ES Episode50

From Paul's Security Weekly
Jump to: navigation, search

Enterprise Security Weekly #50

Recorded on June 22, 2017 at G-Unit Studios in Rhode Island

Episode Audio

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • John Strand
    Security analyst, Founder of Black Hills Information Security, and CTO of Offensive Countermeasures.
  • Larry Pesce
    Senior Managing Consultant and Director of Research at InGuardians, SANS Instructor.
  • Joff Thyer
    SANS Instructor, penetration tester, and Security Researcher at Black Hills Information Security.
  • Interview: Brian Ventura and Ted Gary

    Brian Ventura is a SANS Instructor and Information Security Architect. Brian has 20 years of experience in the industry; holds Information Security certifications including CISSP, GSEC, GCCC and GCFA; volunteers with the local ISSA and OWASP chapters in Portland, OR; and regularly presents on Information Security topics.

    Ted Gary is Tenable's Sr. Product Marketing Manager focusing on security frameworks and compliance. Ted has more than ten years’ of information security experience in both product management and product marketing roles. He has defined SaaS security services, file integrity management and configuration assessment products. Ted has been trained as an internal IT auditor and has helped companies assess their compliance with security frameworks.

    Brian and Ted have been working on a project that highlights the first 5 security controls, which are:

    1. Inventory of Authorized and Unauthorized Devices 6
    2. Inventory of Authorized and Unauthorized Software 10
    3. Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers 13
    4. Continuous Vulnerability Assessment and Remediation 17
    5. Controlled Use of Administrative Privileges

    Why don't organization implement these controls? Why are the first 5 so hard? What tools exist to implement the top 5? Find the answers to these questions and more in this segment!

    Enterprise News

    1. HP brings pocket-sized printing to the UAE - ITP.net - Oh, you will see these in your enterprise. I can just see marketing and HR departments being all over this one. How do you secure Bluetooth and NFC?
    2. Ixia to Showcase Advanced Security and Visibility Solutions at Cisco Live 2017 - SPoG FTW: Without advanced network visibility seen through a single pane of glass, organizations put network security, compliance mandates, and application performance at risk.
    3. Who's afraid of cloud app management? Fear not, solutions are here! - Gemalto blog - My head is spinning: Access management solutions have emerged to address these cloud adoption hurdles and ensure secure, compliant and convenient access to cloud-based applications. SafeNet Trusted Access, Gemalto’s new cloud access management service, lets organizations: Simplify cloud access with smart single sign on Optimize security with fine-grained, scenario-based access policies Scale cloud adoption with centralized access management Gain visibility into access events through data driven insights
    4. 5 Tips to Maximize Your IT Security Training - John can relate: Training events fully back those findings. Any trainer can tell you frustration-ridden stories of the outcome of multitasking. Frustration for the rest of the class when one person falls behinds and asks a question that was just answered. Frustration for the student that’s confused because they missed something. Frustration for everyone when someone misses something important because they ‘weren’t all there.’
    5. McAfee Labs Report Reviews 30-Year Evolution of Evasion Techniques
    6. Kaspersky VirusDesk: online file and link scanner - gHacks Tech News
    7. Intel to collaborate with Israel's Team8, Illusive on cybersecurity
    8. GrammaTech products to aid NTU's cyber security research