ES Episode157

From Security Weekly Wiki
Revision as of 15:34, 11 September 2019 by Wheat Loaf (talk | contribs) (Created page with "''Recorded October 16, 2019 at G-Unit Studios in Rhode Island!'' ==Episode Audio== <!-- <div align="center"> {{#widget:SoundCloud |id=632536179 |width=75% |height=100 |color...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

Recorded October 16, 2019 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • John Strand
    Security analyst, Founder of Black Hills Information Security, and CTO of Offensive Countermeasures.
  • Matt Alderman
    CEO at Security Weekly, Strategic Advisor, and Wizard of Entrepreneurship
  • Annoucements:

    • Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!
    • OSHEAN and the Pell Center are partnering together to present Cybersecurity Exchange Day on Wednesday, March 18th from 9am-3pm at Salve Regina University in the beautiful Newport, RI! Visit securityweekly.com/OSHEAN2020 to register for free and come join in the fun!
    • We have officially migrated our mailing list to a new platform! Sign up for the list to receive invites to our virtual trainings, webcasts, and other content relative to your interests by visiting securityweekly.com/subscribe and clicking the button to join the list! You can also submit your suggestions for guests by going to securityweekly.com/guests and submitting the form! We'll review them monthly and reach out if they are a good fit!
    • Our first-ever virtual training is happening on March 19th @11:00am ET, with Adam Kehler & Rob Harvey from Online Business Systems Risk, Security & Privacy Team. In this training you will learn how to generate a complex SHA-256 hashed password and then use password cracking tools to break it. Register for our upcoming trainings by visiting securityweekly.com, selecting the webcast/training drop down from the top menu bar and clicking registration.


    Enterprise News

    1. Okta launches offerings for threat detection and remediation - Okta is introducing two features of SecurityInsights: UserInsight, suspicious activity reporting for end-users, and HealthInsight, customized, dynamic security best practice recommendations for administrators. These end-user and administrator functionalities build on Okta’s ThreatInsight, network effect-driven protection that prevents threat actors from compromising user accounts by identifying and blocking malicious IPs pre-authentication.
    2. Tenable Extends Lumin to All Platform Customers - The Cyber Exposure score is an objective measure of cyber risk, derived through data-science based measurement of vulnerability data together with other third-party data such as threat intelligence and asset criticality. The score is automatically generated through machine learning algorithms which combine the vulnerability with its likelihood of exploitability and the related asset’s business criticality.
    3. Thoma Bravo makes $3.9 billion offer to acquire Sophos - CEO Kris Hagerman, as you would expect, put the deal in the brightest possible light. “Sophos is actively driving the transition in next-generation cybersecurity solutions, leveraging advanced capabilities in cloud, machine learning, APIs, automation, managed threat response, and more. We continue to execute a highly-effective and differentiated strategy, and we see this offer as a compelling validation of Sophos, its position in the industry and its progress,”
    4. Radware's Kubernetes WAF Enables DevOps Organizations to Develop and Deliver Applications Securely Without Compromising Agility - Radware Kubernetes WAF is currently the only solution offering an auto policy generation and optimization engine for application security in Kubernetes environments, enabling protection against known threats and zero-day attacks alike. It provides data leakage protection across web applications and APIs and gives both DevOps and Security teams unprecedented visibility including security events and policies, application telemetry, network statistics, performance and minimal latency. The solution enables single termination of TLS traffic only at the host level and thus eliminates the need to manage multiple certificates across different parties.
    5. Announcing GraphQL Security Scanning - GraphQL makes it easy to decouple user interface needs from a backend API server by offering a buffet of data and relationships without restricting the format to a specific JSON payload. Nowadays UI developers can iterate quickly, but this puts extra load on API server engineers to make a performant, and most importantly safe, GraphQL API. One huge advantage of GraphQL APIs is that they are self-documenting. Most GraphQL APIs can be introspected to pull out the types, fields, and mutations. This can make it a joy to work with a tool like GraphiQL to explore an API, but also makes it very easy to get started scanning.
    6. Signal Sciences Announces Integration with Pivotal Container Service
    7. CounterFlow AI launches ThreatEye, an open, scalable AIOps platform - Differentiators are important: “Based on an AIOps-powered platform, ThreatEye enables machine learning and artificial intelligence to go to work for security analysts and provide them instant access to the hard facts sooner,” said Randy Caldejon, chief executive and co-founder at CounterFlow AI.
    8. Acronis' integrated stack of solutions provides edge, endpoint, and data center workloads protection - Acronis Cyber Protect, integrates seven key cyber protection capabilities into one easy-to-use solution – including backup, disaster recovery, AI-based protection against malware, data authenticity certification and validation, vulnerability assessments, patch management, and remote monitoring and management.


    Interview:


    Interview: