Recorded August 28, 2019 at G-Unit Studios in Rhode Island!
- Register for one of our upcoming webcasts with Bryce Shroeder and Barbara Kay of ServiceNow, Kevin O'Brien of GreatHorn, or Steve Laubenstein of Core Security (or all of them!) by going to securityweekly.com -> Click the webcast dropdown & Select Registration! If you have missed any of our previously recorded webcasts, you can find our on-demand library by selecting on-demand from the webcast drop down! If you attend any of our webcasts, you will receive 1 CPE credit per webcast!
- We're currently running our annual Listener Feedback Survey! Please visit securityweekly.com -> click the survey tab & select "2019 Listener Survey" to submit your responses!
- The new Security Weekly website is officially live! Visit securityweekly.com to check out all of our new sorting and filtering functionality! Please let us know if you find any issues or have any feedback by sending to email@example.com
- Paul will be providing his insights & predictions in the information & cyber security space at a local (ISC)2 RI Chapter Meeting on Monday, November 18th @ Gregg's Restaurant in Providence. If you would like to join us, go to securityweekly.com/isc2ri
- Veristor and Synack Partner to Apply Ethical Hackers and AI Technology to Deliver Crowdsourced Security Vulnerability Identification
- Five Tips On How Testers Can Collaborate With Software Developers - Threat Stack
- According to Gurucul Survey One in Four Workers Would Steal Company Information to Secure Job at Competing Firm
- Imperva discloses data breach affecting some firewall users
- Supplement traceroute with path discovery for easier troubleshooting | Ixia
- Key Takeaways from Blackhat and Def Con 2019
- A steadfast VMware bear says that the $4.8 billion its spending on big acquisitions doesnt change its stagnating growth: We still have concerns (VMW, DELL)
- Cofense procures additional funding from BlackRock - PE Hub
- API security-Ways to authenticate and authorize | Ilantus
- VMware Unveils Security Enhancements in Virtual Cloud Network Offering | SecurityWeek.Com
Black Hat Interviews: AttackIQ, BlueHexagon, and Coalfire
We interview Chris Kennedy, the CISO & VP and Customer Success at AttackIQ.
While MITRE ATT&CK framework is relatively new to security, it’s already proving to be incredibly valuable and its influence and importance is rapidly growing. MITRE’s work allows us to see what techniques can be invoked post breach--how did the adversary get in and what malicious activity are they doing once they are in there? The work MITRE has done around APTs assists security professionals in selecting security technologies that are effective in defending against an ever expanding, crowd sourced collection of known threats. In turn, our industry, continuous security validation, has been affected by the MITRE ATT&CK framework. We can now execute tests to validate that an organization’s security controls are 100% effective all the time.
We interview Balaji Prasad, the VP of Product Management at BlueHexagon.
Blue Hexagon harnesses deep learning to detect known and unknown threats in both payloads and headers, in less than a second, at greater than 99.5% efficacy. Our threat detection platform can be flexibly deployed where your critical business traffic needs to be inspected-- at the network perimeter and for AWS cloud workloads. At Black Hat, we're also extending our deep learning-powered threat detection to inspect encrypted traffic.
We interview Mike Weber, the VP of Product Management at Coalfire.
Coalfire Labs' R&D team and recent projects in IoT, hypervisor vulnerabilities, and covert command and control channels.
Black Hat Interviews: Respond Software, Morphisec, and Sophos
We interview Brett Wahlin, the VP of Security & Trust at Respond Software.
Known as the “turn around” CISO, Brett Whalin built his career fixing large-scale security programs for some of the most prominent companies in the world, including Sony, HP, and Staples. Brett joined Sony Entertainment after its high-profile PlayStation Network breach and thus started his journey to fundamentally change the way security organizations operate. During this interview, Brett will share his journey to re-imagine the security organization with an innovative SecOps program that laid the foundation for a complete transformation. Brett will share his strategic vision and the important lessons he’s learned along the way.
We interview Andrew Homer, the VP of Business Development at Morphisec.
Enterprises migrating to—or already on—Win10 have the ideal opportunity to maximize their security profile while simplifying operations, without additional cost or complexity. Leading-edge technology allows users to fully leverage the integrated Win10 security tools providing a critical prevention layer against advanced in-memory attacks, exploits, fileless attacks, zero-days and evasive malware.
We interview Mat Gangwer, the Director of Managed Threat Response at Sophos.
There are so many misconceptions about threat hunting. Misdirection and misunderstanding are lulling people into a false sense of security and leaving businesses exposed.
- Misconception #1: The most disingenuous misconception is that threat hunting can be automated.
- Truth: A machine can’t make the intelligent decision that something is good or bad. There’s a lot of things that happen in the gray area that easy for a model, machine learning or artificial intelligence to say this is good or this is bad – it takes a human to go in and understand the framework. Threat hunting requires human expertise.
- Misconception #2: By having endpoint detection and response (EDR) you’re doing threat hunting.
- Truth: EDR is an essential tool in a threat hunter’s arsenal but having only EDR gives you only part of the story.
- Misconception #3: You can add data into a SIEM and start threat hunting.
- Truth: The data is just the beginning of the hunt. One of the reasons threat hunting is unproductive is because of poor data quality. Good quality data allows you to more quickly and accurately identify complex threats.