ES Episode152

From Paul's Security Weekly
Jump to: navigation, search

Recorded September 4, 2019 at G-Unit Studios in Rhode Island!

Episode Audio


  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • John Strand
    Security analyst, Founder of Black Hills Information Security, and CTO of Offensive Countermeasures.
  • Matt Alderman
    CEO at Security Weekly, Strategic Advisor, and Wizard of Entrepreneurship
  • Annoucements:

    • We have exciting news about the Security Weekly webcast program: We are now partnered with (ISC)2 as an official CPE provider! If you attend any of our webcasts, you will be receiving 1 CPE credit per webcast! Register for one of our upcoming webcast with Stephen Smith and Jeff Braucher of LogRhythm by going to If you have missed any of our previously recorded webcasts, you can find our on-demand library at

    • So many of the big East Coast cybersecurity tradeshows take place in crowded cities like Boston and New York, where parking is a nightmare and will cost you an arm and a leg. However, this year's Compass Cybersecurity Symposium is being held at Twin River Casino in Lincoln, RI, just 15 minutes outside of Providence! The venue has plenty of free and easy parking. Speakers include social engineering expert Chris Hadnagy and Security Weekly podcast founder Paul Asadoorian. Use the discount code "SW2019" to save $20 on registration!

    • Security Weekly will be at Hacker Halted in Atlanta, GA this October 10th-11th! EC-Council is offering our listeners a $100 discount to attend the two day conference. Use discount code HH19SW when you register or go to and register there! Make sure you checkout the keynote (Paul Asadoorian) and Mr. Jeff Man's talk as well!

    • We need your help in a survey we are running for research purposes for an upcoming webcast. How mature is your process automation for your various security capabilities? Please visit to submit your responses to our 5 Stages of Automation Maturity Survey! We'll share the results in a webcast in November!

    Enterprise News

    1. Protecting Your Road Warriors from Cyber Hazards - While we have been specifically talking about your employees that travel, if your organization is like most, they do not comprise all, or even a majority of, your mobile workforce. Long commutes and regional personnel shortages, combined with advances in remote collaboration technologies, mean that mobile workers are becoming the norm. It is estimated that 70% of the global workforce works remotely at least once a week and 53% at least half of the week. By 2023, the global mobile workforce is expected to hit 1.88 billion. Okay, great, there are more mobile workers. However, how do enterprises test the security of mobile endpoints? In a phishing attack, for example, how do I know I am reaching workers who work remotely without extensive OSINT? And, once an attacker lands on a remote workers laptop, what can they do to move into the organization? Or do they need to? Does it come down to just protecting the identity and the credentials?
    2. A Privilege Escalation Vulnerability Existed In Check Point Software - How do we know our security software is also secure? According to the researchers, there existed a privilege escalation vulnerability in the software targeting the Check Point Endpoint Agent (CPDA.exe) and Check Point Device Auxiliary Framework (IDAFServerHostService.exe).
    3. Untangle Survey Finds SMBs Continue to Struggle with IT Security
    4. BeyondTrust Expands Privileged Access Management Cloud Leadership with Enhanced SaaS Solutions
    5. Tufin Delivers Enhanced Visibility & Topology Modeling for Cisco ACI Migration
    6. Device Authority enhances IoT security platform KeyScaler for Microsoft Azure IoT and announces HSM Access Controller - This is a great platform for IoT and addressed many of the issues we face with IoT security: Most recently Microsoft Azure IoT has been in the spotlight with more customers and partners requiring an end-to-end service offering to enhance and manage their security operations which help them to accelerate and leverage their investments in IoT implementations. KeyScaler reduces complexities and risk through automation for device registration, onboarding, provisioning and management of credentials for IoT devices that connect to Azure IoT Hub. These security enhancements prevent the cloning of devices connected to Azure, and also provides secure soft storage to protect keys.
    7. Unix at 50: How the OS that powered smartphones started from failure - Very cool article, in summary, hurray for open-source: The free distribution of Unix stopped in 1984, when the government broke up AT&T and an earlier settlement agreement that prohibited the company from profiting off many Bell Labs inventions expired. The Unix community had become accustomed to free software, however, so upon learning that AT&T would soon be charging for all copies of Unix and would prohibit alterations to the source code, Richard Stallman and others set about re-creating Unix using software that would be distributed to anyone free of charge—with no restrictions on modification. They called their project “GNU,” short for “GNU’s Not Unix.” In 1991, Linus Torvalds, a university student in Helsinki, Finland, used several of the GNU tools to write an operating system kernel that would run on PCs. And his software, eventually called Linux, became the basis of the Android operating system in 2004.
    8. Vulnerability Remediation Fight for the Users - This backs up the "App, User, Data" security model: Users often are a cause of frustration for us when it comes to security, so there’s a bit of a stigma that comes with supporting users. (ID10T!) Whether it’s in the form of a phishing victim, accidentally installed malware, configuration mistake, or some other user error, there’s only so much we as security professionals can do to lower the risk. For the things that are more outside of our influence, we try to correct behaviors with security awareness, secure code development, and internal social engineering training. However, if we can proactively help our users by taking steps to secure our back end systems that we do have control over, no matter how small the risk may seem, each “fix” will be another cumulative brick in our walls to help protect the environment.
    9. Pitfalls to Avoid in Ransomware Incident Response Plans | SecurityWeek.Com - I believe this is an important one to test: Assuming backups will eliminate the chance of having to pay a ransom to recover data.

    Black Hat Interviews: NSS Labs and SaltStack

    We interview Jason Brvenik, the Chief Executive Officer at NSS Labs.

    Segment Topic:
    Jason will cover The Importance of Independent, Third-Party Testing.

    • Why is independent testing important right now? What trends, challenges or changes do you see happening in the industry that make testing even more critical?
    • Tell us what’s different and unique about how NSS Labs approaches testing?
    • What are some of the most compelling insights that you’ve seen in the last 6 months from your independent tests? What implications do these findings have for the industry and for enterprises?
    • What are some examples you can cite of ways enterprises used independent testing results to improve their defenses?
    • How do you see testing evolving? What does the future for security product testing look?

    We interview Mehul Revankar, the Senior Product Manager at SaltStack.

    Segment Topic:
    SaltStack SecOps is a new product targeting the intersection between security and IT operations. At Black Hat, we'll be announcing support for patch and vulnerability management. The focus will be on the evolution of SecOps both as a product and a role within companies, people who are underwater trying to keep their infrastructure compliance, secure, etc.

    Black Hat Interviews: Attivo Networks and Infoblox

    We interview Carolyn Crandall, the Chief Deception Officer at Attivo Networks.

    Segment Topic:
    Who let the wolves out? Attivo did. Specifically, with its deception technology fabric, which interweaves “wolves in sheep’s clothing” throughout the network to deceive attackers, detect their presence, and derail their attacks. Complemented with attractive bait designed to lure in its adversary, every attack surface becomes a virtual minefield. The company's latest innovations were announced at Black Hat, adding the ability to secure Active Directory and make every endpoint a decoy. Now, regardless of the method used to advance attacks on compromised endpoints, attackers will not be able to move without being detected. This session will touch on the announcements, market and company momentum.

    We interview Krupa Srivatsan, the Director of Security Products at Infoblox.

    Segment Topic:
    Network Security Foundations for Digital Transformation. For many years Enterprise defenders have been reactive and acquiring point solutions to address whatever the threat du jour is. The result for most organizations is an incoherent aggregation of tools that don’t integrate, creating these islands of security. There is no solid underlying foundation that can integrate these disparate tools. that could allow more automated and effective defense. As organizations shift more workloads to the cloud and SaaS services the attack surface is going to get exponentially larger, the scale requirements will become even more daunting so the need for a solid architectural foundation will become even more critical. So what can we do about this? How can we deliver organizations the foundation they need for complete visibility in order to identify and protect all their assets, users, and applications.