1. Rise of Insider Threat Post-C19 – 01:00 PM-01:30 PM
Do you want to stay in the loop on all things Security Weekly? Visit https://securityweekly.com/subscribe to subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, join our Discord Server, and follow us on our newest live-streaming platform, Twitch!
Is there an emerging threat to your data post-C19 with disgruntled employees having to come back to an office? How do we protect our data and keep employees happy that have access to data from where they’ve been hiding over the past year?
Zack Moody – Head of Global Cybersecurity & Privacy at AVX Corporation
Zachary L. Moody, CISSP currently serves as the Head of Global Cybersecurity & Privacy at AVX Corporation. He has spent over 18 years in information security related positions, and over the past several years his focus has been immersed in establishing global cybersecurity & privacy programs. With an active security clearance, Mr. Moody has worked in numerous capacities in the public, private and government sector environments. His responsibilities have primarily included but not limited to network security, threat intelligence, identity & access, and incident response.
Senior Research Engineer at CyberRisk Alliance
Founder at Security Weekly
CMO at JupiterOne
2. Why User Adoption in Enterprise Security is Low – 01:30 PM-02:00 PM
Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!
Security technology roll-outs often fail because of the following:
1) Weak Security Culture – users don’t see value or understand the importance of taking action.
2) Security teams often fail to consider user experience in purchase, configuration, set-up and training of security technology, like endpoint security
3) End User communication about new technology is not communicated to the right users, at the right time, during the right stage of the project.
Juliet Okafor – CEO & Founder at RevolutionCyber
Juliet Okafor, J.D., is a cybersecurity professional who has combined her knowledge of the legal system
and cybersecurity solution models into success stories across fortune 500
industries throughout the USA. Her ability to scope, plan and design the creation of an OT Cybersecurity
Management System framework for one of the largest cruise lines in the world is testament of
her commitment and leadership regardless of the challenge.
She is a passionate security solutions visionary and strategist who builds the Fortune 500 enterprise’s
overarching security strategy that governs all other smaller strategies within. She is the person who
determines how to solve the company’s problem, be it vulnerability management, incident response or
reducing the risk associated with technology or vendors, and then puts a plan into action or roadmap to
remediate the risks in place – using a combination of people, transforming operations and an array of
emerging security technology.
This week in the Enterprise News: Funding announcements from Clearsense, Morphisec, Feedzai, Jumio, Ketch, Living Security, Productiv and Socure. ServiceNow acquires Intellibot, Accenture acquires Cygni, Astadia acquires Anubex, AutoRABIT acquires CodeScan, Kroll Acquires Redscan. GRIMM launches a Private Vulnerability Disclosure program, AttackIQ automates the validation of AI and ML, CircleCI offers CI/CD for ARM in the cloud, Elastic Observability updates, Gigamon and FireEye collaborate on integration of Gigamon Hawk, McAfee unveils MVision cloud, Red Hat OpenShift Service Available on AWS, Sysdig Adds Unified Threat Detection Across Containers and Cloud & more!
LEGAL: Palo Alto Networks latest security giant accused of patent infringement – Centripetal doesn’t fit the classic profile of a patent troll, but most of the patents they’re suing Palo Alto and Cisco over seem overly frivolous. One describes the basic function of a firewall. Another describes the basic function of an IDS. The root of these lawsuits seems anchored in attempts to partner or license patent tech that went sour, however. NOTE: I’m not a lawyer and this goes deeper and is more nuanced than we’ll have time to discuss.
REGS: Understanding DFARS 252.204-7012 and NIST SP 800-171 – CyberSheath – A lot of folks have been commenting on the previous article regarding the EO that would require software vendors to disclose breaches, saying that existing regulation, DFARS, already addresses this issue, requiring government contractors to report breaches in 72 hours. The primary counterargument is that the EO would apply more broadly, so it’s still needed.
TRENDS – VC Firms Have Long Backed AI. Now, They Are Using It. – This trend is going to surprise no one, but I think it’s an interesting move from an industry long known for investing based more on “gut checks” than due diligence. I suspect AI will likely be just another factor that goes into the overall calculus, not the sole deciding factor.
PRODUCT – Red Hat OpenShift Service Available on AWS (ROSA) – “With ROSA, customers can enjoy more simplified Kubernetes cluster creation using the familiar Red Hat OpenShift console, features and tooling without the burden of manually scaling and managing the underlying infrastructure. ROSA streamlines moving on-premises Red Hat OpenShift workloads to AWS and offers a tighter integration with other AWS services. ROSA also enables customers to access Red Hat OpenShift with billing and support directly through AWS, delivering the simplicity of a single-vendor experience to customers running Red Hat OpenShift on AWS.”
PRODUCT – Zscaler and CrowdStrike release integrations for end-to-end security – Whoa: “ZPA incorporates CrowdStrike’s real-time ZTA to enforce access policy to private apps to reduce organisational risks
Zscaler Internet AccessTM (ZIATM) deployed inline stops malware propagation by triggering device quarantine through the CrowdStrike Falcon Platform, CrowdStrike’s Falcon X threat intelligence and Falcon Endpoint Protection device telemetry data can be shared with Zscaler Zero Trust Exchange for usage when integrations are activated to provide stronger protection and increased visibility, Cross-platform workflow shortens response time and helps combat increasing volumes and sophistication of attacks”
PRODUCT – Gigamon, FireEye collaborate on integration of Gigamon Hawk – “Gigamon says its Hawk solution is now integrated with FireEye Network Security, closing this critical gap and radically simplifying hybrid cloud adoption – with the integration providing a unified view across hybrid infrastructure through a single, simple interface with built-in management and reporting.”