Difference between revisions of "Episode607"

From Security Weekly Wiki
Jump to navigationJump to search
Line 25: Line 25:
  
 
= Interview: Paul Ewing, [https://securityweekly.com/endgame Endgame] -  6:00-6:30PM =
 
= Interview: Paul Ewing, [https://securityweekly.com/endgame Endgame] -  6:00-6:30PM =
[[File:PaulEwing.png|right|250px|thumb|<center>'''[https://twitter.com/_paulewing Paul Ewing]'''is a Partner of [https://securityweekly.com/endgame Endgame]</center>]] Paul leads Endgame's adversary hunt efforts by prototyping analytics to detect malicious behaviors and techniques used by cyber threats. Paul has over nine years of experience supporting incident responses and leading hunting teams. His career began as a computer programmer, but transitioned from software design to the pursuit of Advanced Persistent Threats.
+
[[File:PaulEwing.png|right|250px|thumb|<center>'''[https://twitter.com/_paulewing Paul Ewing]'''is a Partner of [https://securityweekly.com/endgame Endgame]</center>]] Paul leads Endgame's adversary hunt efforts by prototyping analytics to detect malicious behaviors and techniques used by cyber threats. Paul has over nine years of experience supporting incident responses and leading hunting teams. His career began as a computer programmer, but transitioned from software design to the pursuit of Advanced Persistent Threats.<br><br>Topic: Nobody knows an organization’s environment better than its IT security team. Software deployment tools, networking and routing nuances, threat models, operational IT tasks, change controls, and more, prove that there are many things that make one infrastructure infinitely unique compared with another.<br><br>Yet security vendors try to solve the same problems for every organization in the same way. The most aggressive of preventions are disabled and often hidden, to avoid the deluge of false positives. Detections are suppressed until cloud services can analyze the stream of events and identify an attack, stopping potential alert fatigue and hiding inaccuracy, yet opening a threat window for adversaries to exploit.<br><br>In this episode of Paul’s Security Weekly, we will talk with Paul Ewing of Endgame about how to close the ‘breakout window’ between detection and response, and hear about Endgame’s recently announced technology, Reflex, that was built with customized protection in mind.<br><br>
 +
Segment Resources:
 +
* About Endgame Reflex: https://www.endgame.com/sites/default/files/endgame-solution-brief-reflex.pdf
 +
* Reflex announcement: https://www.endgame.com/news/press-releases/endgame-introduces-reflex
 +
* EQL Github repository: https://github.com/endgameinc/eql
 
<!--<center>{{#ev:youtube|WJAiTXAvtRQ}}</center>-->
 
<!--<center>{{#ev:youtube|WJAiTXAvtRQ}}</center>-->
  

Revision as of 21:15, 3 June 2019

Recorded June 6, 2019 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Larry Pesce
    Senior Managing Consultant and Director of Research at InGuardians, SANS Instructor.
  • Lee Neely
    is a Sr. Cyber Analyst at LLNL,SANS Analyst, SANS NewsBites Editor

  • Guest Co-Host


    Amanda Berlin is CEO at Mental Health Hackers, and a Sr. Security Architect at Blumira. After beginning to open up about her own mental health struggles, an overwhelming amount of positive feedback encouraged her to continue to lead initiatives to help others struggling to see they aren’t alone.



    Announcements

    • We just released our 2019 Security Weekly 25 Index Survey. Please go to securityweekly.com and click the Survey link to help us understand who's evaluating, using, or formerly used any of the Security Weekly 25 companies. The results will be summarized and presented back to all responders in a private webcast.

    Interview: Paul Ewing, Endgame - 6:00-6:30PM

    Paul Ewingis a Partner of Endgame

    Paul leads Endgame's adversary hunt efforts by prototyping analytics to detect malicious behaviors and techniques used by cyber threats. Paul has over nine years of experience supporting incident responses and leading hunting teams. His career began as a computer programmer, but transitioned from software design to the pursuit of Advanced Persistent Threats.

    Topic: Nobody knows an organization’s environment better than its IT security team. Software deployment tools, networking and routing nuances, threat models, operational IT tasks, change controls, and more, prove that there are many things that make one infrastructure infinitely unique compared with another.

    Yet security vendors try to solve the same problems for every organization in the same way. The most aggressive of preventions are disabled and often hidden, to avoid the deluge of false positives. Detections are suppressed until cloud services can analyze the stream of events and identify an attack, stopping potential alert fatigue and hiding inaccuracy, yet opening a threat window for adversaries to exploit.

    In this episode of Paul’s Security Weekly, we will talk with Paul Ewing of Endgame about how to close the ‘breakout window’ between detection and response, and hear about Endgame’s recently announced technology, Reflex, that was built with customized protection in mind.

    Segment Resources:


    Tech Segment: - 6:30 - 7:30PM



    Security News - 7:30PM-8:30PM

    Paul's Stories

    1. VMware addressed flaws in its Workstation and Tools
    2. Streaming Video Fans Open to TV Hijacking
    3. When Security Goes Off the Rails - Perhaps most interesting are the training findings: "Amtrak did not provide sufficient training on all characteristics of the Charger locomotive," and "Engineers could better master the characteristics of a new locomotive with the use of simulators." How many of us have gotten "sufficient training" on "all characteristics" of the software we use to get our jobs done? What would that even mean for a systems administrator? How long is sufficient RedHat system administration training? What does it mean to get sufficient training on an Amazon Web Services component, which is subject to change at any time? How many of us have ever used a simulator or range?
    4. Experts Call For IoT Security Regulation
    5. YouTube bans kids live-streaming without an adult present
    6. 0patch experts released unofficial Patch Available for Recent Windows 10 Task Scheduler Zero-Day
    7. 440 Million Android Users Plagued By Extremely Obnoxious Pop-Ups - Attackers are getting more sneaky and patient: For instance, it takes a little sleep before swinging into action. “These ads do not immediately bombard the user once the offending application is installed, but become visible at least 24 hours after the application is launched,” the researchers said. “For example, obtrusive ads did not present themselves until two weeks after the application ‘Smart Scan’ had been launched on a Lookout test device.”
    8. PLATINUM APT Found Using Text-based Steganography to Hide Backdoor - The Steganographic Nature of Whitespace or SNOW for short, is a steganographic covert messaging technique that involves “…concealing messages in ASCII text by appending whitespace to the end of [sentence] lines” (Kwan, 2013). The technique exploits the fact that most text viewer applications do not show spaces and tabs which hide encrypted messages that are unreadable even if detected without the correct decryption key.
    9. Exclusive: Cisco SVP Jeff Reed Talks Firewall of the Future - SDx
    10. Apple's Find My feature requires two devices, boasts extreme security safeguards
    11. It's Time To Pay Attention To Zorin OS 15, The Best Desktop Linux Distro You've Never Heard Of
    12. Switching to Windows? These Are the Best Mac Alternatives
    13. How to Bypass UAC & Escalate Privileges on Windows Using Metasploit

    Larry's Stories

    Lee's Stories

    1. SalesForce bans customers from gun sales SalesForce new customer agreement bans new and existing customers from certain types of weapons sales. How does a SaaS dictate your business plan or morality?
    2. The Password is dead, long live the Password Microsoft updates password change guidance to align with NIST 800-63B nit changing passwords on a schedule.