ES Episode130

From Paul's Security Weekly
Jump to: navigation, search

Recorded March 20, 2019 at G-Unit Studios in Rhode Island!

Episode Audio


  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • John Strand
    Security analyst, Founder of Black Hills Information Security, and CTO of Offensive Countermeasures.
  • Annoucements:

    • Join us April 1-3, at Disney's Contemporary Resort for InfoSec World 2019 where you can connect and network with like-minded individuals in search of actionable information. Visit and use the registration code OS19-SECWEEK for 15% off the Main Conference or World Pass. If you are interested in booking an interview or briefing with Security Weekly, please go to to submit your request!

    • Register for our upcoming webcasts with LogRhythm and Recorded Future by going to . If you have missed any of our previously recorded webcasts, you can find them at

    • SecureWorld Boston is hosting their 15th annual conference March 27-28 @ the Hynes Convention Center. Security Weekly Listeners save $100 off a full conference pass by visiting and using the code 'SecurityWeekly'.

    • We just released our 2019 Security Weekly 25 Index Survey. Please go to and click the Survey link to help us understand who's evaluating, using, or formerly used any of the Security Weekly 25 companies. The results will be summarized and presented back to all responders in a private webcast.

    Enterprise News

    1. StackPath Releases New Edge Computing VMs - Today’s release introduces seven VM sizes spanning a range of CPU and RAM combinations, each with 25GB of SSD-based persistent storage. Like StackPath Edge Computing Containers, StackPath Edge Computing VMs feature: Streamlined setup Customers simply select the type, size, number, and location of instances, via CLI or the StackPath customer Global deployment Instances are instantly deployed in all selected locations. Anycast IP space Customers can also choose to allocate an Anycast IP address to the instances to load balance and route traffic down the shortest path to end users.
    2. ExtraHop Hires Former Tenable and HPE Leaders to Support Growth in Cybersecurity and Bolster Customer Success
    3. Security professionals want to return fire Venafi - 72% believe nation-states should have the right to “hack back” by targeting cybercriminals who level attacks on their infrastructure. 58% believe private organisations have the right to “hack back.”
    4. BitSight Unveils Faster, More Efficient Way for Insurers to Evaluate Cyber Risk - BitSight announced the availability of a new capability for insurers that delivers accurate, trusted security performance information on millions of small- and medium-sized insurance applicants in just seconds, enabling underwriters to rapidly evaluate and price cyber risk for the growing SMB market. This new rapid underwriting assessment leverages BitSight’s market-leading security ratings platform and provides the most comprehensive, trustworthy security performance information available in the marketplace today.
    5. Dragos acquires NexDefense, provides free asset identification tools - Help Net Security - As part of this announcement, the company also introduced today Dragos Community Tools, a set of free assessment tools to help organizations of all sizes around the globe forge the path forward towards comprehensive ICS security. NexDefense further developed and sold Integrity, a tool originally funded by the United States Department of Energy and developed as “Sophia” at Idaho National Laboratory (INL). NexDefense was one of the earliest and most well-known ICS security companies in the space.
    6. 42Crunch unveils new platform to discover API vulnerabilities and protect them from attacks - Help Net Security - 42Crunch, the leading API security company, officially announced the release of the 42Crunch API Platform, the world’s first API security cloud platform to discover vulnerabilities in APIs and protect them from attack. The 42Crunch Platform can protect SaaS, Web, or IoT APIs, as well as microservices. This follows the launch of the free API Contract Security Audit tool at earlier this month. The tool helps API developers improve their API definitions that follow the OpenAPI Specification into proper API contracts. Now, with this latest release, customers have access to the full 42Crunch Platform.

    RSAC 2019 Interviews

    Paul Asadoorian and Matt Alderman recorded interviews with the following vendors at RSA Conference 2019: