ES Episode49

From Paul's Security Weekly
Jump to: navigation, search

Enterprise Security Weekly #49

Recorded on June 15, 2017 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • John Strand
    Security analyst, Founder of Black Hills Information Security, and CTO of Offensive Countermeasures.
  • Enterprise News


    1. Carbon Black’s Cb Response 6.1 Scales to the Largest of Enterprises, Empowers SOCs and IR Teams to Gain Complete Endpoint Visibility and Conclusive Root Cause Within Minutes - This release is all about speed and scale: Quick and agile search features via the Process-Timeline View enable investigators to zoom in on specific timeframes via click-and-drag functions to proactively hunt threats and then shut them down using Live Response.Faster connections to Cb Live Response and Endpoint Isolation lead to earlier root-cause discovery and threat containment as security teams focus on the information most relevant to the organization.Simplified and powerful visual querying allows for faster search, helping investigators quickly construct a complete picture of the attack.Enhanced curation capabilities for watchlists help teams quickly flag the most sophisticated attacks.
    2. 14 Questions to Ask Yourself Before Committing to a Cybersecurity Vendor - The ones I really like: Does your organization have a dedicated security team? How knowledgeable and experienced are your resources? How experienced does a person need to be in order to run this product? How will this product help you differentiate between day-to-day activity and actual problems?
    3. Supercharged Application Resilience: Improve Performance with Application Security Monitoring - While this is a product pitch, I really like this: Until recently, we knew next to nothing about the security state inside a running application – unless developers built in custom logging. Without security visibility, security pros would typically: Hope the developers wrote secure code Harden the platform (e.g., OS, server, container) that the application is running on and hope nothing gets through Deploy an edge device (e.g., IPS, WAF) and hope blocking suspicious traffic is sufficient Hope your SOC finds the attack in time Hope that your incident response team can respond effectively Hope you have talented enough software engineering resources to fix an exploited vulnerability in code
    4. Malwarebytes Introduces Enterprise Cloud Platform for Next-Gen Endpoint Protection, Announces Validation as Replacement for Antivirus - I'm interested in more details: Malwarebytes Endpoint Protection, now delivered as a service by the platform, features a signature-less Anomaly Detection Engine powered by machine learning. Combining seven protection layers, this new Malwarebytes solution is a more effective and efficient replacement for antivirus.
    5. SecureWorks Innovates Counter Threat Platform to Enable Enterprises to Better Detect, Contain, and Eliminate Cyber Threats :: ITbriefing.net :: - If it really does this: Business-Driven Context and Intelligence – SecureWorks can now dynamically adjust the severity ratings assigned to security events based on assets and vulnerabilities in a way that improves incident handling and reduces the time it takes to properly respond. It is awesome. This has potential to be neat: The upcoming Provisioning API will allow clients to on-board and change which of their assets are monitored with ease, accelerating the clients' ability to ensure appropriate security and adding critical flexibility in today's dynamic IT environments.
    6. LockPath Releases Keylight 4.7 - Perhaps some risks you've not considered as a view in your GRC program: Keylight’s Health and Safety Manager helps organizations to strengthen workplace safety, encourage workplace safety collaboration, and meet regulatory compliance obligations. Risks identified in HSm can be viewed within the context of an organization’s overall risk posture, providing executives with visibility into the impact on the organization. Don't trip on that cable when you do incident response!
    7. Hexadite fired U.S. employees the day Microsoft announced its acquisition - techsqrd.com - Last week, Microsoft confirmed plans to acquire Hexadite in a deal rumored to be valued at around $100 million . But on the same day, the cybersecurity startup laid off nearly all of its U.S.-based workforce, according to sources familiar with the matter. To make matters worse, VentureBeat has learned that all affected employees were informed of their layoffs by telephone and offered just two weeks severance, and no shares were forward vested.

    Topic: Malware: Endpoint Defense

    1. Should EDR be installed on every system? Servers too? All clients?
    2. How important is the configuration of EDR?
    3. What should your goals be for defense: know malware? unknown malware? ransomware? or are these three different products?
    4. If you have a big name AV install, what should drive you to change it? e.g. Symantec or Mcafee...
    5. What are the most common threats missed by EDR?
    6. How much of a concern is: performance, scalability, manageability, and crashing the host OS?
    7. When should you consider running two, or more, EDR solutions on the same host? Or, do you run one flavor on some, and another flavor on another?