Enterprise Security Weekly Episode #214 – January 27, 2021
Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe
1. Platform9, Swimlane, SonicWall 0-Days, & Fortinet – 12:30 PM-01:00 PM
Announcements
-
Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!
-
Next Thurs, Feb 4th @ 11am ET, in our first technical training of 2021, you’ll Learn How to Manage Insider Risks in the Work-from-Anywhere World! Register at https://securityweekly.com/webcasts. If you missed any of our 2020 webcasts or technical trainings, they are available at https://securityweekly.com/ondemand
Description
This week, in the Enterprise Security News, Platform9 unburdens users from the complexities of Kubernetes, Swimlane Raises $40 Million, SonicWall hacked by zero-days in its own products, Deloitte Buys Root9B, Cygilant and SentinelOne Partnership, Fortinet announces AI-powered XDR, AlgoSec Announced updates to A32, ESET Launches Enhanced Cloud-based Endpoint Security Management, Entrust acquires HyTrust, LogRhythm acquires MistNet, Huntress Acquires EDR Technology From Level Effect, & more!
Hosts
Adrian Sanabria – Senior Research Engineer at CyberRisk Alliance |
Paul Asadoorian – Founder/CIO at Security Weekly/CyberRisk Alliance
|
Tyler Shields – CMO at JupiterOne |
2. DNS Hijacking – 01:00 PM-01:30 PM
Announcements
-
Do you want to stay in the loop on all things Security Weekly? Visit https://securityweekly.com/subscribe to subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, and join our Discord Server!
Description
Fredrik Nordberg Almroth, Security Researcher at Detectify, tells the story of how he managed to claim the top-level domain of an entire country – the Congo (DRC), .cd – before any bad actors could snatch it up. He will also discuss domain takeovers (TLD as well as subdomains) and how they can be prevented. Key to this is to keep track of your assets and monitor them for vulns.
Technical description of the .cd hack: https://blog.detectify.com/2021/01/19/dns-hijacking-taking-over-top-level-domains-and-subdomains/
A run-through of the basics of DNS hijacking: https://blog.detectify.com/2021/01/19/dns-hijacking-taking-over-top-level-domains-and-subdomains/
Guest(s)
Fredrik Nordberg Almroth – Co-Founder & Head of Engineering at Detectify |
Fredrik Nordberg Almroth is Co-Founder and Head of Engineering at Detectify, the web security company that automates knowledge from some of the world’s best ethical hackers and brings it into the hands of web application teams. Fredrik has helped organizations like Google, the UN and the US Air Force uncover web vulnerabilities, and he is a staunch security defender committed to making the internet safer for everyone. He is featured on Google Security Hall of Fame and has previously been elected Security Expert of the Future by Symantec. |
Hosts
Adrian Sanabria – Senior Research Engineer at CyberRisk Alliance |
Paul Asadoorian – Founder/CIO at Security Weekly/CyberRisk Alliance |
Tyler Shields – CMO at JupiterOne |
3. Supply Chain Security in the Face of Solarwinds – 01:30 PM-02:00 PM
Announcements
-
If you missed Security Weekly Unlocked, you can now access all of the content on-demand, whether you registered before the live event or not, by visiting https://securityweekly.com/unlocked and clicking either the button to register or the button to login!
Description
Do we really need to be freaking out? What could we and should we be doing in general regardless of SolarWinds?
Guest(s)
Allan Alford – CISO at The Cyber Ranch Podcast |
With 20+ years in information security, Allan Alford has served as CISO four times in three industries. Alford parlayed an IT career into a product security career and then ultimately fused the two disciplines. Allan has worked in companies from 5 employees to 50,000 and executes a risk-based approach to security, as well as compliance with NIST CSF, CIS CSC 20, GDPR, ISO 27001, DFARS and others. |
Hosts
Adrian Sanabria – Senior Research Engineer at CyberRisk Alliance |
Paul Asadoorian – Founder/CIO at Security Weekly/CyberRisk Alliance |
Tyler Shields – CMO at JupiterOne |