esw227

Enterprise Security Weekly Episode #227 – May 12, 2021

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Florida Water Treatment Facility Hack, and the Convergence of OT & IT – 01:00 PM-01:30 PM

Announcements

  • Do you want to stay in the loop on all things Security Weekly? Visit https://securityweekly.com/subscribe to subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, join our Discord Server, and follow us on our newest live-streaming platform, Twitch!

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

Description

What lessons can others still learn from the attack on the Florida water treatment facility? How does this incident shine a light on cybersecurity risks associated with the convergence of OT and IT? And what can be done to mitigate these risks?

Segment Resources:
https://newsroom.nccgroup.com/news/insight-florida-citys-water-supply-attack-420952 https://www.cnn.com/2021/02/13/us/florida-hack-remote-access/index.html

Guest(s)

Damon Small

Damon Small – Technical Director of Security Consulting at NCC Group

@damonsmall

Damon Small, MSc.IA, CISSP, is Technical Director of Security Consulting at NCC Group North America (https://www.nccgroup.com/us/), where he consults with global leaders in critical infrastructure defense with specialty in oil and gas, aerospace and healthcare. He’s a founding member of the Operational Technology Cyber Security Alliance (https://otcsalliance.org/wp-content/uploads/2019/10/Introduction-to-the-OTCSA.pdf) and has deep expertise in operational technology.

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

TylerShields

Tyler Shields

@txs

CMO at JupiterOne

2. Chart Topping Threats – How Attacks will Rage in 2021 – 01:30 PM-02:00 PM

Sponsored By

sponsor
Visit https://securityweekly.com/ciscoumbrella for more information!

Announcements

  • Security Weekly listeners save $100 on their RSA Conference 2021 All Access Pass! RSA Conference will be a fully virtual experience from May 17th-20th, 2021. Security Weekly will be live streaming Monday-Thursday in the virtual broadcast alley, interviewing some of the top sponsors and speakers for the event. To register using our discount code, please visit https://securityweekly.com/rsac2021 [securityweekly.com] and use the code 5U1CYBER! We hope to “see” you there!

Description

Cyberattackers have not been slowed down by the worldwide pandemic. Phishing, cryptojacking, and trojans all continue to dominate the cybersecurity threat charts. It’s critical to know what security issues are most likely to crop up within your organization and their potential impacts. The challenge is that the most active threats change over time as the prevalence of different attacks ebb and flows. Register to learn about key threat trends facing businesses like yours in 2021. We’ll be joined by Data Scientist, Austin McBride, and Security Researcher, Artsiom Holub. We’ll tackle tough questions and take a deeper dive into recent threats to help you craft a strategy that helps you investigate threats, simplify operations, and scale security.
Segment Resources:
What attacks aren’t you seeing?
The modern cybersecurity landscape: Scaling for threats in motion
Cloud Security Buyers Guide

This segment is sponsored by Cisco Umbrella.

Visit https://securityweekly.com/ciscoumbrella to learn more about them!

Guest(s)

Artsiom Holub

Artsiom Holub – Senior Security Analyst at Cisco Umbrella

Artsiom Holub is a Senior Security Analyst on the Cisco Umbrella Research team. Throughout the course of the day, he works on Security Threat Reports for existing and potential clients, works closely with the Customer Support Team, finds new threats and attacks by analyzing global DNS data coming from Cisco Umbrella resolvers, and designs tactics to track down and identify malicious actors and domains. Frequent presenter at major cybersecurity conferences including RSA, Black Hat and THEFirst. Currently focused on analysis and research of various cybercrime campaigns, and building defensive mechanisms applying OSINT and HUMINT approaches powered with ML.

Austin McBride

Austin McBride – Data Scientist at Cisco Umbrella

Austin McBride is a Data Scientist at Cisco Umbrella who identifies unclassified threat vectors, discovers emerging trends in malware distribution, and analyzes and evaluates the impact of security threats on customers. His current research focuses on the significance of cryptocurrency in the ever-evolving threat landscape, which abets malicious actors to remain anonymous while purchasing infrastructure and avariciously amassing profit which has been unprecedented in traditional financial markets in recent history. Austin speaks at international and national conferences and regularly contribute to the Cisco Umbrella Security Blog. His background is in data mining, analytics, security research, and data visualization.

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

TylerShields

Tyler Shields

@txs

CMO at JupiterOne

3. Accurics Terrascan, Sophos XDR Solution, & API Security Need to Know – 02:00 PM-02:30 PM

Announcements

  • In our May 27th webcast at 11am ET, we’ll explore the latest attacks against DNS and the latest techniques that make it possible to discover and disrupt attacks. In our June 3 webcast at 11am ET, you will learn about pen testing tools and why every organization should be using them regularly. Visit https://securityweekly.com/webcasts to register now! If you missed any of our previously recorded webcasts or technical trainings, they are available for your viewing pleasure at https://securityweekly.com/ondemand

Description

This week in the Enterprise News: XM Cyber Announces Integration with Palo Alto Network’s Cortex XSOAR, API Security Lessons Learned, Cycode Raises $20 Million, HelpSystems Acquires Beyond Security, Accurics Terrascan integrates with the Argo Project, Cequence Security API Sentinel 2.0, Seclore Security24 protects sensitive data, Who’s Really Behind the Colonial Pipeline Cyberattack?, Forcepoint acquires Cyberinc, Sophos launches industry’s only XDR solution for endpoint, server, firewall and email security?, and more!

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

  1. XM Cyber Announces Integration with Palo Alto Network’s Cortex XSOAR – “By integrating Cortex XSOAR with the XM Cyber platform, security analysts can receive additional contextual information if an incident should be prioritized because it could be used to create an attack path toward a critical asset. The XM Cyber platform also generates incidents if there is a dramatic change in the company’s security posture,”
  2. API Security Need to Know: Lessons Learned From the Peloton Security Incident – “So what is a security team to do when they are faced with a situation where a security researcher has found vulnerabilities in your business-critical applications. You have 90 days, and the clock is ticking. The answer – shift left while you shield right. “
  3. Cycode Raises $20 Million Series A Round From Insight Partners to Secure DevOps Pipelines and Prevent Code Tampering – Security Boulevard – “Cycode protects DevOps tools such as source control management systems, build systems, registries and cloud infrastructure. The solution addresses multiple layers of security, including access and authorization, security configurations, compliance and scanning engines. This enables customers to identify code tampering, code leakage, hardcoded secrets, Infrastructure as Code (IaC) misconfigurations, excess privileges and more, all from a single platform.”
  4. HelpSystems Acquires Beyond Security to Continue Expansion of Cybersecurity Portfolio – “HelpSystems announced today the acquisition of Beyond Security, a global leader in vulnerability assessment and management software. Beyond Security’s cloud-based products enable hundreds of organizations to easily scan their growing, complex environments for network or application vulnerabilities. The team and solutions from Beyond Security will fit into HelpSystems’ popular infrastructure protection portfolio featuring Digital Defense, Core Security, and Cobalt Strike.”
  5. Accurics open source project Terrascan integrates with the Argo Project to enhance cloud security – Help Net Security – “Accurics announced that its open source project Terrascan, which enables teams to detect compliance and security violations across Infrastructure as Code (IaC), now integrates with the Argo Project. This integration, coupled with the new Terrascan admission controller feature to enforce CNCF’s Open Policy Agent policies across the software development lifecycle, significantly enhances cloud security as developers adopt a GitOps approach. Argo, an open source GitOps engine for Kubernetes, synchronizes Kubernetes clusters, making it easier to specify, schedule and coordinate the running of complex workflows and applications on Kubernetes.”
  6. Cequence Security API Sentinel 2.0 helps orgs strengthen their runtime API protections – Help Net Security – So many organizations need this: “Eliminating API discovery surprises: API Sentinel integrates with your network infrastructure from the edge to the data center to ingress controllers, providing 360 degree visibility and helping eliminate surprise discoveries of APIs deployed outside of a defined process.”
  7. Seclore Security24 enables organizations to protect sensitive data and meet privacy regulations – Help Net Security – “The Security24 offering enables organizations to protect sensitive emails and attachments at scale. Sensitive emails and attachments can be automatically protected based on security policies with no user intervention or protected manually by users. Protecting sensitive data when shared or stored in the cloud mitigates the threat of losing it.”
  8. Agile Sourcing Partners : and Synack Team up to Provide Utilities With a Solution to Evolving Cybersecurity Threats – “Having served mission critical clients like the Department of Defense (DOD) and Department of Energy (DOE), we’ve seen the tremendous value of a crowdsourced, cyber-offensive capability for the most critically important sectors. Deploying the world’s best ethical hackers to help secure the power grid is simply the best way to stay ahead of the growing threat from cyber criminals and nation-state adversaries.”
  9. Who’s Really Behind the Colonial Pipeline Cyberattack? – “The service organization model employed by groups such as DarkSide is an important trend in ransomware activities that are meant to maintain at least some level of decency making as much money as possible. For example, they do not target certain industries and services such as healthcare. While not specifically targeted toward bringing down critical infrastructure, these attacks are a wake-up call for organizations with related supply chains.”
  10. Forcepoint acquires Cyberinc – “Cyberinc delivers intelligent remote browser isolation (RBI) technology that gives administrators granular control that enables them to minimize risk without impeding user productivity.”
  11. Sophos launches industry’s only XDR solution that synchronises native endpoint, server, firewall, e-mail security – Stop saying ONLY: “Sophos XDR, the industry’s only extended detection and response (XDR) solution that synchronises native endpoint, server, firewall and e-mail security”
TylerShields

Tyler Shields

@txs

CMO at JupiterOne