ES Episode119

From Paul's Security Weekly
Jump to: navigation, search

Recorded December 12, 2018 at G-Unit Studios in Rhode Island!


  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • John Strand
    Security analyst, Founder of Black Hills Information Security, and CTO of Offensive Countermeasures.
  • Annoucements:

    • If you are interested in quality over quantity and having meaningful conversations instead of just a badge scan, join us April 1-3, at Disney's Contemporary Resort for InfoSec World 2019 where you can connect and network with like-minded individuals in search of actionable information. Use the registration code OS19-SECWEEK for 15% off the Main Conference or World Pass.

    Interview: John Bradshaw, Acalvio

    John Bradshaw
    is the Sr. Director, Solutions Engineer at Acalvio Technologies.
    John Bradshaw, Sr. Director, Solutions Engineering at Acalvio Technologies, has more than 25 years of experience in the Cyber Security industry focusing on advanced, targeted threats. He held senior leadership roles at Mandiant, ArcSight, Internet Security Systems, Lastline, and UUNET. John holds an MS in Network Security from Capitol College and a BA in Business Administration from Averett University. He is a huge fan of Marvel Comics, Star Trek, tasting new wines and watching the Baltimore Ravens blow their playoff chances.


    Enterprise News

    1. How can businesses get the most out of pentesting? - The basic list.
      1. I did a briefing with XM Cyber
    2. Venafi Secures $100M Financing Round Led by TCV
    3. WhiteFox Defense lands $12 million as the demand for drone defense technologies intensifies - We covered a cool story on Hack Naked News about drones and their use to drop off contraband in prisons.
    4. Pindrop raises $90 million for biometric voice authentication
    5. Minerva Labs Anti-Evasion Platform Achieves VMware Ready Status | PR Newswire
    6. SecurityScorecard Announces Partnership with Cybernance to Drive Holistic View of Cyber Risk Across the Enterprise - The SecurityScorecard integration enables Cybernance customers to: Assess Vendor Cybersecurity Posture: View the overall grade and the 10 factor grades of data that comprise a vendor's SecurityScorecard rating along with the number of findings associated with each factor. Prioritize Vendors for Review: Use SecurityScorecard ratings to determine which vendors to prioritize for deeper reviews based on their cybersecurity risk posture. Validate Assessments: Validate or invalidate assessment responses from vendors by leveraging data from SecurityScorecard.
    7. NopSec announces the latest release of its flagship product, Unified VRM | PR Newswire - However, most sources for security data - the US national vulnerability database (NVD), threat intelligence, exploit databases - can be flawed or contain incorrect or irrelevant data, which may lead to inaccurate prioritization decisions. NopSec researchers and data scientists are continuously working together to validate this data and efficacy of the models. Furthermore, Unified VRM's attack simulation capabilities provide the ability to automatically validate vulnerabilities and filter out false positives.
    8. High profile incidents and new technologies drive cybersecurity M&A to record highs - Help Net Security - Interested to also see how this compares to new startups that are getting funding, for every one that gets acquired, a few more spring up as startups in the same space.
    9. Rapid7 Cyber-Exposure Report: Fortune 500 - Some Key findings include: Fortune 500-member organisations, on average, expose a public attack surface of 500 servers/devices, with many companies exposing 2,500 or more systems/devices. Of the appraised Fortune 500 organisations, 330 have weak or non-existent anti-phishing defences (i.e., DMARC) in the public email configuration of their primary email domains. Report is here and does not require registration to download/view. Also, we interviewed Tod Beardsley on Paul's Security Weekly about SONAR and Heisenberg.
    10. Bitdefender Top 10 Cybersecurity Predictions for 2019 - Security Boulevard
    11. Netwrix announces top seven IT security trends for 2019
    12. Claroty Announces Major Enhancements to Market-Leading Industrial Cybersecurity Platform
    13. New cyber security division for independent software testing company - Software Testing News
    14. Sophos Central Integrates Firewall Management to Improve Security