esw239

Enterprise Security Weekly Episode #239 – August 18, 2021

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Humanizing Security Operations – 01:00 PM-01:30 PM

Announcements

  • InfoSec World 2021 is proud to announce its keynote lineup for this year’s in-person event! Hear from Robert Herjavec plus heads of security at the NFL, TikTok, U.S. Department of Homeland Security, Stanford University, and more… Plus, Security Weekly listeners save 20% on world pass and main conference registration! Visit https://securityweekly.com/isw2021 to register now!

Description

The security industry spends a lot of time talking about the tools of the SOC, especially around making the SOC more ‘autonomous’. But is this really what we need?

Allie is also presenting “How to effectively manage XDR” at Maintaining Endpoint Security: New opportunities and new risks (SC Media Virtual Event) on August 24, 2021. Register Now: https://www.scmagazine.com/virtual-conference/maintaining-endpoint-security-new-opportunities-and-new-risks

Segment Resources:
https://go.forrester.com/blogs/stop-trying-to-take-humans-out-of-security-operations/ https://go.forrester.com/blogs/ransomware-survive-by-outrunning-the-guy-next-to-you/ https://go.forrester.com/blogs/xdr-faq-frequently-asked-questions-on-extended-detection-and-response/ https://go.forrester.com/blogs/top-5-lies-security-vendors-tell-about-the-siem/

Guest(s)

Allie Mellen

Allie Mellen – Industry Analyst at Forrester Research

@hackerxbella

Allie supports security and risk professionals, covering security infrastructure and operations to assist clients in building and maturing their threat detection and response strategies. Her coverage includes the people, processes, and tools of the security operations center.

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

TylerShields

Tyler Shields

@txs

CMO at JupiterOne

2. Cybersecurity Tips & Challenges in the Hybrid Work Era – 01:30 PM-02:00 PM

Sponsored By

sponsor
Visit https://securityweekly.com/keepersecurity for more information!

Announcements

  • CyberRisk Alliance, in partnership with InfraGard, has launched the Critical Infrastructure Resilience Benchmark study. Measure your readiness for ransomware by completing the survey and getting your score. Visit https://securityweekly.com/CIRB to take the survey

Description

As organizations shift to respond to an ever-changing landscape of cybersecurity challenges, cybercriminals are trying to stay one step ahead. The last two years have brought an explosion of ransomware attacks and other cybersecurity threats that prey on existing security weaknesses and vulnerabilities that opened when moving to a remote or hybrid work environment. Our discussion will include ways to combat these threats, as well as learning to boost your existing cybersecurity policies and infrastructure.

This segment is sponsored by Keeper Security.

Visit https://securityweekly.com/keepersecurity to learn more about them!

Guest(s)

Darren Guccione

Darren Guccione – CEO and Co-Founder at Keeper Security

Darren Guccione is the CEO and co-founder of Keeper Security, Inc., the creator of Keeper, the world’s most popular password manager and secure digital vault. Keeper software is used globally by millions of people and thousands of businesses.

Darren is an engineer and a CPA. He holds a Master of Science in Accountancy with Distinction from the Kellstadt School of Business at DePaul University and a Bachelors of Science in Mechanical and Industrial Engineering from the University of Illinois at Urbana-Champaign. Darren is an Evans Scholar and received the Distinguished Alumnus Award presented by The Department of Industrial & Enterprise Systems Engineering.

Darren has been named Cutting Edge CEO of the Year in 2019 and Publisher’s Choice Executive of the Year in 2020 by Cyber Defense Magazine’s InfoSec Awards. He is regularly featured on local and national news programs to report on cybersecurity events and topics. He serves as a panelist and keynote speaker in various technology events around the world.

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

TylerShields

Tyler Shields

@txs

CMO at JupiterOne

3. New iboss Features, CVSS Scores, Praetorian GoKart, & Anti Anti-Money Laundering – 02:00 PM-02:30 PM

Announcements

  • Security Weekly Unlocked will be held IN PERSON this December 5-7 at the Hilton Lake Buena Vista!

    We are excited to announce our first round of speakers: Lesley Carhart, David Kennedy, Alyssa Miller, O’Shea Bowens, Marina Ciavatta, Patrick Coble, Chris Eng, Eric Escobar, Nick Leghorn, Michael Schladt, Kevin Johnson, and Justin Kohler!

    Visit https://securityweekly.com/unlocked to register and check out our rockstar lineup!

  • Join us August 26th at 11am eastern to learn how to implement cloud security that actually works. Visit https://securityweekly.com/webcasts to register now! If you missed any of our previously recorded webcasts or technical trainings, they are available for your viewing pleasure at https://securityweekly.com/ondemand

Description

This week In the Enterprise News, iboss adds features to its Cloud Platform for visibility and control, SailPoint Workflows enable customers to automate security tasks, Digital Shadows launches two premium services streams, Praetorian launches and Open Source security scanner, Tigera addresses demand for security of containers and Kubernetes, API Security 101, CVSS scores, and more!

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

  1. TOOLS: New Anti Anti-Money Laundering Services for Crooks – Krebs on Security – So normally, when we mention tools, they’re for defenders. In this case, this is a tool to help cybercriminals avoid airing their dirty laundry to law enforcement while laundering their criminal proceeds.
  2. MERGER: Norton and Avast are merging into an $8 billion antivirus empire – Close your eyes and imagine this: It’s February 2005 and you read the headline: “Hollywood Video and Blockbuster are merging into a video rental empire!”. What are your immediate thoughts, given you have 16 years of hindsight on the outcome for both those businesses?

    The real kicker? The big concern wasn’t Netflix, it was whether the FTC would allow it, citing anti-trust concerns!

    I’m betting the press release definitely won’t mention the fact that they’re representing the absolute bottom, gutter end of low-margin, discounted, shrinking consumer cybersecurity software. Symantec has been on a rollercoaster – first with the split from Veritas in 2014 when they also combined with Blue Coat and shuffled the exec team. Then, in 2019, the company was split into consumer and enterprise, with the consumer side becoming Norton LifeLock and the enterprise side going to Broadcom, which consumed Computer Associates a while back.

  3. ACQUISITION: Sophos Acquires Refactr to Optimize Managed Threat Response (MTR) and Extended Detection and Response (XDR) with Security Orchestration Automation and Response (SOAR) Capabilities – Pitched as SOAR, but not really competing with the SOAR you’re thinking of. This is much more focused on pure DevOps/Cloud-first startup-style environments.
  4. Daniel Miessler joins Robinhood as Head of Vulnerability Management and Application Security – Daniel Miessler is a very visible thought leader in the industry, so it’s worth a mention when he starts a new gig. Especially interesting is that he (like many, many others) has been critical of Robinhood in the past, but took down a blog post he wrote last fall. http://web.archive.org/web/20201127174713/https://danielmiessler.com/blog/why-robinhood-is-dangerous-for-new-investors/

    Overall, I see it as a positive development and I hope he can have some positive influence and impact on not just the security of the company and product, but on the company’s ethics as well.

PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

  1. Tigera addresses growing demand for security of containers, Kubernetes, and microservices – Help Net Security – I need this single pane of glass, I’m not sure why, but I want it (I think?): “Calico provides automated capabilities to deliver an easy-to-understand and action-oriented view of Kubernetes networking, security and application layer that can be used to quickly resolve performance hotspots and troubleshoot connectivity issues. It provides a single pane of glass across multi-cluster and multi-cloud Kubernetes environments to deploy a standard set of egress access controls, enforce security policies for compliance, and observe and troubleshoot applications.”
  2. Baffle raises $20M to secure cloud data – Help Net Security – Oh right, so here’s $20 million: “Baffle’s no-code, simple-to-deploy security mesh takes a data-centric approach at cloud scale without a performance impact or changes to applications.”
  3. iboss adds new features to its Cloud Platform to give organizations more visibility and control – Help Net Security
  4. SailPoint Workflows enables customers to automate security tasks with no coding required – Help Net Security – “Automate use cases like event-driven certifications and custom approvals through APIs and event triggers, Accelerate innovation with easy drag-and-drop builder through no-code workflow, decreasing runtime and freeing up team power to focus on forward-looking projects, Connect to other SaaS applications, enabling a broad range of capabilities across a company’s technology ecosystem, Integrate into a customer’s cloud environment and SailPoint’s partner network” – This is hard as you have to have the right integrations with the right features and allow the user to tie it all together. I think we’re getting closer, however, I also believe you will need people on staff that can write code to make it all work, at least for a while…
  5. CVSS Scores: A Practical Guide for Application – I can’t see filling out the CVSS scoring form for each vulnerability in your environment. You really need a tool that will do that for you, based on generalized inputs to the system, or variables that can be inferred or discovered. For example, whether or not an asset is exposed to the Internet, whether or not the vulnerable application is being used and how much and how many instances of it do I have in the environment? I also believe you need a list, or a way to flag certain vulnerabilities, based on external factors, these you just patch. Vulnerabilities in Windows (like the recent string of print spooler vulnerabilities), select VPN appliance vulnerabilities, the recent sudo vulnerability, should just be fast-tracked regardless of CVSS score or environmental factors.
  6. API Security 101: Security Misconfiguration – “Security misconfigurations are a constant threat against both APIs and non-API applications alike.” – These often slip through the cracks, because often they are not in the code, but in the configuration. Web server configuration is often overlooked by developers, which is why I’m a huge fan of having a more well-rounded team so you can constantly evaluate security and improve security processes.
  7. Praetorian Launches GoKart – an Open Source Security Scanner for Go – “GoKart puts Go code into single static assignment (SSA) form, structuring every value computed by the program as an assignment to a unique variable. SSA is used in compilers for optimization, and in a security context it helps trace the source of data used as input. Being able to follow data as it flows through a program, weaving in and out of objects and modules, is one of GoKart’s primary features, and what makes GoKart so powerful.”
  8. Digital Shadows launches two premium professional services streams – “Takedowns-as-a-service is another part of this portfolio – especially for teams that don’t have the time or expertise to launch and manage takedowns effectively. With an average of 1,100 impersonating domains registered against them each year, clients can ensure that malicious domains get taken down, and remain taken down. Digital Shadows custom intelligence provides additional threat intelligence tools for specific strategic or tactical requirements. This includes reporting into a VIP’s exposure, tactical investigations into a suspicious domain, and deep investigations into an emerging tactic.”
TylerShields

Tyler Shields

@txs

CMO at JupiterOne