ES Episode45

From Paul's Security Weekly
Jump to: navigation, search

Enterprise Security Weekly #45

Recorded on May 18,2017 at G-Unit Studios in Rhode Island

Episode Audio


  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • John Strand
    Security analyst, Founder of Black Hills Information Security, and CTO of Offensive Countermeasures.
  • Enterprise News

    1. Identropy and Exabeam Partner to Improve Cyber Security :: :: - Identropy, a leading security consulting firm that specializes in advisory, implementation, and managed services for identity and access management (IAM) solutions today announced a new partnership with Exabeam, the market leader in Security Intelligence solutions, to deliver disruptive identity and analytics-driven customer solutions. At a certain point, you should not need consulting to implement core security products, where that point is I have yet to determine.
    2. Cyber security professionals don't trust data from their tools - People are confused: 64 percent of threat alerts are not addressed each day. Also 79 percent of respondents say their patching approval process is significantly manual, yet when asked to rate the level of maturity of their vulnerability management programs, 87 percent say they have a 'very mature to moderately mature' patching process.
    3. BRIEF-SSH receives issue notification on US patent
    4. Razberi and Cylance OEM Partnership Will Bring AI-Powered Cybersecurity to Video Surveillance Systems - This is so interesting: CylancePROTECT will be integral to the new Razberi CameraDefense™ solution that, combined with Razberi's secure appliance architecture, provides comprehensive protection over the server, video management systems (VMS), and camera ecosystem. Like, we don't want to suck at security like all other camera systems, so we'll run Cylance...
    5. GrammaTech Announces Integration Between CodeSonar and Wind River Workbench Enhancing Productivity, Security and Safety for IoT devices - With this integration, software developers can annotate and resolve the software vulnerabilities that CodeSonar highlights without leaving the Wind River Workbench development environment, thereby significantly boosting productivity. Note it said boost productivity, not security. However, its going to have a field day...
    6. FirstWave partners with Fortinet - More of a note: FirstWave's multi-service, multi-cloud cloud security platform for telcos and service providers will be further enhanced with the integration of Fortinet's threat intelligence and advanced threat protection solutions.
    7. Major Update of Acunetix Online out now! - Nice feature: Business Criticality can now be assigned to Targets, enabling customers to immediately identify and address vulnerabilities on critical servers.
    8. 5 Pitfalls to Avoid During a CASB Evaluation - This is a good list, however it can apply to really any security technology evaluation, so check it out!
    9. CyberArk Acquires Conjur For $42M In Cash - We see IAM companies buying Devops companies. This helps organizations define roles for large groups of developers implementing Devops. This must be a gap because we've seen this type of M&A in the past.

    Security Vendor Response to Wanna.Cry Makes Me Want to Cry

    Guests: April Wright, and Matt Ploessel