Episodes

  • This week, on Enterprise Security Weekly, we've got:

    Identity Security gets more funding Wiz walks away BlackHat Announces Startup Spotlight Finalists Crowdstrike post mortem Simple Security Tricks are the Best Security Tricks Splitting the CISO role Web scraping for AI is out of control SEC vs Solarwinds Vaping the Internet

    Show Notes: https://securityweekly.com/esw-369

  • Edward Wu thinks so! Understandably so, as his startup, Dropzone.ai is making a big bet on generative AI to change the face (and pace) of security operations.

    We'll talk about what has changed here, and I have so many questions:

    after many generations of AI/ML technology in security, is the current gen really that dramatically different? Dropzone is far from the only startup with the same idea here, how will they differentiate? Is the problem that we need more help than we can possibly hire, or are we fundamentally doing something wrong in security operations? Specifically, what is this tech doing to help?

    Finally, we'll wrap by talking about where this tech goes next, and can we get there with current technology, or are we dependent on more breakthroughs from companies like OpenAI, Anthropic, and Meta?

    Show Notes: https://securityweekly.com/esw-369

  • Episodes manquant?

    Cliquez ici pour raffraichir la page manuellement.

  • The emergence of generative AI has caused us to rethink things on two fronts:

    how we consume threat detection data, as defenders how we need to shift our thinking and approaches to prepare for attackers' newfound GenAI capabilities

    But wait - is GenAI even useful for defenders or attackers? We'll dive deep into the state of AI as it pertains to security operations, just as Gartner announces that AI is hitting the trough of disillusionment. What better time to dispel the hype and focus on where real progress can be made?

    Show Notes: https://securityweekly.com/esw-369

  • In this week's enterprise security news,

    Google is rumored to be considering acquiring Wiz for $23 BILLION ThreatConnect acquires Polarity XBOW and Sola Security are interesting new companies we’ll discuss What does “shared responsibility” actually mean? Palo Alto probably isn’t going to buy your startup Snowflake-related breaches continue getting worse MUCH less AI talk than usual Defragmenting your browser

    All that and more, on this episode of Enterprise Security Weekly.

    Show Notes: https://securityweekly.com/esw-368

  • On this segment, we're going to zoom all the way out to discuss one of my favorite topics: what's fundamentally wrong with this industry? I believe we're at an inflection point: security teams have budget, staff, and more sway at the board level than ever. The cybersecurity market is doing great - growing at an astonishing rate with cyber startups that almost never fail and funding that survives every market downturn.

    So why are failures also breaking records? What are we getting wrong? Why are we failing?

    These are the questions Richard, Katie, and I will try to answer in this segment.

    Segment Resources:

    www.riskcrew.com/resources-2/cybersecurity-circle-of-failure/

    Show Notes: https://securityweekly.com/esw-368

  • Three years after we last discussed this book on episode #221, Jarrett Rodrick returns, joined by co-author Tyler Wall to discuss an update of the book. We talk opportunities and layoffs. Career paths and experience. Degrees, certifications, and home labs. We talk about who cybersecurity is the right field for, and the pros and cons of the industry as a whole.

    We also talk myths and reality about a cybersecurity career. Can you really make $100k just a few years in? Is it really an entry level field? Are you better off entering cyber from IT or the military?

    Segment Resources:

    Pick up the book on the publisher's website Pick up the book on Amazon Actual junior roles and entry level opportunities

    Show Notes: https://securityweekly.com/esw-368

  • In this week's enterprise security news,

    Seed rounds are getting huge Lots of funding for niche security vendors Rapid7 acquires Noetic Cyber but Rapid7 is also rumored to sell itself! Slack battles infostealers The loss of Chevron deference impacts cyber Should cybersecurity put up a no vacancy sign? Figma and Google both make some embarrassing mistakes The RockYou2024 file does NOT contain 10 billion passwords I introduce a new news category: AI indegestion

    All that and more, on this episode of Enterprise Security Weekly!

    Show Notes: https://securityweekly.com/esw-367

  • I'm always thrilled to chat with ex-analysts, and Henrique Teixeira can cover a lot of ground with us on the topic of identity management and governance. The more I talk to folks about IAM/IGA, the more I'm shocked at how little has changed. If anything, it seems like we've gone backwards a bit, with the addition of cloud SaaS, mobile devices, and shadow IT. Identity is one of the most common entry points for attacks, so we've got to do better as an industry here.

    We'll cover a variety of topics in this interview, including:

    Why Henrique chose to go to Saviynt from Gartner Vendor risk concentration in identity Resilience in identity, especially when depending on a SaaS IdP Identity attack evolution (and the creation of the ITDR category) What's working in identity to move things forward, and what is holding us back

    This segment is sponsored by Saviynt. Visit https://securityweekly.com/saviynt to learn more about them!

    Show Notes: https://securityweekly.com/esw-367

  • We've made a slight tweak to the news format, only focusing on the most interesting funding and acquisition stories. As always, you can go check out Mike Privette's Return on Security newsletter for the full list of funded and acquired companies every week.

    This week, we discuss two $100M+ rounds, from Huntress and Semperis. We also discuss NetSPI's acquisition of Hubble, and the future of the CAASM market.

    We focus on the important of detection engineering, echoing some of Martin Roesch's thoughts from our interview with him just before the news. One story is from the excellent DFIR report, a website and newsletter you should absolutely be subscribed to if detection engineering is important to you. The other story is from Thinkst, and showcases their ability to create file share honeypots with file listings that can now be tailored to specific industries.

    We discuss the results of some polls that RSnake ran on Twitter, to get feedback from folks on what they think about these models where CISOs are reportedly getting kickbacks for buying products from companies they advise.

    We also discuss the latest whistleblower insights about Microsoft and the state of security there, and the recent Polyfill.io incident that targeted over 100k websites with malware.

    Finally, we spend the rest of the news segment discussing the current state of Generative AI, from our own perspectives, but also through the lens of Bruce Schneier's latest blog post, a year old post from Marc Andreesen, and a rage-fueled rant from an angry Aussie.

    Don't miss the squirrel story - we highly recommend sending it to all your PhD friends (or not, if they're easily insulted and/or likely to hold a grudge).

    Show Notes: https://securityweekly.com/esw-366

  • For decades, security teams have been focused on preventing and detecting threats, only to find themselves buried so deep in alerts, they can't detect anything at all! We clearly need a different approach, which will be the topic of our conversation today with Marty. We'll be discussing a shift in philosophy and tactics. We'll discuss whether SecOps has a hoarding problem, and possible paths out of the current situation preventing today's teams from successfully detecting attacks. Finally, we'll discuss the impact AI has on all this (if any).

    Segment Resources:

    Why It’s Time to Evolve from Threat-centric to Compromise-centric Security Evolve from Threat-Centric to Compromise-Centric Security How to Close the Visibility Gaps Across Your Multi-Cloud Environment Defend HPC Data Centers with Frictionless Security & Observability

    Show Notes: https://securityweekly.com/esw-366

  • We all might be a little worn out on this topic, but there's no escaping it. Executives want to adopt GenAI and it is being embedded into nearly every software product we use in both our professional and personal lives. In this interview, Anurag joins us to discuss how his company evaluated and ultimately integrated AI-based technologies into their products. We discuss:

    What to be aware of when deploying GenAI Key use cases and successes organizations are having with GenAI Some of the risks to be aware of How to prepare employees for GenAI Best practices to prepare for evolving threats

    Show Notes: https://securityweekly.com/esw-366

  • Traditional approaches to access management are no longer sufficient to safeguard enterprise security. Tim will explain why the most effective approach to modern enterprise security requires a Zero Trust model that extends beyond just access to encompass every action, no matter how minor.

    Tim will describe the importance of implementing a Zero Trust framework that evaluates each command, query, and configuration change in real-time, and how that delivers the most effective and complete security solution. Doing so involves the application of fine-grained authorization policies that adapt to the context of the user, the sensitivity of the action, and the prevailing threat landscape.

    Segment Resources: https://www.strongdm.com/blog/pam-was-dead-strongdm-just-brought-it-back-to-life https://www.strongdm.com/whitepaper/technical-overview

    This segment is sponsored by StrongDM. Visit https://securityweekly.com/strongdmidv to learn more about them!

    Traditional IGA solutions are not risk-focused by design, and as audit and compliance focus continues to expand beyond core ERP systems and into line of business apps and point solutions, organizations must plan holistically how to address risk across their application landscape. It’s never too late to start kicking off your risk reduction journey, and utilizing an innovative, unified platform for both identity and access risk governance has significant, compounding benefits and helps organizations realize faster time to value, lower TCO and longer term consistent risk exposure reduction. Ensuring access to all of your business-critical applications is provisioned seamlessly, efficiently, and cost-effectively while meeting risk, audit and compliance requirements should be the primary goal of any identity and access risk governance solution implementation.

    Segment Resources: https://get.pathlock.com/demo-sem-kuppingercole-access-control-tools-multi-vendor-lob https://pathlock.com/learn/access-provisioning/ https://pathlock.com/compliant-provisioning-copy/ https://pathlock.com/learn/what-is-identity-governance-and-administration/ https://pathlock.com/distressed-iga-deployments/

    This segment is sponsored by Pathlock. Visit https://securityweekly.com/pathlockidv to learn more about them!

    Remote identity verification is one of the biggest challenges in the digital age, especially with the use of AI-generated deepfakes which are now impossible to distinguish from real imagery with the human eye. AI-powered biometrics have emerged as the most robust defense against deepfakes - and therefore, the only reliable method for remote identity verification.

    Segment Resources: iProov.com https://www.iproov.com/ iProov Threat Intelligence Report 2024: The Impact of AI on Remote Identity Verification - https://www.iproov.com/reports/iproov-threat-intelligence-report-2024

    This segment is sponsored by iProov. Visit https://securityweekly.com/iproovidv to learn more about them!

    The criminal opportunity shaping the landscape today and how authoritative, accurate and automated processes are helping others increase their conversion rates by 20% while preventing 99% of all fraudulent attempts. What is the Criminal Opportunity facing us all right now? Data breaches and mail theft have resulted in a record level of available compromised Identity Information, payment information, and login information and even stolen checks. It has been said that ’At this point, all of our information is out on the dark web and it's now just a matter of when is it going to be used against us.’ Combined with inadequate fraud strategies, fraudsters have the key to the castle, it’s a perfect scenario of having the answers to the quiz ahead of time.

    This segment is sponsored by Intellicheck. Visit https://securityweekly.com/intellicheckidv to learn more about them!

    Show Notes: https://securityweekly.com/vault-esw-12

  • FIDO security keys are not new in the authentication workflow. They have been around now for 10 years. What is new is the combination of the most secure multi-factor authentication method not only for logical but also for physical access control with the highest FIPS140-3 security certification in the market.

    Segment Resources: Video "Swissbit iShield Key Pro: Protecting Digital Identities" https://www.youtube.com/watch?v=kxtqOyZ6e80

    This segment is sponsored by Swissbit. Visit https://securityweekly.com/swissbitidv to learn more about them!

    While AI artificial intelligence is up-and-coming, automating your organization's PKI infrastructure is very much a reality, and can help save your IT team on hardware costs and employee costs in the long term. Additionally, a powerful PKI-as-a-Service solution provides the cryptoagility your organization can rely on as artificial intelligence, post-quantum computing, and shortened certificate validity periods become reality.

    This segment is sponsored by HID. Visit https://securityweekly.com/hididv to learn more about them!

    Cyberattacks, fraud and breaches, we’ve all studied them, and we are all aware that identity is under attack. And if we thought it was bad up until now, we haven't fully seen the impact of GenAI based identity attacks. Going beyond just Deepfakes, GenAI-powered malicious services such as FraudGPT, lets novices craft targeted and sophisticated attacks that bypass common IAM and security controls. Identity and security leaders must brace themselves for an increase in the volume, velocity and variety of attacks ("the three V's:). In this talk, former Gartner analyst David Mahdi and CIO of Transmit Security cover what you need to know about GenAI these attacks, and what you can do about it. Specifically, the types of attacks fraudsters are conducting across the identity lifecycle, insight into their tactics and services, and finally recommendations for a path forward.

    This segment is sponsored by Transmit Security. Visit https://securityweekly.com/transmitidv to learn more about them!

    Show Notes: https://securityweekly.com/vault-esw-12

  • Log4j, solar winds, tesla hacks, and the wave of high profile appsec problems aren’t going to go away with current approaches like SAST and SCA. Why? They are:

    -40 years old, with little innovation

    -Haven’t solved the problem.

    In this segment, we talk about fully autonomous application security. Vetted by DARPA in the Cyber Grand Challenge, the approach is different:

    -Prove bugs, rather than trying to list all of them.

    -Zero false positives, which leads to better autonomy.

    Segment Resources:

    Article on competition: https://www.darpa.mil/about-us/timeline/cyber-grand-challenge

    Technical article on approach: https://spectrum.ieee.org/mayhem-the-machine-that-finds-software-vulnerabilities-then-patches-them

    Example vulns discovered:

    https://forallsecure.com/blog/forallsecure-uncovers-critical-vulnerabilities-in-das-u-boot

    https://github.com/forallsecure/vulnerabilitieslab

    Show Notes: https://securityweekly.com/vault-esw-12

  • Enterprises often struggle with achieving business value in identity programs. This is typically the result of technology choices that require a disproportionately greater amount of effort and focus and underestimating the workforce required for organizational change management. With 30 years in the industry and a depth of accumulated knowledge working with large, global customers and vendors, we share how to identify and realize the business value in your organization’s identity program.

    Segment Resources: https://files.scmagazine.com/wp-content/uploads/2024/05/SDG-IAM-Brief-1.pdf https://files.scmagazine.com/wp-content/uploads/2024/05/SDG-IAM-Modernization-Service-Brief-1-1.pdf

    This segment is sponsored by SDG. Visit https://securityweekly.com/sdgidv to learn more about them!

    In today’s increasingly complex cloud environments, ensuring continuous access to identity services is critical for maintaining business operations and security. Gerry Gebel, VP of Product and Standards at Strata Identity, will discuss the recently announced Identity Continuity product, designed to provide uninterrupted identity services even during outages. Unlike traditional disaster recovery solutions, Identity Continuity autonomously fails over to alternate identity providers, ensuring seamless access management. Join us to explore how Strata Identity is enhancing resilience in the identity management space.

    Segment Resources: Strata Identity Continuity Product page: https://www.strata.io/maverics-platform/identity-continuity/ State of Multi-Cloud Identity report: https://strata.io/wp-content/uploads/2023/08/State-of-multi-cloud-identity-2023_Strata-Identity.pdf Parametrix Survey = https://www.reinsurancene.ws/leading-cloud-service-providers-faced-1000-disruptions-in-2022-parametrix/

    This segment is sponsored by Strata. Visit https://securityweekly.com/strataidv to learn more about them!

    Digital businesses are under attack from account and platform fraud, including Account Takeover (ATO), account opening fraud, and many variations of fraudulent account scams, impersonations, transactions and collusions. Learn best practices to stop fraud with better detection and prevention that can also improve customer satisfaction and operating efficiencies.

    This segment is sponsored by Verosint. Visit https://securityweekly.com/verosintidv to learn more about them!

    Show Notes: https://securityweekly.com/esw-365

  • Several recent trends underscore the increasing importance of Know Your Business (KYB) practices in today's business landscape. One significant trend is the rise in financial crimes, including money laundering, fraud, and terrorist financing. Technological advancements have transformed the way businesses operate, leading to increased digitization, online transactions, and remote customer interactions. While these developments offer numerous benefits, they also create opportunities for criminals to exploit vulnerabilities. Higher value remote transactions are performed at higher volumes. In addition, government programs such as the PPP program created a need for onboarding business quickly. This created a influx of fraudulent entities and claim who are now exploiting other channels. The convergence of these trends highlights the critical role of KYB in safeguarding businesses, ensuring regulatory compliance, and fostering trust among stakeholders in today's dynamic and interconnected business environment.

    Segment Resources: https://files.scmagazine.com/wp-content/uploads/2024/05/idi-Identiverse-Brochure_05-2024-KYB-PRINT.pdf

    This segment is sponsored by IDI. Visit https://securityweekly.com/idiidv to learn more about them!

    From wrestling with integration complexities to managing unexpected glitches, the realities of SSO implementation can produce very different results than what you want. Are users actually using SSO to login or are they still using the direct logins they gained before enabling SSO? We explore the reasons behind why SSO efficacy isn't always what it seems and what you can do about it.

    This segment is sponsored by Savvy. Visit https://securityweekly.com/savvyidv for a no cost SaaS-Identity checkup!

    With identity being the new security perimeter, identity platforms are now an integral part of the core security stack. Inherently these platforms are complex and it takes months and years for organizations to realize the business value. And this is going to get worse. The sheer volume and velocity with which new identity types are being added, as well the sophistication of attacks on identity platforms, requires a transformational shift to Identity security and governance. 50% operational efficiency and delivering security at scale are the two big initiatives which organizations have embarked on. In this session, Vibhuti Sinha, Chief Product Officer of Saviynt will share his insights and discuss how Saviynt is at the forefront of this transformation.

    This segment is sponsored by Saviynt. Visit https://securityweekly.com/saviyntidv to learn more about them!

    Show Notes: https://securityweekly.com/esw-365

  • This week, we've got data security being both funded AND acquired. We discuss Lacework's fall from unicorn status and why rumors that it went to Fortinet for considerably more than Wiz was willing to pay make sense.

    Microsoft Recall and Apple Intelligence are the perfect bookends for a conversation about the importance of handling consumer privacy concerns at launch.

    How can the Snowflake breach both be one of the biggest breaches ever, but also not a breach at all (for Snowflake, at least). It's time to have a conversation about shared responsibilities, and when the line between CSP and customer needs to shift.

    The CSA's AI Resilience Benchmark leaves much to be desired (like, an actual usable benchmark) and Greg Linares tells a wild story about how the first Microsoft Office 2007 vulnerability was discovered.

    Finally, the Light Phone III was announced. Do we finally have a usable minimalist, social media detox-friendly phone option? Will Adrian have to buy one to find out?

    Show Notes: https://securityweekly.com/esw-365

  • The interview will delve into the healthcare industry's tumultuous year in 2023, marked by 124 million breached health records across 725 hacking incidents (according to The HIPAA Journal). This interview will explore the critical role that MSSPs play in safeguarding health data and systems against potential security incidents, such as ransomware and business email compromise attacks. Jim Broome will share how to proactively prepare for an incident - including establishing a comprehensive incident response plan, outlining strategies for containment, restoration, and ongoing security operations, and how an MSSP can help.

    Segment Resources: Tales from the Road Blog: An External Pen Test at a Healthcare Organization Reveals the Dangers of the Dark Web - https://www.directdefense.com/tales-from-the-road-an-external-pen-test-reveals-the-dangers-of-the-dark-web/

    2023 Security Operations Threat Report: https://go.directdefense.com/2023-Security-Operations-Threat-Report

    This segment is sponsored by DirectDefense. Visit https://securityweekly.com/directdefensersac to learn more about them!

    In the dynamic landscape of cybersecurity, the urgency to eliminate passwords as a security vulnerability has never been more critical. Organizations are continuing to face a surge in the variety and complexity of cyber threats at historical rates, often fueled by compromised employee login credentials – resulting from attacks such as phishing which has been exacerbated by the rise in use of Artificial Intelligence (AI). The 2023 Verizon Data Breach Investigations Report underscores the staggering impact of breaches caused by stolen credentials, accounting for a staggering 74% of incidents. Christopher Harrell, Yubico’s Chief Technology Officer, shares how organizations can achieve passwordless authentication at scale with high assurance phishing-resistant multi-factor authentication (MFA) to elevate their security posture against phishing attacks while creating phishing-resistant users.

    Segment Resources: https://www.yubico.com/blog/empowering-enterprise-security-at-scale-with-new-product-innovations-yubikey-5-7-and-yubico-authenticator-7/

    https://www.yubico.com/press-releases/yubicos-key-product-innovations-empower-enterprise-security-and-phishing-resistant-passwordless-authentication-at-scale/

    This segment is sponsored by Yubico. Visit https://securityweekly.com/yubicorsac to learn more about them!

    In this podcast segment, we delve into Sophos' fifth annual State of Ransomware report, exploring significant findings and trends in the evolving ransomware landscape. We'll discuss the sharp increase in recovery costs, the strategic targeting of backups by hackers, and the evolving role of cyber insurance in ransom payments. Our discussion will provide insights into how organizations can adapt their cybersecurity measures to mitigate these heightened threats and recover more effectively from attacks.

    Segment Resources: Blog: The State of Ransomware 2024 Report: https://assets.sophos.com/X24WTUEQ/at/9brgj5n44hqvgsp5f5bqcps/sophos-state-of-ransomware-2024-wp.pdf Press release: Ransomware Payments Increase 500% In the Last Year, Finds Sophos State of Ransomware Report

    This segment is sponsored by Sophos. Visit https://www.securityweekly.com/sophosrsac to learn more about them!

    Show Notes: https://securityweekly.com/esw-364

  • We start off discussing the latest round of fundings, centered largely around data security and securing LLM use. This dovetails into a discussion about marketing language and how difficult it can be for buyers to work out what the latest round of early stage startups are doing.

    Next, we discuss Cloudflare and Bugcrowd's acquisitions, as well as Synopsys's divestiture of its appsec portfolio.

    From here, we dive into a raft of new features across both IT and cybersecurity products, like Azure, Dashlane, LastPass, and PagerDuty. Discussing Huntress's active remediation feature triggers a conversation about this latest product trend: vendors seem to think buyers are ready for fully automated remediation actions. We're not so sure they are.

    To wrap up the cybersecurity coverage, Brandon Dixon has an interesting tutorial regarding a Security Copilot use case that looks a LOT like the default phishing enrichment use case that has been used for every SOAR POC ever. To clarify, this is a great piece in that it is all practical, has no marketing fluff, and shows you how to do something useful with Security Copilot. Where it pulls up short is managing to live up to the hype we've been hearing about Security Copilot from day one.

    We agree to table the discussion on Microsoft Recall until we know more about what GA of the feature will look like, and then dig into a VERY interesting squirrel story about an audio-based hacking puzzle created by a rock band.

    Show Notes: https://securityweekly.com/esw-364

  • "Identity security has been around forever though", you might be thinking. Allow me to clarify. Identity is the largest cybersecurity product category, but most of it is focused on identity governance, authentication, multi-factor, etc. Very little of it is focused on operational identity security. It's this trend, where we recently (within the last 2 years) started seeing the ITDR (Identity Threat Detection and Response) acronym that we'll be focused on today. Particularly:

    Why is this trend/spike occurring now? What was or is missing to do identity security properly? What does the future of securing identity look like?

    And it's difficult to do better for this conversation than Will Lin. He spent the last half decade as a VC. On a daily basis, he was looking at the big picture of cybersecurity markets and trends. He discussed security challenges with CISOs and other security buyers on a regular basis, both directly and through the Security Tinkerers community he founded. All this led to a decision to quit the VC world to become a founder himself. Of all the categories he could have chosen, he chose identity security, and that's why we're happy to have him for this conversation.

    Segment Resources:

    The Future of Identity AKA Identity promo video focused on the future of Identity

    Show Notes: https://securityweekly.com/esw-364