Difference between revisions of "ESWEpisode177"

From Security Weekly Wiki
Jump to navigationJump to search
(Added By Paul's Craptastic PPWorks Code)
(Added By Paul's Craptastic PPWorks Code)
 
(3 intermediate revisions by the same user not shown)
Line 21: Line 21:
 
<ul style="margin-left: 50px;">
 
<ul style="margin-left: 50px;">
 
 
<li>Register for our upcoming webcasts and virtual trainings by visiting securityweekly.com selecting the webcast/training drop down from the top menu bar and clicking registration. In our next webcast with Synopsys we will cover "Better, Faster, More Secure Code By Combining SAST and SCA" with Utsav Sanghani, their Senior Product Manager.</li>
+
<li>In our next webcast with Synopsys we will cover "Better, Faster, More Secure Code By Combining SAST and SCA" with Utsav Sanghani, their Senior Product Manager. Register for our upcoming webcasts and virtual trainings by visiting securityweekly.com/webcasts. You can also access our on-demand library of previously recorded webcasts by visiting securityweekly.com/ondemand. Each webcast will earn you 1 CPE credit that we will submit on your behalf if you provide your ISC2 number.</li>
 
 
<li>CyberSecurity Exchange Day hosted by OSHEAN and the Pell Center was originally scheduled for Wednesday, March 18th and has currently been postponed. The new date is still TBD and we will keep you posted as soon as we hear more!</li>
+
<li>We are looking for high-quality guest suggestions for our Enterprise Security Weekly podcast to fill our upcoming recording schedule! We're committed to educating and providing entertainment for the InfoSec community and we would love to hear from you about who you would like us to interview on the show! Submit your suggestions for guests by visiting securityweekly.com/guests and submitting the form! We review suggestions monthly and will reach out to you once reviewed!</li>
 
 
<li>SecureWorld Boston was scheduled for March 25th & 26th at the Hynes Convention Center. The event has been postponed until further notice. We will keep you in the loop as soon as we know more!</li>
+
<li>SecureWorld Boston has been rescheduled to July 15-16, 2020 at the Hynes Convention Center in Boston, Massachusetts! You can register for this event by visiting secureworldexpo.com and using the code "SECURITYWEEKLY" to save $100 on a full conference pass! We will keep you in the loop as soon as we know who from Security Weekly will be there!</li>
 
 
<li>InfoSecWorld 2020 was originally scheduled for March 30 - April 1, 2020 at the Disney Contemporary Resort! This conference has been rescheduled for June 22nd-24th due to COVID-19. Security Weekly listeners still save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!</li>
+
<li>TBD2</li>
 
 
 
</ul>
 
</ul>
  
 
</p>
 
</p>
= News - Enterprise News =
+
= Interview: Keeping Systems Secure...From Home - 6:00-6:45PM =
 +
<!-- 
 +
************************* DO NOT EDIT THIS SECTION. THIS IS AUTO-GENERATED BY PPWORKS. YOUR CHANGES WILL BE LOST! ***************************
 +
-->
 +
{|style="width: 100%;margin: auto; " cellpadding="10"
 +
 
 +
|<center>{{#ev:youtube|7HJwUaEMe7o }}</center>
 +
 
 +
|-
 +
|<p>'''Description:'''<br><br> The cybersecurity challenges created by remote workforces and what it takes to deliver security to remote workers while avoiding impacting business operations. How do you continue vulnerability and patch management across endpoints and servers when everyone is working from home?
 +
 
 +
To learn more about Qualys, visit: https://securityweekly.com/qualys</p>
 +
 
 +
|-
 +
|<p>'''Content:'''<br><br> Media alert: https://www.qualys.com/company/newsroom/news-releases/usa/qualys-offers-free-remote-endpoint-protection-solution/ Blog: https://blog.qualys.com/technology/2020/03/24/free-remote-endpoint-protection-solution-secures-remote-workforces-with-one-click</p>
 +
 
 +
|}
 +
{|style="width: 100%;margin: auto; " cellpadding="5"
 +
 
 +
|'''Guest:'''
 +
|'''Bio:'''
 +
|-
 +
 +
|[[Image:Medium-Sumedh-Thakar-0.png|200px|thumb|<center>'''[https://twitter.com/@ssthakar Sumedh Thakar]''' is Chief Product Officer at Qualys</center>]]
 +
 +
|As Chief Product Officer at Qualys, Sumedh oversees worldwide engineering, development and product management for the Qualys software-as-a-service (SaaS) platform and integrated suite of security and compliance applications. A core systems and database engineer, Sumedh started at Qualys in 2003, architecting and delivering Qualys' PCI compliance platform to meet the Payment Card Industry (PCI) Data Security Standard (DSS) requirements. Today, more than 69 percent of ASVs and 50 percent of QSAs worldwide use Qualys PCI to perform PCI DSS certification.
 +
|-
 +
 
 +
|}
 +
==Hosts==
 +
<!-- 
 +
************************* DO NOT EDIT THIS SECTION. THIS IS AUTO-GENERATED BY PPWORKS. YOUR CHANGES WILL BE LOST! ***************************
 +
-->
 +
 
 +
{|style="width: 100%;margin: auto; " cellpadding="1"
 +
 +
|[[Image:MattAlderman-0.png|100px|thumb|<center>[https://twitter.com/@maldermania Matt Alderman]  - CEO at Security Weekly</center>]]
 +
 +
|[[Image:Paul_Asadoorian-0.png|100px|thumb|<center>[https://twitter.com/@securityweekly Paul Asadoorian]  - Founder & CTO at Security Weekly</center>]]
 +
 +
|}
 +
 
 +
= News - Threat Stack, Qualys, StackRox, Sysdig =
 
<!--   
 
<!--   
 
************************* MAKE CHANGES IN THE TEMPLATES BELOW! ***************************
 
************************* MAKE CHANGES IN THE TEMPLATES BELOW! ***************************
 
-->
 
-->
 
{|style="width: 100%;margin: auto; " cellpadding="10"
 
{|style="width: 100%;margin: auto; " cellpadding="10"
 +
 +
|<center>{{#ev:youtube|XC-PcNkBE3Y }}</center>
  
 
|-
 
|-
|<p>'''Description:'''<br><br> Enterprise News TBD</p>
+
|<p>'''Description:'''<br><br> How to Write an Automated Test Framework in a Million Little Steps, Qualys remote endpoint protection solution helps enterprises secure remote workforces, Sysdig Provides the First Cloud-Scale Prometheus Monitoring Offering, Kaspersky Security for Microsoft Office 365 adds protection for SharePoint Online and Microsoft Teams and more!</p>
  
  
 +
 +
|-
 +
|<p>'''Content:'''<br><br> https://blog.sonatype.com/owasp-security-knowledge-framework
 +
https://www.threatstack.com/blog/how-to-write-an-automated-test-framework-in-a-million-little-steps
 +
https://www.ixiacom.com/company/blog/microsoft-exchange-flaw-cve-2020-0688-still-affecting-130k-public-facing-servers
 +
https://www.helpnetsecurity.com/2020/03/25/qualys-remote-endpoint-protection/
 +
http://www.globalsecuritymag.com/Sumo-Logic-Selects-StackRox-to,20200318,96788.html
 +
http://www.globalsecuritymag.com/Portshift-Announces-Kubei,20200323,96931.html
 +
http://www.globalsecuritymag.com/Sysdig-Provides-the-First-Cloud,20200324,96978.html
 +
http://www.globalsecuritymag.com/Kaspersky-Security-for-Microsoft,20200325,96995.html
 +
https://www.helpnetsecurity.com/2020/03/23/windows-zero-days/ </p>
  
 
|}
 
|}
Line 57: Line 112:
 
 
  
= Interview: Keeping Systems Secure...From Home - 6:00-6:45PM =
+
= Fullaudio - None  =
 
<!--   
 
<!--   
************************* DO NOT EDIT THIS SECTION. THIS IS AUTO-GENERATED BY PPWORKS. YOUR CHANGES WILL BE LOST! ***************************
+
************************* MAKE CHANGES IN THE TEMPLATES BELOW! ***************************
 
-->
 
-->
 
{|style="width: 100%;margin: auto; " cellpadding="10"
 
{|style="width: 100%;margin: auto; " cellpadding="10"
  
 
|-
 
|-
|<p>'''Description:'''<br><br> The cybersecurity challenges created by remote workforces and what it takes to deliver security to remote workers while avoiding impacting business operations. How do you continue vulnerability and patch management across endpoints and servers when everyone is working from home?</p>
+
|<p>'''Description:'''<br><br> This week, we talk Enterprise News, to discuss OWASP Security Knowledge Framework, How to Write an Automated Test Framework in a Million Little Steps, Sumo Logic Selects StackRox to Protect Its Cloud-Native Applications and Services, Sysdig Provides the First Cloud-Scale Prometheus Monitoring Offering, and Windows users under attack via two new RCE zero-days! In our second segment, we welcome Sumedh Thakar, Chief Product Officer at Qualys, to talk about Cybersecurity Challenges Created by a Remote Workforce! In our final segment, we welcome Tod Beardsley, Director of Research at Rapid7, to discuss SMB exposures and User Behavior Analytics failures, using findings from Rapid7 Research Labs!
  
|-
+
To learn more about Qualys, visit: https://securityweekly.com/qualys
|<p>'''Content:'''<br><br> Media alert: https://www.qualys.com/company/newsroom/news-releases/usa/qualys-offers-free-remote-endpoint-protection-solution/ Blog: https://blog.qualys.com/technology/2020/03/24/free-remote-endpoint-protection-solution-secures-remote-workforces-with-one-click</p>
+
To learn more about Rapid7 or to get a free trial, visit: https://securityweekly.com/rapid7
 +
 
 +
Visit https://www.securityweekly.com/esw for all the latest episodes!
 +
Follow us on Twitter: https://www.twitter.com/securityweekly
 +
Like us on Facebook: https://www.facebook.com/secweekly
 +
</p>
  
|}
 
{|style="width: 100%;margin: auto; " cellpadding="5"
 
  
|'''Guest:'''
 
|'''Bio:'''
 
|-
 
 
|[[Image:Medium-Sumedh-Thakar-0.png|200px|thumb|<center>'''[https://twitter.com/@ssthakar Sumedh Thakar]''' is Chief Product Officer at Qualys</center>]]
 
 
|As Chief Product Officer at Qualys, Sumedh oversees worldwide engineering, development and product management for the Qualys software-as-a-service (SaaS) platform and integrated suite of security and compliance applications. A core systems and database engineer, Sumedh started at Qualys in 2003, architecting and delivering Qualys' PCI compliance platform to meet the Payment Card Industry (PCI) Data Security Standard (DSS) requirements. Today, more than 69 percent of ASVs and 50 percent of QSAs worldwide use Qualys PCI to perform PCI DSS certification.
 
|-
 
  
 
|}
 
|}
==Hosts==
 
<!-- 
 
************************* DO NOT EDIT THIS SECTION. THIS IS AUTO-GENERATED BY PPWORKS. YOUR CHANGES WILL BE LOST! ***************************
 
-->
 
  
{|style="width: 100%;margin: auto; " cellpadding="1"
 
 
 
|[[Image:MattAlderman-0.png|100px|thumb|<center>[https://twitter.com/@maldermania Matt Alderman]  - CEO at Security Weekly</center>]]
+
==[https://twitter.com/@maldermania Matt Alderman]'s Content: ==
 +
[[Image:MattAlderman-0.png|50px|thumb|left]]
 +
<br>
 +
{{Template:ESW177FullaudioMatt Alderman}}
 
 
|[[Image:Paul_Asadoorian-0.png|100px|thumb|<center>[https://twitter.com/@securityweekly Paul Asadoorian]  - Founder & CTO at Security Weekly</center>]]
+
==[https://twitter.com/@securityweekly Paul Asadoorian]'s Content: ==
 +
[[Image:Paul_Asadoorian-0.png|50px|thumb|left]]
 +
<br>
 +
{{Template:ESW177FullaudioPaul Asadoorian}}
 
 
|}
 
  
= Interview: SMB, UBA, and WFH - 6:00-6:45PM =
+
= Interview: Windows Exploits, Re-Training Your Security Solutions - 6:00-6:45PM =
 
<!--   
 
<!--   
 
************************* DO NOT EDIT THIS SECTION. THIS IS AUTO-GENERATED BY PPWORKS. YOUR CHANGES WILL BE LOST! ***************************
 
************************* DO NOT EDIT THIS SECTION. THIS IS AUTO-GENERATED BY PPWORKS. YOUR CHANGES WILL BE LOST! ***************************
 
-->
 
-->
 
{|style="width: 100%;margin: auto; " cellpadding="10"
 
{|style="width: 100%;margin: auto; " cellpadding="10"
 +
 +
|<center>{{#ev:youtube|mk2wZ9C4gz0 }}</center>
  
 
|-
 
|-
|<p>'''Description:'''<br><br> Tod Beardsley, research director, will discuss SMB exposures and User Behavior Analytics (UBA) failures, using findings from Rapid7 Research Labs and our latest Threat Report. Tod will also discuss the current work from home workforce and how to ensure keeping your team and business secure while working from home.</p>
+
|<p>'''Description:'''<br><br> Tod Beardsley, research director, will discuss some of the trends in Internet scanning and attacker behavior given there are new Windows vulnerabilities and the workforce working from home.  Should you re-train your User Behavior Analytics (UBA) and/or rely on other technologies?
 +
 
 +
To learn more about Rapid7 or to get a free trial, visit: https://securityweekly.com/rapid7</p>
  
 
|}
 
|}

Latest revision as of 18:47, 30 March 2020

Enterprise Security Weekly Episode 177 - 2020-03-25

Episode Audio

Enterprise Security Weekly Episode 177

Announcements

  • In our next webcast with Synopsys we will cover "Better, Faster, More Secure Code By Combining SAST and SCA" with Utsav Sanghani, their Senior Product Manager. Register for our upcoming webcasts and virtual trainings by visiting securityweekly.com/webcasts. You can also access our on-demand library of previously recorded webcasts by visiting securityweekly.com/ondemand. Each webcast will earn you 1 CPE credit that we will submit on your behalf if you provide your ISC2 number.
  • We are looking for high-quality guest suggestions for our Enterprise Security Weekly podcast to fill our upcoming recording schedule! We're committed to educating and providing entertainment for the InfoSec community and we would love to hear from you about who you would like us to interview on the show! Submit your suggestions for guests by visiting securityweekly.com/guests and submitting the form! We review suggestions monthly and will reach out to you once reviewed!
  • SecureWorld Boston has been rescheduled to July 15-16, 2020 at the Hynes Convention Center in Boston, Massachusetts! You can register for this event by visiting secureworldexpo.com and using the code "SECURITYWEEKLY" to save $100 on a full conference pass! We will keep you in the loop as soon as we know who from Security Weekly will be there!
  • TBD2

Interview: Keeping Systems Secure...From Home - 6:00-6:45PM

Description:

The cybersecurity challenges created by remote workforces and what it takes to deliver security to remote workers while avoiding impacting business operations. How do you continue vulnerability and patch management across endpoints and servers when everyone is working from home? To learn more about Qualys, visit: https://securityweekly.com/qualys

Content:

Media alert: https://www.qualys.com/company/newsroom/news-releases/usa/qualys-offers-free-remote-endpoint-protection-solution/ Blog: https://blog.qualys.com/technology/2020/03/24/free-remote-endpoint-protection-solution-secures-remote-workforces-with-one-click

Guest: Bio:
Sumedh Thakar is Chief Product Officer at Qualys
As Chief Product Officer at Qualys, Sumedh oversees worldwide engineering, development and product management for the Qualys software-as-a-service (SaaS) platform and integrated suite of security and compliance applications. A core systems and database engineer, Sumedh started at Qualys in 2003, architecting and delivering Qualys' PCI compliance platform to meet the Payment Card Industry (PCI) Data Security Standard (DSS) requirements. Today, more than 69 percent of ASVs and 50 percent of QSAs worldwide use Qualys PCI to perform PCI DSS certification.

Hosts

Matt Alderman - CEO at Security Weekly
Paul Asadoorian - Founder & CTO at Security Weekly

News - Threat Stack, Qualys, StackRox, Sysdig

Description:

How to Write an Automated Test Framework in a Million Little Steps, Qualys remote endpoint protection solution helps enterprises secure remote workforces, Sysdig Provides the First Cloud-Scale Prometheus Monitoring Offering, Kaspersky Security for Microsoft Office 365 adds protection for SharePoint Online and Microsoft Teams and more!


Content:

https://blog.sonatype.com/owasp-security-knowledge-framework

https://www.threatstack.com/blog/how-to-write-an-automated-test-framework-in-a-million-little-steps https://www.ixiacom.com/company/blog/microsoft-exchange-flaw-cve-2020-0688-still-affecting-130k-public-facing-servers https://www.helpnetsecurity.com/2020/03/25/qualys-remote-endpoint-protection/ http://www.globalsecuritymag.com/Sumo-Logic-Selects-StackRox-to,20200318,96788.html http://www.globalsecuritymag.com/Portshift-Announces-Kubei,20200323,96931.html http://www.globalsecuritymag.com/Sysdig-Provides-the-First-Cloud,20200324,96978.html http://www.globalsecuritymag.com/Kaspersky-Security-for-Microsoft,20200325,96995.html

https://www.helpnetsecurity.com/2020/03/23/windows-zero-days/


Matt Alderman's Content:

MattAlderman-0.png


Template:ESW177NewsMatt Alderman

Paul Asadoorian's Content:

Paul Asadoorian-0.png


  1. OWASP Security Knowledge Framework
  2. How to Write an Automated Test Framework in a Million Little Steps | Threat Stack
  3. Microsoft Exchange Flaw CVE-2020-0688 Still Affecting 130K Public-Facing Servers | Ixia
  4. Free Qualys remote endpoint protection solution helps enterprises secure remote workforces - Help Net Security
  5. Sumo Logic Selects StackRox to Protect Its Cloud-Native Applications and Services
  6. Portshift Announces Kubei Container Runtime Scanning Software with Launch of its Open Source Initiative
  7. Sysdig Provides the First Cloud-Scale Prometheus Monitoring Offering
  8. Kaspersky Security for Microsoft Office 365 adds protection for SharePoint Online and Microsoft Teams
  9. Windows users under attack via two new RCE zero-days - Help Net Security


Fullaudio - None

Description:

This week, we talk Enterprise News, to discuss OWASP Security Knowledge Framework, How to Write an Automated Test Framework in a Million Little Steps, Sumo Logic Selects StackRox to Protect Its Cloud-Native Applications and Services, Sysdig Provides the First Cloud-Scale Prometheus Monitoring Offering, and Windows users under attack via two new RCE zero-days! In our second segment, we welcome Sumedh Thakar, Chief Product Officer at Qualys, to talk about Cybersecurity Challenges Created by a Remote Workforce! In our final segment, we welcome Tod Beardsley, Director of Research at Rapid7, to discuss SMB exposures and User Behavior Analytics failures, using findings from Rapid7 Research Labs!

To learn more about Qualys, visit: https://securityweekly.com/qualys To learn more about Rapid7 or to get a free trial, visit: https://securityweekly.com/rapid7

Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly



Matt Alderman's Content:

MattAlderman-0.png


Template:ESW177FullaudioMatt Alderman

Paul Asadoorian's Content:

Paul Asadoorian-0.png


Template:ESW177FullaudioPaul Asadoorian


Interview: Windows Exploits, Re-Training Your Security Solutions - 6:00-6:45PM

Description:

Tod Beardsley, research director, will discuss some of the trends in Internet scanning and attacker behavior given there are new Windows vulnerabilities and the workforce working from home. Should you re-train your User Behavior Analytics (UBA) and/or rely on other technologies? To learn more about Rapid7 or to get a free trial, visit: https://securityweekly.com/rapid7

Guest: Bio:
Tod Beardsley is Director of Research at Rapid7
Tod Beardsley is the Director of Research at Rapid7. He has over 30 years of hands-on security experience, stretching from in-band telephony switching to modern IoT implementations. He has held IT Ops and Security positions in large organizations such as 3Com, Dell, and Westinghouse, as both an offensive and defensive practitioner. Today, Tod directs the security research program at Rapid7, is a frequent speaker at industry conferences, is a CVE Board member, and is a contributing author to a number of research papers produced by Rapid7.

Hosts

Matt Alderman - CEO at Security Weekly
Paul Asadoorian - Founder & CTO at Security Weekly