Folgen

  • With cloud attacks rising, Cloud Detection and Response (CDR) is becoming a crucial focus in modern security operations. But what exactly is CDR, and how does it fit alongside other advanced security solutions like XDR? Just as Security Operations Centers (SOCs) defend the enterprise network, they now must extend their defences to the cloud, ensuring threats are detected and addressed in real time. 

    However, many organisations still rely heavily on Posture Management and "Shift Left" strategies to secure their cloud. While effective, these approaches leave gaps in protection, especially against modern attack methods. There's often an assumption that cloud security is entirely handled by the Cloud Service Provider (CSP), which leads to critical oversights. 

    Recent research reveals that traditional security measures often miss threats like runtime attacks and identity mismanagement. In this episode, Chris Steffen, EMA's Vice President of Research, speaks to Nathaniel "Q" Quist, Palo Alto's Cloud Threat Intelligence Manager, to discuss CDR and its benefits. 

    Key Takeaways: 

    Understanding the shared responsibility model is crucial for organisations.Misconfigurations are a leading cause of cloud security breaches.Ransomware attacks in the cloud behave differently than on-premises.Identity access management is a primary target for attackers.Visibility and telemetry are essential to effective security operations.Hard-coded credentials pose significant risks in cloud environments.

    Chapters

    00:00 - Introduction to Cloud Detection and Response

    02:56 - Understanding the Shared Responsibility Model

    05:47 - Cloud Security Posture Management and Its Importance

    09:07 - Real-World Scenarios in Cloud Security

    11:53 - The Evolution of Cybersecurity Technologies

    15:13 - Key Security Gaps in Cloud Environment

  • When it comes to decision-making, courage is paramount. Cybersecurity professionals must navigate high-stakes environments where swift, bold decisions can mean the difference between safeguarding critical assets and exposing vulnerabilities. This requires a willingness to act decisively, even under uncertainty, and to take calculated risks for the greater good of organizational security. Courage in this field isn’t just about individual bravery—it’s about fostering a culture where team members feel empowered to make tough calls, share unconventional insights, and drive proactive security measures.

    Equally important in cybersecurity is the value of followership and resilience. Effective followership involves supporting leadership and strategic decisions, embracing a shared sense of responsibility, and prioritising team goals over individual recognition. With a combination of courageous leadership, strong followership, and resilience, organizations can build a cybersecurity posture that not only withstands attacks but continuously improves in the face of emerging threats.

    In this episode, Paulina Rios Maya, Head of Industry Relations, speaks with Miguel Clark, a retired FBI special agent, about the nuances of leadership, particularly in high-pressure environments like law enforcement and the tech industry.

    Key Takeaways: 

    Leadership is about placing others' needs above your own.Followership is crucial for effective leadership.Courage is developed by confronting fears.Mistakes are opportunities for learning and growth.Long-term organizational health requires valuing team contributions.Effective communication is essential for leadership success.Preparation for crises is key to resilience.Building a culture of trust encourages open communication.Perfectionism can hinder decision-making and progress.

    Chapters: 

    00:00 - Introduction to Leadership and Followership

    02:45 - The Transition from FBI to Tech Industry Leadership

    06:36 - Understanding Followership in Leadership

    09:59 - Courage and Fear in Decision Making

    13:34 - Learning from Mistakes and Accountability

    17:52 - Long-term Health of Organizations

    21:39 - Communication and Understanding in Leadership

    25:56 - Preparing for Cybersecurity Breaches

    30:07 - Building a Culture of Trust

    33:51 - Conclusion: Resilience in Cybersecurity

  • Fehlende Folgen?

    Hier klicken, um den Feed zu aktualisieren.

  • Ransomware attacks increasingly force organisations to pay ransom due to the significant impact on operations, data loss, and the fear of reputational damage. Semperis’s Ransomware Risk Report explores the reasons behind the high percentage of businesses making payments, which inadvertently encourages attackers to strike again. By giving in to demands, many companies fall into a dangerous cycle of repeated attacks, becoming easy targets for cybercriminals.

    To mitigate this risk, it is critical to adopt an "assume breach" mindset. Organisations must be prepared for potential breaches by investing in robust recovery plans and strengthening cybersecurity measures, ensuring they can respond effectively without succumbing to ransom demands.

    In this episode, Paulina Rios Maya, Head of Industry Relations, speaks to Simon Hodgkinson about the reasons behind the high percentage of organisations paying ransoms, the cycle of repeated attacks, and the critical importance of having robust recovery plans.

    Key Takeaways:

    Paying ransom does not guarantee recovery.Business resilience is crucial during recovery.Recovery plans must be robust and well-tested.Identity management is a critical vulnerability.Dedicated tools are necessary for identity recovery.Recovery time objectives (RTO) need improvement.

    Purple Knight is highlighted in the report as a key tool in detecting vulnerabilities before attackers can strike. With Purple Knight, organisations can proactively assess their defences, identify weak points, and strengthen recovery plans—helping to break the costly cycle of ransomware payments.

    Chapters: 

    00:00 - Introduction to Ransomware and Its Impact

    02:50 - Understanding the Ransom Payment Dilemma

    06:03 - The Cycle of Repeated Attacks

    08:55 - The Importance of Recovery Plans

    12:05 - Identity Recovery and Its Challenges

    14:51 - Best Practices for Ransomware Resilience

    17:50 - Tools for Active Directory Recovery

    21:03 - Conclusion and Key Takeaways

  • Ransomware has become a pervasive threat, targeting organisations of all sizes and industries. The complexities of recovery after an attack are enormous, often involving extensive data restoration, system reconfiguration, and potential business disruptions. The financial toll, reputational damage, and operational downtime can be devastating. 

    AI can be a powerful tool in this battle that allows organisations to spot and prevent threats more effectively, analyse vast datasets for anomalies, and automate critical security tasks.

    In this episode, Paulina Rios Maya, Head of Industry Relations, speaks to Jim McGann, VP of Strategic Partnerships at Index Engine, about Ransomware and its consequences. 

    Key Takeaways:

    Ransomware continues to be a significant threat to organisations.The complexity of IT infrastructure contributes to ransomware vulnerabilities.User training is crucial in preventing ransomware attacks.Recovery from ransomware can take months and cost billions.Organisations often confuse disaster recovery with cyber recovery.AI can help identify patterns of bad actor behaviour.Validating data integrity is essential for effective recovery.Many organisations lack a cyber resiliency strategy.Ransomware actors often return to organisations that have paid ransoms.A proactive recovery strategy is necessary for minimising impact.

    Chapters:

    00:00 Introduction to Ransomware Challenges

    01:28 Understanding the Persistence of Ransomware

    05:17 Complexities of Recovery After an Attack

    10:57 The Role of AI in Cybersecurity

    15:31 Real-World Applications of AI in Recovery

  • Companies are constantly pushing for innovation to stay competitive. Whether adopting new technologies or streamlining processes, innovation is key to growth. However, as businesses embrace digital transformation, they open themselves to new security vulnerabilities. These advancements can quickly become liabilities without proper protection, exposing companies to cyberattacks, data breaches, and other security threats.

    Striking the right balance between innovation and security is essential for long-term success. Companies must prioritise cybersecurity alongside growth initiatives, ensuring that strong defences back every new technology or system. 

    In this episode, Richard Stiennon, Chief Research Analyst at IT-Harvest, speaks to Adeel Ahmad, Director of Technical Field Strategy at HashiCorp, and Grant Webb, Cloud Technologist, about the innovation paradox.

    Key Takeaways: 

    The balance between innovation and securityHow digital transformation introduces new vulnerabilitiesStrategies for prioritizing cybersecurity alongside growthInnovation is about change, while security is about safety.Security should not be seen as a hindrance to innovation.Embedding security in design can reduce friction.Regulatory compliance can complicate the innovation process.Shared objectives can align security and innovation efforts.Building relationships between security and development teams is crucial.CISOs should be integrated into the innovation process.

    Chapters: 

    00:00 - The Innovation Paradox: An Introduction

    02:53 - Balancing Innovation and Security

    05:49 - Regulatory Challenges in Innovation

    09:14 - Embedding Security in Organizational Culture

    12:07 - Lessons from HashiCorp's Experience

    14:58 - Building Relationships Between Security and Development

    17:52 - Creative Approaches to Security and Productivity

  • In this episode, Luke Dash, CEO of ISMS.online, speaks to Paulina Rios Maya, Head of Industry Relations, about the current state of information security, drawing on key findings from their latest report. The discussion emphasises the growing importance of compliance in the face of rising data breaches and supply chain vulnerabilities. 

    They explore artificial intelligence's dual role in cybersecurity, highlighting its potential to enhance defences and the increasing threat posed by AI-driven attacks like deep fakes. Luke stresses the need for businesses, especially in sensitive industries, to foster a culture of compliance and continuous improvement in cybersecurity measures to stay ahead of evolving risks.

    Key Takeaways:

    99% of businesses faced fines for data breaches.Supply chain attacks have increased by 22%.Deepfakes are now a significant security threat.A culture of compliance is essential for organisations.ISO 27001 is crucial for information security management.Cybersecurity should be part of daily business operations.Continuous improvement is critical to effective security practices.

    Chapters: 

    00:00 Introduction to Information Security and Compliance

    01:21 Key Findings from the State of Information Security Report

    03:10 Addressing Supply Chain Security Risks

    05:57 The Role of AI in Cybersecurity

    08:19 The Rise of Deepfakes and Their Impact

    10:39 Building a Culture of Compliance in Organizations

    12:36 Best Practices for Compliance in Sensitive Industries

    15:27 Continuous Improvement in Cybersecurity Practices

  • Ethical hacking, or penetration testing, plays a key role in protecting businesses from cyber threats by identifying vulnerabilities before malicious hackers can exploit them. As AI becomes more embedded in critical operations, it becomes a prime target for cybercriminals. Ethical hackers are stepping up to defend these systems, using their skills to protect sensitive data, safeguard privacy, and ensure businesses stay secure and operational.

    With the rise of AI-powered security tools, ethical hackers can analyse and respond to threats faster and more accurately than ever. However, the rapid advancement of AI also raises new challenges—automated systems can sometimes behave unpredictably, and new vulnerabilities may emerge. 

    In this episode, Paulina Rios Maya, Head of Industry Relations, speaks to Joseph Carson, Chief Security Scientist & Advisory CISO at Delinea, about the differences between superhero hackers, who use their skills for good, and villain hackers, who exploit vulnerabilities for malicious purposes.

    Key Takeaways: 

    Hacking is a skillset and mindset, not inherently criminal.There are two types of hackers: superheroes and villains.AI is primarily used for defensive purposes in cybersecurity.Data minimisation is essential for protecting user privacy.Attackers are increasingly targeting individuals rather than systems.Identity protection is a top priority in cybersecurity.User-friendly security measures are necessary to enhance protection.

    Chapters: 

    00:00 - Introduction to Ethical Hacking and AI's Impact

    03:14 - The Dual Nature of Hackers: Heroes vs. Villains

    06:33 - AI's Role in Cybersecurity: Opportunities and Threats

    11:18 - Balancing User Privacy and Security

    14:35 - The Role of Ethical Hackers in Cybersecurity

    17:13 - Overlooked Vulnerabilities: The Human Element in Cybersecurity

  • Traditional security models are no longer enough. Identity and Zero Trust have become essential pillars of modern information security strategies. By focusing on “never trust, always verify,” Zero Trust ensures that no user or device is trusted by default—whether inside or outside the network—identity management, meanwhile, safeguards access by verifying who is accessing your systems and data.

    Together, these approaches offer a more robust, adaptive defence against cyber threats, helping organisations protect sensitive information and mitigate risk.

    In this episode of the EM360 Podcast, Chris Steffen, EMA's vice president of research, speaks to Ran Lampert, CEO and co-founder of Infinipoint, about the importance of identity when building your Zero Trust journey. 

    Key Takeaways: 

    Identity and device authentication are equally important in Zero Trust.Compliance requirements increasingly demand device verification.Quick wins in identity management can lead to immediate improvements.Gradual implementation of security solutions is key to success.Zero Trust is a continuous journey, not a one-time fix.Integrating user and device authentication can reduce security risks.The landscape of identity management is evolving rapidly.

    Chapters:

    00:00 - Introduction to Identity and Zero Trust

    02:46 - The Evolving Landscape of Identity and Access Management

    06:09 - Understanding Attack Vectors and Security Gaps

    09:00 - Compliance and Regulatory Requirements

    11:47 - Quick Wins in Identity and Access Management

  • Red teaming is a proactive cybersecurity approach where ethical hackers simulate real-world attacks to test an organisation’s defences. Unlike traditional testing, red teaming mimics sophisticated threats to expose vulnerabilities in networks, systems, and even human factors. This process helps organisations identify weaknesses, strengthen their security posture, and improve their incident response plans to stay ahead of evolving cyber threats.

    An important aspect of red teaming is the interpersonal dynamics between the red team and the organisation’s internal teams. Collaboration and transparent communication are crucial to ensuring the exercise remains productive. Maintaining positive relationships during and after the tests fosters trust and encourages constructive feedback, essential for implementing security improvements without creating internal friction.

    In this episode, Paulina Rios Maya, Head of Industry Relations, speaks to Gemma Moore, Co-founder and Director of Cyberis about the role of red teaming in developing detection and response capabilities.

    Key Takeaways: 

    Red teaming involves testing people, processes, and technology.Maintaining positive relationships is crucial during red team exercises.Non-security stakeholders need actionable insights from red team outputs.Informed consent is essential for ethical red team operations.Respecting personal boundaries is important in red teaming.Building relationships with blue teams fosters a collaborative environment.

    Chapters: 

    00:00 - Introduction to Red Teaming and Cybersecurity

    01:20 - Understanding Red Teams: Definition and Purpose

    03:38 - Interpersonal Dynamics in Red Team Exercises

    05:58 - Engaging Non-Security Stakeholders

    08:43 - The Importance of Informed Consent

    12:34 - Ethical Considerations in Red Teaming

    17:44 - Developing Detection and Response Capabilities

    20:53 - Conclusion and Resources for Further Learning

  • Protecting sensitive data requires a robust approach, with Data Security Posture Management (DSPM) and Data Loss Prevention (DLP) at the forefront. DSPM aligns security policies with data architecture, while DLP prevents unauthorised access and leaks.

    Understanding data classification and custodianship is key to this, as it ensures that sensitive data is prioritised. Integrating AI further strengthens these strategies, offering real-time threat detection and automated protection.

    In this episode, Chris Steffen VP of Research at EMA speaks to Shannon Murphy, Global Security & Risk Strategist at Trend Micro, to discuss data security management. 

    Key Takeaways:

    Data Security Posture Management (DSPM) is essential for visibility.Data classification is crucial for effective data security.AI can enhance data discovery and classification processes.Data custodianship should involve those who understand the data.Continuous monitoring is necessary for effective data protection.A layered defense approach is necessary against emerging threats.Data security is an ongoing process, not a one-time fix.

    Chapters:

    00:00 - Introduction to Data Security Management

    02:55 - Understanding DSPM vs DLP

    06:12 - The Role of AI in Data Security

    08:57 - Data Classification and Metadata

    11:48 - Data Custodianship and Responsibility

    15:11 - Creating a Culture of Security

    17:57 - The Future of Data Security Strategies

  • Fraud networks are becoming more sophisticated, posing a significant threat to the financial, iGaming and crypto sectors. As fraudsters’ tactics evolve, these industries face growing challenges in identifying, disrupting, and preventing their activities.

    According to Sumsub internal research, every 100th user was involved in fraudulent networks in 2023. The need for robust fraud detection and prevention, from financial institutions to crypto exchanges and online gaming platforms, has never been greater. Understanding the inner workings of fraud networks and how they evolve, is not just crucial but empowering for protecting assets and customers.

    In this episode, Alvaro Garcia, Transaction Monitoring Technical Manager at Sumsub, speaks to Paulina Rios Maya, Head of Industry Relations at EM360, about how to Outsmart the Bad Guys.

    Key Takeaways:


    Fraud networks, or fraud rings, can vary in size and complexity.Money mules are often unaware they are part of fraudulent schemes.The iGaming industry is particularly vulnerable to bonus abuse.A multi-layered approach is essential for effective fraud prevention.Ongoing monitoring is crucial to catch fraud after onboarding.

    Chapters

    00:00 - Understanding Fraud Networks

    05:17 - Money Muling and Its Impact

    09:58 - Proactive Measures in Financial Sector

    13:43 - Navigating Risks in the Crypto Sector

    17:00 - Creative Tactics of Fraudsters

    19:50 - The Role of AI in Fraud Detection

    23:38 - Implementing a Multi-Layered Approach

  • New cybersecurity risks threaten critical data and systems as organisations increasingly adopt AI-driven technologies, particularly neural networks and Gen-AI. These advanced AI models, while powerful, are vulnerable to a range of attacks, including adversarial manipulation, data poisoning, and model inversion, where attackers can reverse-engineer sensitive data from the AI’s output. The complexity of neural networks often makes detecting and mitigating these risks difficult, leaving organisations exposed to potential breaches.

    In this episode, Paulina Rios Maya, Head of Industry Relations, speaks to Peter Garraghan, co-founder and CEO (and CTO) of Mindgard, about the importance of understanding these risks, the hidden vulnerabilities in AI systems, and the best practices organisations should implement to ensure security hygiene.

    Key Takeaways:

    AI and generative AI introduce new and evolving cyber threats.Understanding AI vulnerabilities is crucial for security teams.AI risks manifest in ways that are different but not new.Security teams must adapt their strategies to AI's opaqueness.AI can be used as a vector for launching attacks.Data leakage is a significant risk with AI systems.

    Chapters

    00:00 Introduction to Cybersecurity and AI Risks

    05:13 Understanding AI Vulnerabilities and Cyber Threats

    10:55 Industry-Specific Risks and Threats from AI

    15:54 Best Practices for AI Security Hygiene

  • Traditional workforce access methods are increasingly vulnerable to account takeovers, highlighting the urgent need for zero-trust access. 

    Infinipoint addresses these vulnerabilities by offering one-click remediation for device security posture checks. This innovative solution ensures that only devices meeting strict security standards can access critical resources, thereby enhancing overall security. 

    In this episode, Paulina speaks with Ran Lampert, CEO and Co-founder of Infinipoint, about the weaknesses inherent in conventional access methods.

    Key Takeaways:

    Traditional workforce access is broken and vulnerable to account takeovers and phishing attacks.Zero trust access, which combines user and device authentication, is key to defending sensitive data and resources.InfiniPoint provides a solution that prevents MFA fatigue, phishing attacks, and vulnerable device access.The platform offers one-click remediation for device security posture checks and allows enterprises to customise checks.

    Chapters:

    00:00 - Introduction and Background

    03:22 - The Inception of InfiniPoint

    04:46 - The Evolution of Access with COVID-19

    08:07 - Vulnerable Devices and Exploitation

    10:03 - The Importance of Device Authentication

    11:02 - InfiniPoint's Approach to Secure Access

    14:46 - Use Cases for InfiniPoint

    18:36 - One-Click Remediation and Customization

    20:00 - Frictionless Access and Future-Proofing

    21:27 - Conclusion

  • As the number of connected devices grows, so does the vulnerability of our digital infrastructure. Traditional security measures need help to keep up with the increasingly sophisticated threats targeting critical networks in sectors like utilities and finance. To address these challenges, there is a pressing need for a new approach to Internet security that can create secure, isolated environments within the existing Internet infrastructure.

    SCION offers a groundbreaking solution by upgrading the traditional border gateway protocol router, enabling the creation of isolation domains. These isolated networks enhance security by preventing unauthorised access and minimising potential points of failure. As more infrastructure providers adopt SCION, its possible applications in critical sectors promise everyone a safer, more resilient internet.

    In this episode, Richard Stiennon, Senior Chief Research Analyst at IT-Harvest, speaks to Martin Bosshardt, CEO of Anapaya, about cyber breaches and solutions like SCION.

    Key Takeaways:

    The increasing number of connected devices and IoT is driving a rise in cyber breaches, making defence more challenging.SCION offers a new approach to internet security by creating isolation domains within the existing internet infrastructure.SCION allows for the secure and isolated operation of critical applications in sectors like utilities and finance.The adoption of SCION by infrastructure providers and organisations holds the potential to significantly enhance internet security. By creating secure, isolated environments within the existing Internet infrastructure, SCION can effectively protect against nation-state attackers and other threats, making the internet a safer place for all.

    Chapters:

    00:00 - Introduction to IT Harvest and Anapaya

    00:57 - Understanding Recent Cyber Breaches

    02:23 - The Vulnerability of Connected Devices and IoT

    03:45 - SCION: A New Approach to Internet Security

    05:36 - Creating Isolation Domains with SCION

    08:55 - Adoption of SCION and its Potential Applications

    13:13 - Getting Started with SCION

    15:09 - SCION vs. Other Solutions for Internet Security

    17:05 - Conclusion and Call to Action

  • As cloud adoption accelerates, the demand for effective cloud threat detection solutions is snowballing. Organisations face increasing challenges in securing their cloud environments due to the complexity of modern infrastructures and cyber threats. Traditional security measures often fail to identify and respond to sophisticated cloud-based attacks, leaving businesses vulnerable to breaches, data loss, and service disruptions.

    Skyhawk addresses these challenges with its cutting-edge autonomous purple team approach. By combining AI-based red teaming with continuous detection and response capabilities, Skyhawk’s solution proactively identifies and mitigates cloud threats before they cause harm. This advanced strategy ensures that organisations can maintain robust cloud security while keeping pace with the dynamic threat landscape, enabling faster, more effective threat responses with minimal manual intervention.

    In this episode of the EM360 Podcast, Paulina Rios Maya, Head of Industry Relations at EM360Tech, speaks to Chen Burshan, CEO of Skyhawk Security, to discuss Cloud Threat Detection and Response and how proactivity is always better than reactivity.

    Key Takeaways:

    Cloud threat detection and response (CDR) solutions are in high demand due to the growing attack surface and non-patchable attacks in cloud environments.The challenges of current CDR technologies include the overwhelming volume of alerts, the difficulty in analysing and correlating different indications of compromise, and the lack of automated response capabilities.Skyhawk's CDR solution reduces noise and increases the accuracy of alerts by aggregating and correlating relevant indicators of compromise. It also enables proactive threat detection and response through simulated attacks and pre-verified automation.Skyhawk's solution's advantages include reducing alert fatigue, increasing alert accuracy, enabling effective automation, and providing a proactive defense against potential attacks.

    Chapters: 

    00:00 - Introduction and Overview of Skyhawk Security

    01:51 - The Growing Demand for Cloud Threat Detection

    04:10 - Challenges of Current CDR Technologies

    06:01 - Skyhawk's Proactive Approach to Cloud Threat Detection

    08:55 - Advantages of Skyhawk's CDR Solution

    11:14 - The Time Machine Perspective and Pre-Verified Detection

    13:03 - Utilizing Skyhawk's CDR Solution for Enhanced Cybersecurity

    15:29 - Conclusion and Call to Action

  • Critical Start's Managed Detection and Response (MDR) service is designed to provide

    24x7x365 monitoring, human-driven threat investigation, and flexible deployment across

    IT and OT environments.

    By leveraging deep technical expertise, robust API integrations, and contractual SLAs,

    they offer comprehensive protection against evolving cyber threats.

    Critical Start tackles attack vectors such as phishing, brute force attacks, and

    vulnerability exploitation by combining advanced threat detection & response, incident

    response, and proactive risk management.

    These capabilities empower organizations to continuously map, monitor, and mitigate

    threats, vulnerabilities, and risks—enhancing security posture.

    In this episode, Paulina Rios Maya of EM360Tech interviews Tim Bandos, Field CISO

    at Critical Start, about the skills needed for a SOC team and how an MDR provider

    helps organizations reduce risks and improve cybersecurity resilience.

    Key Takeaways:

    Implement comprehensive monitoring and deep visibility into endpoints to enhance SOC capabilities.Critical Start’s MDR service offers 24x7x365 monitoring, threat intelligence, and endpoint protection.Ensure SOCs receive expected signals by monitoring endpoint security gaps and log ingestion failuresLeverage lessons from ongoing MDR operations by mapping telemetry to the MITRE ATT& CK® framework and deploying proactive mitigations to reduce long- term risk.

    Chapters:

    00:00 - Skills Needed for a SOC Team

    05:05 - Deliverables of a Managed Detection and Response Service

    07:21 - Common Entrance Vectors of Attack

    10:37 - Proactive Defense Strategies

    11:06 - Ensuring Expected Signals

    12:31 - Endpoint Protection and Security Software

    15:37 - Using Data and Lessons from MDR Operation

  • When looking for the right cybersecurity to keep your organization safe, it’s easy to get overwhelmed by the acronyms and solutions on the market today. EDR. MDR. XDR. NDR. How can organizations really identify not only what they need, but what solutions can evolve with their strategies? 

    In this episode of the EM360 Podcast, Chris Steffen, EMA's Vice President of Research, speaks to Kyle Falkenhagen, Secureworks’ Chief Product Officer, to discuss how organizations are investing in extended detection and response solutions as a comprehensive approach to cybersecurity. 

    Key Takeaways:

    XDR (Extended Detection and Response) is a comprehensive approach that combines proactive risk reduction with reactive response. But not all solutions are equal, and it’s important to understand the distinction between basic and robust response.Identity plays a critical role in cybersecurity, with many breaches having an identity component. Organizations should focus on securing their identity environment and detecting and responding to identity-based threats.Balancing proactive security measures with traditional detection and response is vital for improving security posture. Organizations should look for security partners that can provide reactive and proactive capabilities.

    Chapters: 

    00:00 - Introduction and Background

    02:48 - The Role of Response in XDR

    08:50 - Balancing Proactive Security and Detection & Response

    11:03 - The Significance of Identity in Cybersecurity

    18:51 - Integrating Threat and Exposure Data for Better Security Posture

    23:23 - Conclusion

  • Understanding the key differences between approaches in the EU and the US can help unlock maximum value with the right security strategies. Traditional methods often fall short, but integrating Machine Learning (ML) into your security framework can transform your defence against modern threats. 

    Embrace a dynamic approach to security that adapts to evolving risk profiles. ML optimises your security investments and ensures that measures are tailored to specific threats, enhancing protection and efficiency. 

    In this episode of the Security Strategist, Chris Steffen, EMA's VP of research, speaks to Brady Harrison, Kount's Director of Customer Analytics Solution Delivery, to discuss maximising value through optimal security strategies.

    Key Takeaways:

    Finding a balance between fraud prevention and sales generation is crucial for optimising security strategies.Machine learning can help businesses make informed, risk-based decisions by analysing large volumes of data in real-time.Optimising security investments involves evaluating the cost-benefit trade-offs and setting appropriate risk thresholds.

    Chapters:

    00:00 - Introduction to the Security Strategist podcast

    00:25 - Introduction to Kount and its focus on customer analytics and fraud prevention

    01:49 - Differences between EU and US security strategies

    05:12 - Balancing fraud prevention and sales conversion

    08:59 - Optimizing security investments with machine learning

    14:43 - Advantages of machine learning in security

    18:31 - Setting security strategy based on machine learning

    23:47 - Treating customers as good until proven otherwise

    25:11 - Conclusion and call to action

  • In the post-pandemic world, relying solely on perimeter-based identity security is no longer sufficient. Increased cloud adoption, expanded access permissions, and the complexities of modern cloud environments have exposed vulnerabilities that traditional methods can't address. Issues like VPN weaknesses and inadequate security controls highlight the need for a new approach.

    Explore the critical components of Zero Trust, including explicit verification, least privilege access, continuous monitoring, and adaptive policies. Discover how shifting to a Zero Trust framework can better protect your organisation in today’s complex and evolving landscape. 

    In this episode of The Security Strategist, Vivin Sathyan, Senior Technology Evangelist at ManageEngine, speaks to Alejandro Leal, Analyst at KuppingerCole, about why evolving your security strategy is essential for staying secure and resilient. 

    Key Takeaways:

    A layered approach to user, application, device, and network security is crucial for comprehensive protection, reducing the overall attack surface and focusing on newer threats.Common user vulnerabilities include weak authentication, insider threats, privilege escalation, misconfigured access controls, and unpatched vulnerabilities.Organisations can better protect against these risks at the identity level by implementing risk assessment procedures, enforcing strong password policies, monitoring user behaviour for anomalies, and providing context-based employee training.

    Chapters

    00:00 Introduction and Challenges of Perimeter-Based Approach

    05:09 Zero Trust: Critical Components and Differences

    09:55 The Importance of a Layered Approach to Security

    13:15 Common Vulnerabilities Associated with Users

    18:04 Protecting Against Risks at the Identity Level

    21:26 Translating the Zero Trust Philosophy into Actionable Steps with Managed Engine

  • Zero Trust architecture is a modern security approach that enhances protection by focusing on network segmentation and granular access control, moving away from traditional perimeter defences. This model helps prevent breaches and limits the spread of threats within a network.

    While transitioning to Zero Trust can be challenging, it can be implemented gradually without disrupting existing systems. Future advancements may include a software bill of materials to verify the integrity of the code used within the network.

    In this episode, William Malik, advisor at Lionfish Tech, speaks to Paulina Rios Maya, Head of Industry Relations at EM360, about Zero Trust architecture, security breaches and network segmentation. 

    Key Takeaways:

    Zero Trust architecture eliminates the concept of a perimeter and focuses on network segmentation and granular access control.Transitioning to the Zero Trust model can be done incrementally without disrupting the entire environment.The future of Zero Trust security may involve implementing a software bill of materials to ensure the veracity of the code being used.

    Chapters:

    00:00 - Introduction to Zero Trust Architecture

    02:23 - The Importance of Network Segmentation

    04:45 - Transitioning to Zero Trust

    13:25 - The Future of Zero Trust