esw192

Enterprise Security Weekly Episode #192 – July 29, 2020

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. CloudPassage, VMware Cloud, & Portshift K8SHIELD – 12:30 PM-01:00 PM

Announcements

  • Do you always end up missing our live streams? Need somewhere to flag Security Weekly podcasts that you want to listen to? Subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, and join our Discord Server to stay in the loop on all things Security Weekly! Visit: https://securityweekly.com/subscribe

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

Description

Attivo Networks EDN enhancements prevent attackers from fingerprinting an endpoint, CloudPassage Expands Cloud Security Capabilities for Docker, Kubernetes, and Container-related Services on AWS, Digital Shadows announces integration with Atlassian Jira, LogRhythm Releases Version 7.5 of NextGen SIEM Platform and New Open Collector Technology, Cloudflare releases Workers Unbound, a secure serverless computing platform, and more!

Hosts

JohnKinsella

John Kinsella –

PaulAssadorian

Paul Assadorian –

  1. Fortinet Buys Cloud Security Firm OPAQ – Fortinet has acquired Secure Access Service Edge (SASE) provider OPAQ in a move to add SASE capabilities to the Fortinet Security Platform and Security Fabric architecture.

    OPAQ brings the cloud-based Zero Trust Network Access (ZTNA) solution to Fortinet’s existing SASE offering. The company has focused on security for widely distributed networks and endpoints, including branch offices, remote users, and IoT devices.

  2. Attivo Networks EDN enhancements prevent attackers from fingerprinting an endpoint – Help Net Security – Unlike traditional security solutions, these new capabilities proactively redirect suspicious endpoint inbound or outbound traffic to decoys for attacker engagement.

    The new EDN Deflect functionality provides alerts to unauthorized host and service scanning, which is critical because other security controls typically do not generate an alert for these types of activities.

  3. Risk Assessment Company CyCognito Raises $30 Million
  4. CloudPassage Expands Cloud Security Capabilities for Docker, Kubernetes, and Container-related Services on AWS
  5. Attivo Networks integrates with FireEye for advanced threat protection
  6. Tanium Brings Intelligence to the Edge with Zero Infrastructure Endpoint Management and Security
  7. VMware Cloud on AWS drives app modernization, business continuity and better cloud economics – Help Net Security – These new offerings include the new Amazon Elastic Compute Cloud (Amazon EC2) i3en instances that can deliver nearly 50% lower cost per GB of raw storage, a 2-host SDDC configuration that lowers the entry price for production environments by 33%, and a new multi-tenant cloud management service that enables partners to support 5-10x more customers with no additional upfront costs, while enabling smaller organizations to purchase VMware Cloud on AWS on a per VM rather than per host basis.
  8. Portshift unveils new K8SHIELD Framework and introduces context aware security policy enablement – Help Net Security
  9. Sequitur Labs Launches EmSPARK 2.0 Security
  10. Artificial Intelligence Cybersecurity Company CalypsoAI Announces $13 Million in Series A Funding
  11. Digital Shadows announces integration with Atlassian Jira
  12. LogRhythm Releases Version 7.5 of NextGen SIEM Platform and New Open Collector Technology – Neat: Quickly onboard Cloud services: While customers can choose to manually create and customise collection interfaces if desired, Open Collector also provides several premade Beats. This allows analysts to onboard many popular cloud services with minimal administration work. Out-of-the-box Beats include those for Google G Suite, AWS S3, Event Hub and Sophos.
  13. Attivo Networks Announces Endpoint Capabilities that Catch Attackers at Hello
  14. RiskSense platform now provides visibility across both infrastructure and application vulnerability risk – Help Net Security
  15. Sysdig Cuts Container and Kubernetes Visibility and Security Onboarding to 5 Minutes
  16. Aqua Security Unveils New Platform to Secure the Build, Infrastructure, and Workloads of Cloud Native Applications – Auto-Remediation of many common weaknesses in configuration, in addition to remediation advice that can be applied manually, Additional public cloud support is now generally available for Google Cloud Platform (GCP) and Oracle Cloud, Infrastructure as Code (IaC) scanning of Terraform and AWS CloudFormation to find weaknesses in deployment templates
  17. Dragos and Fortinet partner to broaden cybersecurity across industrial networks – Dragos announced that through a partnership with Fortinet it has released an initial integration of the Dragos Platform with FortiSIEM, giving cyber defenders at industrial organizations a unified view of threats and events across the converged enterprise IT and industrial OT (operational technology) environment.

    Threats detected on OT networks via the Dragos Platform can now be visualized in FortiSIEM.

  18. Cloudflare releases Workers Unbound, a secure serverless computing platform – “Cloudflare announced the release of Cloudflare Workers Unbound, offering a serverless platform for developers with unparalleled flexibility, performance, security, ease of use, and pricing.” – So priced cheap, fast, secure AND easy to use? I don’t believe it..
  19. Sysdig Secure DevOps Platform offers onboarding, out-of-the-box dashboards and integrations – Help Net Security
  20. Amazon Fraud Detector: Use machine learning in the fight against online fraud – Help Net Security

2. A New Paradigm: Immutable Security – 01:00 PM-01:30 PM

Sponsored By

sponsor
Visit https://securityweekly.com/accurics for more information!

Announcements

  • Security Weekly is an official media partner for Virtual BlackHat 2020! To register and save $200, visit https://securityweekly.com/summercamp2020 and click the register button. Discount code: “20SecWeekbh” Alongside Virtual BlackHat, we will be running our conference micro-interviews, you guessed it, virtually, in an event called Security Weekly Virtual Hacker Summer Camp, August 3 – August 6, 2020. Options, pricing and availability are all listed on the same page! Reserve your slot now to get your message out to BlackHat attendees!

Description

Learn about a new paradigm dubbed immutable security. What is immutable security? Why has it become more important than before? Infrastructure is being build and deployed with code, hence we can use this to our advantage and build security in from the start as we’ve always intended! This segment is sponsored by Accurics.

Visit https://securityweekly.com/accurics to learn more!

Guest(s)

Om Moolchandani

Om Moolchandani –

CTO at Accurics

Om is co-founder and Chief Technology Officer at Accurics where he sets the technology strategy for the company. Prior to Accurics, Om was Chief Security Officer at AutoGrid, leading cloud security for its Energy SaaS cloud. Om was also head of cybersecurity for General Electric’s Industrial Cloud and Edge platform, Predix. He built edge, cloud and ICS cybersecurity products to protect critical infrastructure and industrial clouds. Om is an inventor at heart and has been a key contributor to multiple technology startups including CipherCloud where he architected the world’s first Cloud Access Security Broker (CASB ) product. Om holds a Masters and a Bachelors in Computer Applications from University of Technology in India, a specialization in Business Strategy from Harvard, and a specialization in IoT Business from MIT-Sloan. He also holds several specializations in cybersecurity and is a lifetime member of ISACA.

Hosts

JohnKinsella

John Kinsella –

Chief Architect at Accurics

PaulAssadorian

Paul Assadorian –

Founder/CIO at Security Weekly/CyberRisk Alliance

3. Compliance & Fraud Prevention in FinTech – 01:30 PM-02:00 PM

Announcements

  • We have officially wrapped up all of the recordings for our 2020 webcasts & technical trainings! Stay tuned as we build out our schedule for next year! Visit https://securityweekly.com/ondemand to view all of our 2020 webcasts & trainings!

Description

Neira Jones discusses how financial services deals with PCIDSS, other compliance standards, fraud and cyber crime.

https://www.rsa.com/en-us/blog/2020-04/it-takes-two-to-tango

Guest(s)

Neira Jones

Neira Jones –

Ambassador at Emerging Payments Association

Neira advises organisations of all sizes on payments, fintech, regtech, cybercrime, information security, regulations (e.g. PSD2, GDPR, AML) and digital innovation. More than 20 years in financial services and technology made her believe in change through innovation and partnerships. She always strives to demystify the hype surrounding current issues and also enjoys her work as an expert witness, as well as cybersecurity due diligence on M&As. Neira likes engaging on social media and regularly addresses global audiences as a keynote speaker or chair person.

Hosts

JohnKinsella

John Kinsella –

Chief Architect at Accurics

PaulAssadorian

Paul Assadorian –

Founder/CIO at Security Weekly/CyberRisk Alliance