ES Episode63

From Paul's Security Weekly
Jump to: navigation, search

Enterprise Security Weekly #63

Recorded September 27, 2017 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • John Strand
    Security analyst, Founder of Black Hills Information Security, and CTO of Offensive Countermeasures.

  • Enterprise News

    1. Signal Sciences Joins Splunk Adaptive Response Initiative - Nice integration: Splunk launched the Adaptive Response Initiative to build a framework to speed up detection and remediation times across vendor solutions in the enterprise. Splunk's Adaptive Response action allows you to send an action to Signal Sciences to blacklist an IP based on correlation search or manual search events.
    2. Zscaler Presents on Office 365 and Azure Networking at Microsoft Ignite Conference - Zscaler enables the world’s leading organizations to securely transform their networks and applications for a mobile and cloud first world. Its flagship services, Zscaler Internet Access and Zscaler Private Access, create fast, secure connections between users and applications, regardless of device, location, or network. Zscaler services are 100 percent cloud-delivered and offer the simplicity, enhanced security, and improved user experience that traditional appliances are unable to match.
    3. SecureWorks : 4 Reasons Next-Generation Antivirus Should Be Your Next Managed Service
    4. Infoblox to demo Actionable Network Intelligence Platform | Tahawul Tech - wow, this a bold claim: Infoblox has announced that it will demonstrate its Actionable Network Intelligence Platform, a unified, platform that empowers enterprises to elevate every aspect of network availability, agility, security, and performance—on premises, across data centres, and in the cloud
    5. Google Cloud acquires cloud identity management company Bitium - Google Cloud announced today that it has acquired Bitium, a company that focused on offering enterprise-grade identity management and access tools, such as single-sign on, for cloud-based applications. This will basically help Google better manage enterprise cloud customer implementation across an organization, including doing things like setting security levels and access policies for applications working across their Cloud and G Suite offerings.
    6. From Discovery to Analytics: MobileIron Access Expands the Cloud Security Lifecycle | 4-Traders
    7. Ixia extends cloud visibility across more platforms - RCR Wireless News - This sounds amazing, and doesn't get good until the last paragraph: CloudLens aims squarely at increasing visibility across those type of hybrid cloud networks and is offered as a serverless software-as-a-service solution that doesn’t require cloud provider involvement and, according to Ixia, also doesn’t rely on specific features of a particular hypervisor or provider in order to function. Ixia said that it has worked with nearly 20 companies on pre-validating CloudLens’ interoperability for security, application performance monitoring and network performance monitoring tools.
    8. Nextclouds file storage solution gets a security boost
    9. Lacework Announces Support for Microsoft Windows Server - The problem: Security hasn’t kept up with the velocity of the cloud. Breaches are too frequent and incidents take too long to resolve. Security teams struggle to keep up with DevOps. Yesterday’s security – with its perimeters, rules, and log-based investigations – isn’t flexible, agile, or effective, and it’s not right for today’s cloud. The solution: Lacework Polygraph approaches cloud security from a completely new direction. We use a deep temporal baseline to track cloud entities, behaviors, and connections. We detect breaches and automate investigations without rules, policies, or logs. Polygraph delivers exceptional protection at the velocity of the cloud.
    10. Capsule8 Raises New Funds to Help Improve Container Security - Dino Dai Zovi, co-founder and CTO of Capsule8 said that most organizations first consider stability and performance in any application, before looking at security. The market for container security technologies is an increasingly crowded space with multiple vendors including Twistlock, Aqua Security and StackRox all aiming for a share of enterprise security budgets. Dai Zovi said that Capsule8 differentiates itself with its real-time, machine learning augmented approach to container security.
    11. Flashpoint Digs Into Dark Web With Security Intelligence API - The new Flashpoint API v4 provides access to Flashpoint's finished intelligence reports across a range of topics, including cyber-crime, emerging malware, fraud and looking at physical security-related issues including violent extremism. API v4 also provides access to an aggregated collection of Flashpoint analysts' Deep and Dark Web conversations with the most secretive attackers on the internet.

    Topic: Network Security Architecture

    1. What do you use NG firewalls for? (Protocol detection, URL blacklisting, user identity, SSL decryption, more? less?)
    2. Where do proxy servers fit into the mix and how do they help?
    3. Do you create filtering rules on network gear or deploy firewalls internalls?
    4. Do you still use an IPS? Do you block intrusions still?
    5. Egress filtering, most people still get this wrong? How do you control outbound?