enhance Network Security and Connectivity for Remote Workforces

http://www.globalsecuritymag.com/Unisys-Always-On-Access-TM-Powered,20200408,97495.html Unisys Always-On Access Powered by Stealth Provides Fast, Encrypted Remote Access for Workers


Matt Alderman's Content:

MattAlderman-0.png


Template:ESW178NewsMatt Alderman

Paul Asadoorian's Content:

Paul Asadoorian-0.png


  1. BitDam Advanced Threat Protection solution now supports Microsoft Teams and Zoom - Help Net Security
  2. Ping Identity PingID multi-factor authentication now available in AWS Marketplace - Help Net Security
  3. CrowdStrike customers can now reduce endpoint attack surface with Automox through CrowdStrike Store - Help Net Security
  4. Simple Advanced Persistent Threat Emulation with BreakingPoint Attack Campaigns | Ixia
  5. 8,000 Unprotected Redis Instances Accessible From Internet | SecurityWeek.Com
  6. Recorded Future and ServiceNow: Empowering Security Teams With Real-Time Incident Detection
  7. Enabling Developers with a Self-Service Approach to Secrets Management | CyberArk
  8. AlgoSec has released the version A30.10
  9. Tufin Announces Free Firewall Change Tracker to Enhance Network Security and Connectivity for Remote Workforces
  10. Unisys Always-On Access Powered by Stealth Provides Fast, Encrypted Remote Access for Workers


Fullaudio - None

Description:

This week, we talk Enterprise News, to discuss how Ping Identity's PingID multi-factor authentication is now available in AWS Marketplace, 8,000 Unprotected Redis Instances Accessible From Internet, Tufin Announces Free Firewall Change Tracker to Enhance Network Security and Connectivity for Remote Workforces, Simple Advanced Persistent Threat Emulation with BreakingPoint Attack Campaigns from Ixia, and more! In our second segment, we welcome back Ferruh Mavituna, CEO and Founder of Netsparker, to talk about the Time to Measure Security Improvement in Application Security! In our final segment, we air a pre recorded interview from RSAC 2020 with Ed Bellis, Co-Founder and Chief Technology Officer at Kenna Security, discussing Moving Towards Modern Vulnerability Management!

To learn more about Netsparker, visit: https://securityweekly.com/netsparker Visit https://www.securityweekly.com/esw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly



Matt Alderman's Content:

MattAlderman-0.png


Template:ESW178FullaudioMatt Alderman

Paul Asadoorian's Content:

Paul Asadoorian-0.png


Template:ESW178FullaudioPaul Asadoorian


Interview: Moving Towards Modern Vulnerability Management - Ed Bellis - 6:00-6:45PM

Description:

What are the practical ways to get that time to value in app security? How can we utilize devs in the process without creating massive SAST integration projects and training them on false positives and complex challenges. So just fitting into their daily process, and only sending them actionable and real findings.

Guest: Bio:
Ed Bellis is Co-Founder and CTO at Kenna Security
Ed Bellis, Co-founder and CTO of Kenna Security Ed Bellis is a security industry veteran and expert and known in security circles as "the father of risk-based vulnerability management." He founded Kenna Security to deliver a data-driven risk-based approach to remediation and help IT teams prioritize and thwart would-be security threats. Ed is the former CISO of Orbitz and former Vice President, Corporate Information Security at Bank of America. He is an advisor to Dharma and former advisor to SecurityScoreboard.com and Society of Payment Security Professionals. Ed is a contributing author to the book, Beautiful Security (Oram, Andy & Viega, John, O'Reilly Media, 2009). He is a frequent speaker at industry conferences. Recent engagements include the 2017 Enterprise Security Summit (Dos and Don'ts of Establishing Metrics that Cultivate Real Security) and InfoSec World (Amateur Hour: Why APT's Are the Least of Your Worries).

Hosts

Matt Alderman - CEO at Security Weekly
Paul Asadoorian - Founder & CTO at Security Weekly

Interview: Time to Measure Security Improvement in AppSec - 6:00-6:45PM

Description:

What are the practical ways to get that time to value in app security? How can we utilize devs in the process without creating massive SAST integration projects and training them on false positives and complex challenges. So just fitting into their daily process, and only sending them actionable and real findings. To learn more about Netsparker, visit: https://securityweekly.com/netsparker

Guest: Bio:
Ferruh Mavituna is CEO at Netsparker
Founder of Netsparker Ltd, Product Manager of Netsparker, Web Application Security Scanner. Developed the first and only proof-based web security scanner with state of the art accurate vulnerability detection and exploitation features, today used by thousands of companies around the world. Changed the automated web application security space. Frequent speaker at several conferences about Web Application Security, released several research papers and tools. Coming from a developer background (C++, ASP, ASP.NET and PHP), working in the web application security area since 2002. Deep understanding of web application security in both sides, attacking and defending. Between 2002-2006 worked for Turkish Army and Police as well as several big clients as freelance contractor, in Turkey, USA, Canada and UK. Focused in these technical areas: Web Application Security Research, Automated Vulnerability Detection & Exploitation.

Hosts

Matt Alderman - CEO at Security Weekly
Paul Asadoorian - Founder & CTO at Security Weekly