Recorded June 5, 2019 at G-Unit Studios in Rhode Island!
- Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!
- OSHEAN and the Pell Center are partnering together to present Cybersecurity Exchange Day on Wednesday, March 18th from 9am-3pm at Salve Regina University in the beautiful Newport, RI! Visit securityweekly.com/OSHEAN2020 to register for free and come join in the fun!
- We have officially migrated our mailing list to a new platform! Sign up for the list to receive invites to our virtual trainings, webcasts, and other content relative to your interests by visiting securityweekly.com/subscribe and clicking the button to join the list! You can also submit your suggestions for guests by going to securityweekly.com/guests and submitting the form! We'll review them monthly and reach out if they are a good fit!
- Our first-ever virtual training is happening on March 19th @11:00am ET, with Adam Kehler & Rob Harvey from Online Business Systems Risk, Security & Privacy Team. In this training you will learn how to generate a complex SHA-256 hashed password and then use password cracking tools to break it. Register for our upcoming trainings by visiting securityweekly.com, selecting the webcast/training drop down from the top menu bar and clicking registration.
Interview: Charles Thompson, Viavi
Topic: Charles will discuss the importance of response/remediation in a strong security strategy and the role wire-data plays in having the forensic detail needed to identify a breach, understand scope of impact, and confirm restoration of network performance to pre-incident baseline.
Topic Segment: Defending Your Environment Against Major Microsoft Vulnerabilities
Discussion point before we begin: What defines a "major" Microsoft vulnerability?
- Discovery - Scoping the problem is just one part of determining just how big of a problem you have if you even have a problem at all. The discovery must be an ongoing process, constantly looking for the known bad states, notifying the right people, and implementing a fix. This also means both externally and internally, whatever that means to you today.
- Temporary Countermeasures - These can vary, but should be considered a when Microsoft has a "major vulnerability", it is more likely attackers will go after this weakness vs. others.
- Be Resilient - This is extremely hard for large enterprises today, most of which have legacy systems and architecture that prevents them from moving fast. The faster you can build an environment, test a patch or fix, deploy it to production, the more resilient you become. I realize that various levels of resiliency may exist in your environment, keep focused on your most critical assets and most sensitive data first.
- I'd want two things - If I were to be in charge of defending a Windows environment, I'd want two capabilities: 1) The ability to run scenarios through the environment at any time, pointing out exposures. For major MS vulnerabilities, there would be a constant simulation running identifying the exposure 2) Configuration management would be critical to my plans, the ability to safely make a change across an environment with 10,000+ systems exists, and I'd want it.
Security Product Announcements
- Database Security for Amazon RDS
- Infoblox unveils simplified security platform to detect and stop cyber threats
- Palo Alto Networks launches new 'Prisma' cloud security suite
- CyberX Launches First Open Development Environment (ODE) for Securing IoT/ICS Devices Running Proprietary Protocols
- Sophos Intercept X Endpoint Protection
- Morphisec Announces Version 3.5 at Infosecurity Europe 2019 with New Unified Security Center for End-to-End Visibility Across All Blocked Attacks
- Securonix Partner Program Targets MSSPs
- Thycotic Expands Enterprise-Grade Privileged Access Management-as-a-Service Solution
- SecureAuth Innovates Secure Identity Management with its Intelligent Identity Cloud Service
Security Company Acquisitions
- Flexera Acquires RISC Networks
- Security stays hot as Imperva grabs Distil Networks
- Palo Alto Networks Announces Intent to Acquire Two Companies to Extend Its Cloud Security Leadership