ES Episode44

From Paul's Security Weekly
Jump to: navigation, search

Enterprise Security Weekly #44

Recorded on May 11, 2017 at G-Unit Studios

Episode Audio

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Doug White
    Cybersecurity professor, President of Secure Technology, and Security Weekly network host.
  • Enterprise News

    1. VMware falls out with Tanium Channel EYE - Really sad what is happening over at Tanium. At one time everyone was excited about their technology. A few publicity blunders, and now they are cutting ties with VMware (who was once rumored to purchase Tanium). Could be VMware getting out of the endpoint market, though the "divorce" was mutual according to sources.
    2. Cisco Cloudlock Releases Apps Firewall for Microsoft Azure AD - Azure AD is a beast, expect more stories like this: Cisco Cloudlock enables security analysts to gain visibility into and control over the riskiest Shadow IT in the form of these user-enabled cloud applications connected to Google G Suite and Microsoft Azure Active Directory.
    3. CIO Corner: War on Legacy IT - I get this: The perception of cloud as categorically insecure relative to on-premises software has not stood the test of time; 62.9 percent of IT professionals now believe the public cloud is more secure than or equally secure as their own datacenters. You will still have desktops though, always will we have desktops?
    4. PowerBroker Auditing & Security Suite 5.3: Enhanced Alerting and Auditing - BeyondTrust - Nice post, has examples and clearly explains the new features. More of this please. Also, this stuff is important, especially if its helping you get a handle on your AD environment. Turns out auditing is useful for finding hackers too...
    5. Security alert management: Simplified with Automation - Its still about people, process and technology. Security automation and orchestration is getting more attention lately, and for good reason: The stuff we have gives us too much information and we can't make sense of it. However, you can't just go out and buy the components (such as a SEIM, firewall and endpoint protection) and log them to a dashboard and claim "We are secure!". So much more goes into your security program...
    6. Signal Sciences Debuts Industry-First Web Protection Platform - Yes, they are a sponsor. And yea, their technology is awesome, so congrats on the series B!
    7. Invincea Machine Learning | Invincea - Holy marketing Batman. But you failed to answer the question: What exactly makes your machine learning better than anyone else's machine learning? I didn't get that from the document. It does matter that you've been 3rd party tested, have data scientists, "DARPA technology" or they you are fast. What matters is that you can actually stop threats without impacting the environment...

    Interview: Ryan Hays, TBG Security

    Ryan Hays of :TBG Security[1]

    Ryan Hays is the Director of Security Engineering at TBG Security. With 15 years of experience in the IT field, he has worked in a variety of capacities, currently specializing in offensive security and threat emulation techniques. During his career, Ryan has worked with a multitude of Fortune 500 and 1000 companies, along with various U.S. Government Intelligence agencies. Ryan takes pride in giving back to the infosec community by presenting at multiple conferences as well as providing training and mentorship to people across the globe.

    Topic: Weaponizing Splunk: Using Blue Teams for Evil

    Reference: http://www.irongeek.com/i.php?page=videos/bsidescharm2017/bsidescharm-2017-t201-weaponizing-splunk-using-blue-teams-for-evil-ryan-hays