ES Episode46

From Paul's Security Weekly
Jump to: navigation, search

Enterprise Security Weekly

Recorded on May 25, 2017 at G-Unit Studios in Rhode Island

Episode Audio

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • John Strand
    Security analyst, Founder of Black Hills Information Security, and CTO of Offensive Countermeasures.
  • Enterprise News

    1. Thwart Insider Threats with Machine Learning - I have to say, at a high level, they got it right. They show an example of using machine learning to detect insider threats. However, the first step is to establish a baseline, and I believe this is where the modeling falls down. Its so hard to create a baseline in today's environments, which is why detection based on logging is hard. Did the admin make an upgrade that changes the behavior of the applications and systems or did the user do something different?
    2. Buy vs. Build: Tales from the Trenches - Its a question I deal with all the time: was forced to build what’s currently known as a threat intelligence platform (TIP) – to manage indicators, adversary profiles, spearphish trends, and team commentary/annotations. Do you buy or build this solution?
    3. Network Performance: End-User Experience Matters Everywhere! - Interesting: GSX is the only solution that provides Robot Users to test network performance in real-time, and from multiple locations. When network issues are detected, IT administrators are notified before the issue reaches users. This allows administrators to troubleshoot the network and fix potential outages. I think we will see more of this, and more security related tools such as this. Its very similar, as small changes can have HUGE impacts on 1) performance and 2) security.
    4. AlienVault Added to Ingram Micros Security Portfolio - Under the new distribution agreement, Ingram Micro’s network of channel partners gain access to AlienVault’s Unified Security Management (USM) platform. AlienVault said it chose Ingram Micro for its market reach and expertise in security and cloud.
    5. Are You Seeing This? Uncovering Encrypted Threats - Given organizations’ growing trend toward HTTPS and its use by hackers to steal information, it makes sense to have a security solution in place that can decrypt and scan SSL/TLS-encrypted traffic for threats. Does it though? What is the real value of decrypting SSL? If I'm an attacker, why would I not encrypt the data with my own methods and keys? Is that in itself an anomaly? I just don't get all the effort put into decrypting traffic for inspection, worth the effort?
    6. Bitdefender reveals Hypervisor Introspection - adds a new security layer to the data centre, providing an agentless solution for memory introspection around the Citrix XenServer. With those added visibility capabilities, the company said the solution could identify and isolate attacks at the hypervisor level. Interesting, devil is the details, I would hope the big players already have a custom solution for this.
    7. NopSec Unveils the World's First Automated Security Controls Measurement and Risk Remediation Solution :: ITbriefing.net :: - today releases E3 Engine, the only validated security analysis technology that enables governments, enterprises, and mid-size organizations to evaluate its unique threat data, actively explore and assess the effectiveness of its mitigating controls, and enrich its remediation prioritization information. I still need more information...
    8. Are Too Many SIEM Alerts Overwhelming Your Staff? Use SAO. - Organizations need to be able to quickly and easily investigate all of their SIEM alerts and maintain a clear understanding of the state of security within their organization. Really? They claim: Swimlane Enables: Optimized threat response – prioritize alerts and standardize workflows Real-time oversight – generate reports and use threat response KPIs to understand current capabilities and determine future security needs Improved staff utilization – better utilize staff expertise and reduce turnover Reduced mean time to resolution – respond to more alerts in the same amount of time Contextual incident response – leverage a single stream of management to analyze and resolve security alerts
    9. Available Tools Making Dent in WannaCry Encryption - While these are free one-off tools, which tools worked the best against the new strains of ransomware?

    Interview: Atif Ghauri, Herjavec Group

    Atif Ghauri of Herjavec Group [1]

    Atif Ghauri is the CTO for Herjavec Group in the USA and is primarily responsible for developing strategic relationships to further our managed services practice. Atif has over 15 years of experience in technology strategy, implementation and business development from Comcast, IBM and Unisys. Prior to Herjavec Group, he spent four years at Comcast serving as the CISO for the advanced engineering group. He led all product and operational security work streams to launch next generation X1 Platform and Xfinity Home Security product and services. At Comcast, Atif invented and deployed a patent pending fraud detection technology operational on over one million customer devices. Atif earned his undergraduate degree with honors from the Schreyer Honors College at Penn State University, and holds Master of Technology Management from the University of Pennsylvania.

    • How did you get your start in information security?
    • Why should people be implementing and using IAM/PIM?
    • What are the major pitfalls of IAM/PIM?
    • SEIM is a long-standing security technology, how do you overcome the challenges?
    • How has the SEIM space diversified, we have EUBA and other areas?
    • Who can provide us with the best central management/analysis console for SEIM, endpoint and network IoCs?