ES Episode151

From Paul's Security Weekly
Jump to: navigation, search

Recorded August 28, 2019 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Matt Alderman
    CEO at Security Weekly, Strategic Advisor, and Wizard of Entrepreneurship
  • Annoucements:

    • Register for one of our upcoming webcasts with Bryce Shroeder and Barbara Kay of ServiceNow, Kevin O'Brien of GreatHorn, or Steve Laubenstein of Core Security (or all of them!) by going to securityweekly.com -> Click the webcast dropdown & Select Registration! If you have missed any of our previously recorded webcasts, you can find our on-demand library by selecting on-demand from the webcast drop down! If you attend any of our webcasts, you will receive 1 CPE credit per webcast!
    • We're currently running our annual Listener Feedback Survey! Please visit securityweekly.com -> click the survey tab & select "2019 Listener Survey" to submit your responses!
    • The new Security Weekly website is officially live! Visit securityweekly.com to check out all of our new sorting and filtering functionality! Please let us know if you find any issues or have any feedback by sending to website@securityweekly.net
    • Paul will be providing his insights & predictions in the information & cyber security space at a local (ISC)2 RI Chapter Meeting on Monday, November 18th @ Gregg's Restaurant in Providence. If you would like to join us, go to securityweekly.com/isc2ri


    Enterprise News

    1. Veristor and Synack Partner to Apply Ethical Hackers and AI Technology to Deliver Crowdsourced Security Vulnerability Identification
    2. Five Tips On How Testers Can Collaborate With Software Developers - Threat Stack
    3. According to Gurucul Survey One in Four Workers Would Steal Company Information to Secure Job at Competing Firm
    4. Imperva discloses data breach affecting some firewall users
    5. Supplement traceroute with path discovery for easier troubleshooting | Ixia
    6. Key Takeaways from Blackhat and Def Con 2019
    7. A steadfast VMware bear says that the $4.8 billion its spending on big acquisitions doesnt change its stagnating growth: We still have concerns (VMW, DELL)
    8. Cofense procures additional funding from BlackRock - PE Hub
    9. API security-Ways to authenticate and authorize | Ilantus
    10. VMware Unveils Security Enhancements in Virtual Cloud Network Offering | SecurityWeek.Com


    Black Hat Interviews: AttackIQ, BlueHexagon, and Coalfire

    We interview Chris Kennedy, the CISO & VP and Customer Success at AttackIQ.

    Segment Topic:
    While MITRE ATT&CK framework is relatively new to security, it’s already proving to be incredibly valuable and its influence and importance is rapidly growing. MITRE’s work allows us to see what techniques can be invoked post breach--how did the adversary get in and what malicious activity are they doing once they are in there? The work MITRE has done around APTs assists security professionals in selecting security technologies that are effective in defending against an ever expanding, crowd sourced collection of known threats. In turn, our industry, continuous security validation, has been affected by the MITRE ATT&CK framework. We can now execute tests to validate that an organization’s security controls are 100% effective all the time.



    We interview Balaji Prasad, the VP of Product Management at BlueHexagon.

    Segment Topic:
    Blue Hexagon harnesses deep learning to detect known and unknown threats in both payloads and headers, in less than a second, at greater than 99.5% efficacy. Our threat detection platform can be flexibly deployed where your critical business traffic needs to be inspected-- at the network perimeter and for AWS cloud workloads. At Black Hat, we're also extending our deep learning-powered threat detection to inspect encrypted traffic.



    We interview Mike Weber, the VP of Product Management at Coalfire.

    Segment Topic:
    Coalfire Labs' R&D team and recent projects in IoT, hypervisor vulnerabilities, and covert command and control channels.



    Black Hat Interviews: Respond Software, Morphisec, and Sophos

    We interview Brett Wahlin, the VP of Security & Trust at Respond Software.

    Segment Topic:
    Known as the “turn around” CISO, Brett Whalin built his career fixing large-scale security programs for some of the most prominent companies in the world, including Sony, HP, and Staples. Brett joined Sony Entertainment after its high-profile PlayStation Network breach and thus started his journey to fundamentally change the way security organizations operate. During this interview, Brett will share his journey to re-imagine the security organization with an innovative SecOps program that laid the foundation for a complete transformation. Brett will share his strategic vision and the important lessons he’s learned along the way.



    We interview Andrew Homer, the VP of Business Development at Morphisec.

    Segment Topic:
    Enterprises migrating to—or already on—Win10 have the ideal opportunity to maximize their security profile while simplifying operations, without additional cost or complexity. Leading-edge technology allows users to fully leverage the integrated Win10 security tools providing a critical prevention layer against advanced in-memory attacks, exploits, fileless attacks, zero-days and evasive malware.



    We interview Mat Gangwer, the Director of Managed Threat Response at Sophos.

    Segment Topic:
    There are so many misconceptions about threat hunting. Misdirection and misunderstanding are lulling people into a false sense of security and leaving businesses exposed.

    • Misconception #1: The most disingenuous misconception is that threat hunting can be automated.

    - Truth: A machine can’t make the intelligent decision that something is good or bad. There’s a lot of things that happen in the gray area that easy for a model, machine learning or artificial intelligence to say this is good or this is bad – it takes a human to go in and understand the framework. Threat hunting requires human expertise.

    • Misconception #2: By having endpoint detection and response (EDR) you’re doing threat hunting.

    - Truth: EDR is an essential tool in a threat hunter’s arsenal but having only EDR gives you only part of the story.

    • Misconception #3: You can add data into a SIEM and start threat hunting.

    - Truth: The data is just the beginning of the hunt. One of the reasons threat hunting is unproductive is because of poor data quality. Good quality data allows you to more quickly and accurately identify complex threats.