ES Episode152

From Paul's Security Weekly
Jump to: navigation, search

Recorded September 4, 2019 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • John Strand
    Security analyst, Founder of Black Hills Information Security, and CTO of Offensive Countermeasures.
  • Matt Alderman
    CEO at Security Weekly, Strategic Advisor, and Wizard of Entrepreneurship
  • Annoucements:

    • Register for one of our upcoming webcasts with Bryce Shroeder and Barbara Kay of ServiceNow, Kevin O'Brien of GreatHorn, or Steve Laubenstein of Core Security (or all of them!) by going to securityweekly.com -> Click the webcast dropdown & Select Registration! If you have missed any of our previously recorded webcasts, you can find our on-demand library by selecting on-demand from the webcast drop down! If you attend any of our webcasts, you will receive 1 CPE credit per webcast!
    • We're currently running our annual Listener Feedback Survey! Please visit securityweekly.com -> click the survey tab & select "2019 Listener Survey" to submit your responses!
    • The new Security Weekly website is officially live! Visit securityweekly.com to check out all of our new sorting and filtering functionality! Please let us know if you find any issues or have any feedback by sending to website@securityweekly.net
    • Paul will be providing his insights & predictions in the information & cyber security space at a local (ISC)2 RI Chapter Meeting on Monday, November 18th @ Gregg's Restaurant in Providence. If you would like to join us, go to securityweekly.com/isc2ri


    Enterprise News

    1. Protecting Your Road Warriors from Cyber Hazards - While we have been specifically talking about your employees that travel, if your organization is like most, they do not comprise all, or even a majority of, your mobile workforce. Long commutes and regional personnel shortages, combined with advances in remote collaboration technologies, mean that mobile workers are becoming the norm. It is estimated that 70% of the global workforce works remotely at least once a week and 53% at least half of the week. By 2023, the global mobile workforce is expected to hit 1.88 billion. Okay, great, there are more mobile workers. However, how do enterprises test the security of mobile endpoints? In a phishing attack, for example, how do I know I am reaching workers who work remotely without extensive OSINT? And, once an attacker lands on a remote workers laptop, what can they do to move into the organization? Or do they need to? Does it come down to just protecting the identity and the credentials?
    2. A Privilege Escalation Vulnerability Existed In Check Point Software - How do we know our security software is also secure? According to the researchers, there existed a privilege escalation vulnerability in the software targeting the Check Point Endpoint Agent (CPDA.exe) and Check Point Device Auxiliary Framework (IDAFServerHostService.exe).
    3. Untangle Survey Finds SMBs Continue to Struggle with IT Security
    4. BeyondTrust Expands Privileged Access Management Cloud Leadership with Enhanced SaaS Solutions
    5. Tufin Delivers Enhanced Visibility & Topology Modeling for Cisco ACI Migration
    6. Device Authority enhances IoT security platform KeyScaler for Microsoft Azure IoT and announces HSM Access Controller - This is a great platform for IoT and addressed many of the issues we face with IoT security: Most recently Microsoft Azure IoT has been in the spotlight with more customers and partners requiring an end-to-end service offering to enhance and manage their security operations which help them to accelerate and leverage their investments in IoT implementations. KeyScaler reduces complexities and risk through automation for device registration, onboarding, provisioning and management of credentials for IoT devices that connect to Azure IoT Hub. These security enhancements prevent the cloning of devices connected to Azure, and also provides secure soft storage to protect keys.
    7. Unix at 50: How the OS that powered smartphones started from failure - Very cool article, in summary, hurray for open-source: The free distribution of Unix stopped in 1984, when the government broke up AT&T and an earlier settlement agreement that prohibited the company from profiting off many Bell Labs inventions expired. The Unix community had become accustomed to free software, however, so upon learning that AT&T would soon be charging for all copies of Unix and would prohibit alterations to the source code, Richard Stallman and others set about re-creating Unix using software that would be distributed to anyone free of charge—with no restrictions on modification. They called their project “GNU,” short for “GNU’s Not Unix.” In 1991, Linus Torvalds, a university student in Helsinki, Finland, used several of the GNU tools to write an operating system kernel that would run on PCs. And his software, eventually called Linux, became the basis of the Android operating system in 2004.
    8. Vulnerability Remediation Fight for the Users - This backs up the "App, User, Data" security model: Users often are a cause of frustration for us when it comes to security, so there’s a bit of a stigma that comes with supporting users. (ID10T!) Whether it’s in the form of a phishing victim, accidentally installed malware, configuration mistake, or some other user error, there’s only so much we as security professionals can do to lower the risk. For the things that are more outside of our influence, we try to correct behaviors with security awareness, secure code development, and internal social engineering training. However, if we can proactively help our users by taking steps to secure our back end systems that we do have control over, no matter how small the risk may seem, each “fix” will be another cumulative brick in our walls to help protect the environment.
    9. Pitfalls to Avoid in Ransomware Incident Response Plans | SecurityWeek.Com - I believe this is an important one to test: Assuming backups will eliminate the chance of having to pay a ransom to recover data.


    Black Hat Interviews: NSS Labs and SaltStack

    We interview Jason Brvenik, the Chief Executive Officer at NSS Labs.

    Segment Topic:
    Jason will cover The Importance of Independent, Third-Party Testing.

    • Why is independent testing important right now? What trends, challenges or changes do you see happening in the industry that make testing even more critical?
    • Tell us what’s different and unique about how NSS Labs approaches testing?
    • What are some of the most compelling insights that you’ve seen in the last 6 months from your independent tests? What implications do these findings have for the industry and for enterprises?
    • What are some examples you can cite of ways enterprises used independent testing results to improve their defenses?
    • How do you see testing evolving? What does the future for security product testing look?




    We interview Mehul Revankar, the Senior Product Manager at SaltStack.

    Segment Topic:
    SaltStack SecOps is a new product targeting the intersection between security and IT operations. At Black Hat, we'll be announcing support for patch and vulnerability management. The focus will be on the evolution of SecOps both as a product and a role within companies, people who are underwater trying to keep their infrastructure compliance, secure, etc.

    Black Hat Interviews: Attivo Networks and Infoblox

    We interview Carolyn Crandall, the Chief Deception Officer at Attivo Networks.

    Segment Topic:
    Who let the wolves out? Attivo did. Specifically, with its deception technology fabric, which interweaves “wolves in sheep’s clothing” throughout the network to deceive attackers, detect their presence, and derail their attacks. Complemented with attractive bait designed to lure in its adversary, every attack surface becomes a virtual minefield. The company's latest innovations were announced at Black Hat, adding the ability to secure Active Directory and make every endpoint a decoy. Now, regardless of the method used to advance attacks on compromised endpoints, attackers will not be able to move without being detected. This session will touch on the announcements, market and company momentum.



    We interview Krupa Srivatsan, the Director of Security Products at Infoblox.

    Segment Topic:
    Network Security Foundations for Digital Transformation. For many years Enterprise defenders have been reactive and acquiring point solutions to address whatever the threat du jour is. The result for most organizations is an incoherent aggregation of tools that don’t integrate, creating these islands of security. There is no solid underlying foundation that can integrate these disparate tools. that could allow more automated and effective defense. As organizations shift more workloads to the cloud and SaaS services the attack surface is going to get exponentially larger, the scale requirements will become even more daunting so the need for a solid architectural foundation will become even more critical. So what can we do about this? How can we deliver organizations the foundation they need for complete visibility in order to identify and protect all their assets, users, and applications.