ES Episode118

From Paul's Security Weekly
Jump to: navigation, search

Recorded December 4, 2018 at G-Unit Studios in Rhode Island!

Episode Audio


  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • John Strand
    Security analyst, Founder of Black Hills Information Security, and CTO of Offensive Countermeasures.
  • Annoucements:

    • If you are interested in quality over quantity and having meaningful conversations instead of just a badge scan, join us April 1-3, at Disney's Contemporary Resort for InfoSec World 2019 where you can connect and network with like-minded individuals in search of actionable information. Use the registration code OS19-SECWEEK for 15% off the Main Conference or World Pass.
    • Go to to register for stealthBITS webcast "Emerging & Continuing Trends in 2019: Privacy Regulations, Active Directory Security & Machine Learning" for an in-depth discussion from Rod Simmons and Paul Asadoorian. You can also view their assessment at:

    Interview: Mike Nichols, Endgame

    Mike Nichols is the VP of Product for Endgame
    Mike manages the Endgame endpoint protection platform. Mike leverages years of commercial and federal product development experience, as well his time as an Army cyber intelligence analyst, to ensure the product not only has a superior workflow, but also optimizes the analyst's time. He divides his time between internal engagement with engineering and customer support, and external engagement with existing customers and new sales prospects to better understand the needs of the customer and ensure proper translation to mission-enabling features. Prior to working at Endgame, Mike served in a variety of technical leadership roles at Fortscale, General Dynamics Fidelis Cybersecurity Solutions, and Deloitte.


    1. MITRE evaluation of Endgame- - Last Thursday, MITRE released the results of its first ever EDR product evaluation. There were seven vendors assessed in total. This was a post-compromise activity test, wherein MITRE executed a set of techniques using open source methods mirroring previously-observed APT3 techniques. In their write-up, they supplied information about how vendors provided alerting and/or visibility into data associated with their execution of a technique. The evaluations were not a competitive analysis with scores or rankings. They attempted to show how each vendor approached threat detection in the context of the ATT&CK matrix. Mark Dufresne wrote up a post about it here, which I’d encourage you to check out.
    2. Open-Source Query Language EQL (Event Query Language)- - The day following MITRE’s evaluation release, Endgame announced that it was open sourcing our Event Query Language (EQL). EQL is an extensible language that enables detection and threat hunting against real-world attacks aligned to the MITRE ATT&CK™ matrix and was previously only available to Endgame customers. We did this in an effort to expand the tools available to the community for universal expression of post-compromise analytics. In addition to releasing the core EQL language, we released a schema mapping to Sysmon and an extensive set of analytics including Atomic Blue. Atomic Blue is a curated set of EQL logic which enables the detection of events generated during execution of Atomic Red Team tests from Red Canary.
    3. Storytime with Mike!

    Enterprise News

    1. Ixia extends collaboration with ProtectWise - Ixia´s Vision ONE network packet broker and the CloudLens visibility platform, combined with The ProtectWise Grid, an on-demand platform with full-packet memory that delivers real-time and retrospective detections and advanced network forensics, offers enterprises esy collection and visualization of NetFlow, metadata, truncated flows, and full-fidelity packet capture (PCAP) by protocol and application for complete visibility into data assets in a hybrid environment including enterprise, cloud, or hybrid deployments from a single-pane-of-glass graphical user interface.
    2. Ping Identity Brings in New Customer Identity-as-a-Service Solution - The cloud-based Identity as a Service (IDaaS) offering, aimed at the developer community, offers API-based identity services for customer-facing applications. It can enable large enterprises to launch apps faster, substitute custom identity services that are tough to maintain, and enable the transition from on-premises deployments to cloud-hosted services.
    3. CyberX partners with GE to strengthen IIoT cybersecurity
    4. Fortinet introduces new security automation capabilities on Amazon Web Services - Curious how the WAF works (or doesn't): Containers, AWS Security Hub, and Broad Protection: On top of the existing broad set of Fortinet security offerings on AWS, Fortinet is announcing support for AWS Security Hub. Fortinet now also offers FortiWeb Web Application Firewall in AWS Container Marketplace, enhancing multi-layer security protection at the API level, the VM level and the container level for applications running on AWS.
    5. eSentire Launches New Risk Advisory and Managed Prevention Services Designed to Strengthen Organizations' Resiliency Against the Evolving Threat Landscape - . Through a tailored set of services, organizations can now: Identify blind spots and risk - assesses an organization's people, process, policies and technology, from on-premise to the cloud, for systemic risks and potential security gap and Build a strategy and define a plan evaluates current security program maturity, policies, architecture and response capabilities
    6. Yubico Announces YubiHSM 2 Integration with AWS IoT Greengrass; Delivering Hardware-based Private Key and Secrets Storage - Yubico announced that the YubiHSM 2 (hardware security module) is qualified for Amazon Web Services (AWS) Internet of Things (IoT) Greengrass Hardware Security Integration. AWS IoT Greengrass introduced a new feature that will utilize a small subset of the YubiHSM 2 PKCS#11 library, allowing the YubiHSM 2 to perform the crypto operations for AWS IoT Greengrass to use secure hardware to store private keys. AWS IoT Greengrass allows users to securely and locally run compute, messaging, data caching, sync, and machine learning inference capabilities for connected devices. Interesting:
    7. Pulse Secure Expands Zero Trust Security for IoT with Firewall Auto-provisioning and Behavioural Analytics - Pulse Policy Secure (PPS) is an integral part of Pulse Secure’s combined VPN and NAC solution that provides corporate networks with Zero Trust Security through visibility, “comply to connect” policy enforcement and security orchestration with popular network and security infrastructure. PPS dynamically profiles the network to discover, classify and apply policy to IoT devices, and includes a built-in IoT device identification library. The solution also integrates with Next Generation Firewall (NGFW) solutions to provide identity and device security state data, as well as to fortify micro-segmentation to isolate and manage IoT devices on enterprises networks.
    8. OPAQ Named a Hottest Cyber Security Startup of 2018 by CRN - OPAQ is the premier network security cloud company. OPAQ’s platform-as-a-service enables partners to deliver Fortune 100-grade security-as-a-service to midsize enterprises on a fully encrypted SD-WAN optimized for speed and performance. With OPAQ, service providers are equipped with a simplified ability to centrally monitor security performance and compliance maturity, generate reports, manage security infrastructure, and enforce policies – all through a single interface.
    9. AI cyber security disruptor launches new platform to give instant oversight of business threats - I think the word disrupt is overused and overstated: The Senseon platform will solve this issue by using Sensory AI to perform the heavy lifting. Senseon’s technology has both the intelligence and context to separate benign activity from genuine threats, meaning it is able to carry out automated investigations with accuracy. This helps overstretched security teams to focus their efforts where they matter the most – investigating actual threats.
    10. A10 Introduces Centralized Management and Advanced Security Analytics for SSL Inspection
    11. NeuVector Improves Container Security With Admission Control - I really believe this should be native functionality: By integrating with Kubernetes, via kube-apiserver, NeuVector can get notification for any image attempting to be deployed, then apply the policy, which an admin has configured in NeuVector to decide whether to allow or block the deployment through Kubernetes.
    12. ZeroStack delivers AI-as-a-Service - This sounds cool: ZeroStack’s AI-as-a-service capability gives customers features to detect GPUs and make them available for users to run their AI applications. In order to maximize utilization of this resource, cloud admins can configure, scale, and allow access control of GPU resources to end users.
    13. Firmware Security Firm Eclypsium Raises $8.75 Million | SecurityWeek.Com - Interesting, seems to target enterprises, though device manufacturers, and even better firmware developers, seem to be a better audience. Shouldn't my firmware be secure before I buy it?