ES Episode151

From Paul's Security Weekly
Revision as of 16:58, 4 November 2019 by Johnny (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Recorded August 28, 2019 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Matt Alderman
    CEO at Security Weekly, Strategic Advisor, and Wizard of Entrepreneurship
  • Annoucements:

    • Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!
    • OSHEAN and the Pell Center are partnering together to present Cybersecurity Exchange Day on Wednesday, March 18th from 9am-3pm at Salve Regina University in the beautiful Newport, RI! Visit securityweekly.com/OSHEAN2020 to register for free and come join in the fun!
    • We have officially migrated our mailing list to a new platform! Sign up for the list to receive invites to our virtual trainings, webcasts, and other content relative to your interests by visiting securityweekly.com/subscribe and clicking the button to join the list! You can also submit your suggestions for guests by going to securityweekly.com/guests and submitting the form! We'll review them monthly and reach out if they are a good fit!
    • Our first-ever virtual training is happening on March 19th @11:00am ET, with Adam Kehler & Rob Harvey from Online Business Systems Risk, Security & Privacy Team. In this training you will learn how to generate a complex SHA-256 hashed password and then use password cracking tools to break it. Register for our upcoming trainings by visiting securityweekly.com, selecting the webcast/training drop down from the top menu bar and clicking registration.


    Enterprise News

    1. Veristor and Synack Partner to Apply Ethical Hackers and AI Technology to Deliver Crowdsourced Security Vulnerability Identification
    2. Five Tips On How Testers Can Collaborate With Software Developers - Threat Stack
    3. According to Gurucul Survey One in Four Workers Would Steal Company Information to Secure Job at Competing Firm
    4. Imperva discloses data breach affecting some firewall users
    5. Supplement traceroute with path discovery for easier troubleshooting | Ixia
    6. Key Takeaways from Blackhat and Def Con 2019
    7. A steadfast VMware bear says that the $4.8 billion its spending on big acquisitions doesnt change its stagnating growth: We still have concerns (VMW, DELL)
    8. Cofense procures additional funding from BlackRock - PE Hub
    9. API security-Ways to authenticate and authorize | Ilantus
    10. VMware Unveils Security Enhancements in Virtual Cloud Network Offering | SecurityWeek.Com


    Black Hat Interviews: AttackIQ, BlueHexagon, and Coalfire

    We interview Chris Kennedy, the CISO & VP and Customer Success at AttackIQ.

    Segment Topic:
    While MITRE ATT&CK framework is relatively new to security, it’s already proving to be incredibly valuable and its influence and importance is rapidly growing. MITRE’s work allows us to see what techniques can be invoked post breach--how did the adversary get in and what malicious activity are they doing once they are in there? The work MITRE has done around APTs assists security professionals in selecting security technologies that are effective in defending against an ever expanding, crowd sourced collection of known threats. In turn, our industry, continuous security validation, has been affected by the MITRE ATT&CK framework. We can now execute tests to validate that an organization’s security controls are 100% effective all the time.



    We interview Balaji Prasad, the VP of Product Management at BlueHexagon.

    Segment Topic:
    Blue Hexagon harnesses deep learning to detect known and unknown threats in both payloads and headers, in less than a second, at greater than 99.5% efficacy. Our threat detection platform can be flexibly deployed where your critical business traffic needs to be inspected-- at the network perimeter and for AWS cloud workloads. At Black Hat, we're also extending our deep learning-powered threat detection to inspect encrypted traffic.



    We interview Mike Weber, the VP of Product Management at Coalfire.

    Segment Topic:
    Coalfire Labs' R&D team and recent projects in IoT, hypervisor vulnerabilities, and covert command and control channels.



    Black Hat Interviews: Respond Software, Morphisec, and Sophos

    We interview Brett Wahlin, the VP of Security & Trust at Respond Software.

    Segment Topic:
    Known as the “turn around” CISO, Brett Whalin built his career fixing large-scale security programs for some of the most prominent companies in the world, including Sony, HP, and Staples. Brett joined Sony Entertainment after its high-profile PlayStation Network breach and thus started his journey to fundamentally change the way security organizations operate. During this interview, Brett will share his journey to re-imagine the security organization with an innovative SecOps program that laid the foundation for a complete transformation. Brett will share his strategic vision and the important lessons he’s learned along the way.



    We interview Andrew Homer, the VP of Business Development at Morphisec.

    Segment Topic:
    Enterprises migrating to—or already on—Win10 have the ideal opportunity to maximize their security profile while simplifying operations, without additional cost or complexity. Leading-edge technology allows users to fully leverage the integrated Win10 security tools providing a critical prevention layer against advanced in-memory attacks, exploits, fileless attacks, zero-days and evasive malware.



    We interview Mat Gangwer, the Director of Managed Threat Response at Sophos.

    Segment Topic:
    There are so many misconceptions about threat hunting. Misdirection and misunderstanding are lulling people into a false sense of security and leaving businesses exposed.

    • Misconception #1: The most disingenuous misconception is that threat hunting can be automated.

    - Truth: A machine can’t make the intelligent decision that something is good or bad. There’s a lot of things that happen in the gray area that easy for a model, machine learning or artificial intelligence to say this is good or this is bad – it takes a human to go in and understand the framework. Threat hunting requires human expertise.

    • Misconception #2: By having endpoint detection and response (EDR) you’re doing threat hunting.

    - Truth: EDR is an essential tool in a threat hunter’s arsenal but having only EDR gives you only part of the story.

    • Misconception #3: You can add data into a SIEM and start threat hunting.

    - Truth: The data is just the beginning of the hunt. One of the reasons threat hunting is unproductive is because of poor data quality. Good quality data allows you to more quickly and accurately identify complex threats.