esw241

Enterprise Security Weekly Episode #241 – September 01, 2021

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Transparency in Large Supply Chains – 01:00 PM-01:30 PM

Sponsored By

sponsor
Visit https://securityweekly.com/gitlab for more information!

Announcements

  • InfoSec World 2021 is proud to announce its keynote lineup for this year’s in-person event! Hear from Robert Herjavec plus heads of security at the NFL, TikTok, U.S. Department of Homeland Security, Stanford University, and more… Plus, Security Weekly listeners save 20% on world pass and main conference registration! Visit https://securityweekly.com/isw2021 to register now!

Description

GitLab is unique in many ways, but our transparency value is pushing us to mature our Security posture faster than attackers. Discover how GitLab iterates quickly to adapt to a world where everyone can contribute.

Segment Resources:
https://about.gitlab.com/handbook/values/#transparency

This segment is sponsored by GitLab.

Visit https://securityweekly.com/gitlab to learn more about them!

Guest(s)

Philippe Lafoucrière

Philippe Lafoucrière – Distinguished Security Engineer at GitLab Inc.

@plafoucriere

Philippe Lafoucriere is a Distinguished Security Engineer at GitLab.
Before joining GitLab, Philippe was the founder and CEO of Gemnasium, a SaaS company that helped developers mitigate security vulnerabilities in open source code. Gemnasium was acquired by GitLab to implement robust security scanning functionality natively into GitLab’s CI/CD pipelines.

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

LeeNeely

Lee Neely

@lelandneely

Senior Cyber Analyst at Lawrence Livermore National Laboratory

PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

2. Putting the “R” in the NDR – 01:30 PM-02:00 PM

Sponsored By

sponsor
Visit https://securityweekly.com/extrahop for more information!

Announcements

  • Security Weekly Unlocked will be held IN PERSON this December 5-7 at the Hilton Lake Buena Vista!

    We are excited to announce our speakers: Lesley Carhart, John Strand, Alyssa Miller, Dave Kennedy, O’Shea Bowens, Marina Ciavatta, Patrick Coble, Chris Eng, Eric Escobar, Nick Leghorn, Michael Schladt, Kevin Johnson, Justin Kohler, Jay Beale, Trenton Ivey & Ryan Cobb!

    Visit https://securityweekly.com/unlocked to register and check out our rockstar lineup!

Description

It’s time to think more broadly about the R in NDR. Incident responders need a full spectrum of response–from hunting and investigations to remediation–not just another alert cannon. While blocking and containment are important steps, complete incident response is about gathering forensic evidence, sharing it across teams to establish root cause, pulling together an actionable plan, and eradicating the risk or vulnerability from the organization’s environment. ExtraHop’s Principal Engineer John Smith joins Security Weekly to discuss.

Segment Resources:

– ExtraHop Extends Response and Forensics Capabilities with Deep Threat Insights for Hybrid Cloud
https://www.extrahop.com/company/press-releases/2021/revealx-360-innovations/?uniqueid=FJ07532845&utm_source=security-weekly&utm_medium=podcast&utm_campaign=2021-q3-security-weekly-pr-resource&utm_content=press-release&utm_term=no-term&utm_region=global&utm_product=security&utm_funnelstage=top&utm_version=no-version

– ExtraHop free and interactive demo
https://www.extrahop.com/demo/?uniqueid=AN07532846&utm_source=security-weekly&utm_medium=podcast&utm_campaign=2021-q3-security-weekly-demo&utm_content=demo&utm_term=no-term&utm_region=global&utm_product=security&utm_funnelstage=top&utm_version=no-version

This segment is sponsored by ExtraHop Networks.

Visit https://securityweekly.com/extrahop to learn more about them!

Guest(s)

John Smith

John Smith – Principal Engineer, Security at ExtraHop

John Smith has over twenty years’ experience in IT and Security, including eighteen years as a practitioner before joining ExtraHop. John is a frequent speaker on podcasts and webinars, and has delivered talks at conferences like RSAC and multiple B-Sides events. His experience includes securing and architecting the US Centers for Disease Control’s Pandemic Response and Telework solution in 2007 and pioneering data-driven analytics and investigations.

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

LeeNeely

Lee Neely

@lelandneely

Senior Cyber Analyst at Lawrence Livermore National Laboratory

PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

3. “Lift & Drag”, BeyondTrust, Absolute DataExplorer, & RDP Exploits – 02:00 PM-02:30 PM

Announcements

  • Do you want to stay in the loop on all things Security Weekly? Visit https://securityweekly.com/subscribe to subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, join our Discord Server, and follow us on our newest live-streaming platform, Twitch!

  • If you missed any of our previously recorded webcasts or technical trainings, they are available for your viewing pleasure at https://securityweekly.com/ondemand

Description

This week in the Enterprise News, “inertia in cybersecurity strategy”, Check Point acquires Avanan, Absolute DataExplorer, BreachQuest Launches with $4.4m in seed funding, Acronym Bingo, & More!!!

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

  1. Comcast Business to Acquire Masergy, a Pioneer in Software-Defined Networking and Cloud Platforms
  2. Elastic and Cmd Join Forces to Help Customers Take Command of Their Cloud Workloads
  3. Incident Response Firm BreachQuest Launches With $4.4 Million in Seed Funding
  4. IronNet Completes Business Combination with LGL Systems Acquisition Corp.
  5. Check Point Software Technologies Acquires Avanan, the fastest growing cloud email and collaboration security company, to redefine security for cloud email
LeeNeely

Lee Neely

@lelandneely

Senior Cyber Analyst at Lawrence Livermore National Laboratory

PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

  1. ThycoticCentrify Enhances DevOps Security with Certificate-Based Authentication and Configurable Time-to-Live for All Cloud Platforms – ” The latest version offers certificate-based authentication and the ability to configure Time-to-Live (TTL) for secrets, leading to even tighter DevOps security and easier management.”
  2. LogPoint Acquires SecBI to Add SOAR and XDR Platforms – “LogPoint, a provider of security information event management (SIEM) platform and user behavior analytics tools, today revealed it has acquired SecBI, a provider of an integrated security orchestration and automated response (SOAR) and extended detection and response (XDR) platform.” – Check the boxes on acronym bingo.
  3. D3 Security raises $10M to accelerate advancement of its next-generation SOAR platform – “D3’s SOAR platform helps many of the world’s most sophisticated security teams integrate their security tools, eliminate time-consuming tasks via automation, and orchestrate lightning-fast responses to threats.”
  4. Query.AI’s enhancements drive efficiencies in cybersecurity investigations – “The Query.AI platform serves as a connective tissue that delivers federated search to conduct investigations across data silos and eliminates the antiquated approach of universal data centralization.”
  5. Absolute Software : Announces General Availability of Absolute DataExplorer – Kinda neat how it lives in firmware, we always talk about bad things that could live in firmware, this is a legit tool that lives in firmware: “Anchored by its firmware-embedded Persistence® capabilities residing in more than 500 million endpoints, Absolute provides an undeletable digital tether to every device – enabling customers to maintain enhanced visibility across their device fleets and reliably monitor critical hardware and software information.”
  6. Privileged Remote Access Version 21.2 Introduces BYOT for SSH, UI Enhancements, & More – “With this release, Privileged Remote Access enables organizations to properly manage and inject credentials managed by Azure AD Domain Services. Administrators can now leverage the Secure Remote Access Vault to rotate account credentials managed by Azure Active Directory Domain Services”
  7. BeyondTrust Labs Report Demonstrates Removing Admin Rights and Implementing Application Controls Highly Effective in Preventing Malware – “Removal of admin rights and implementation of pragmatic application control are two of the most effective security controls for preventing and mitigating the most common malware threats.” – Agree?
  8. Lift and drag: confronting complacency and disrupting inertia in cybersecurity strategy – “Psychological inertia, as it is known in medical literature, is prevalent in workplace change management because committing to the changes necessary to achieve higher-level objectives causes individuals to feel anxiety and fear. So, even though the workforce acknowledges the security benefits of a Zero Trust model, they resist the necessary changes in their daily routine.” – This is so common! “In fact, most wildly successful organizations can point to one or more significant disruptions that served as the catalyst to overcome status quo bias and drive innovation.” – I’ve always said you have to scramble a few eggs to make an omelet…
  9. Exploiting CVE-2018-13379 – A Case Study – “Successfully authenticated user credentials were saved, in plaintext, to this file. Any unauthenticated visitor could exploit the vulnerability to retrieve this file and collect plaintext credentials.” – Why can’t we just patch this? Did we not know it existed or we knew and got pushback? “The primary method of access and lateral movement was through the VPN and Remote Desktop Protocol (RDP).” – Curious if MFA could be implemented system-wide for RDP connections as I believe this is possible, not expensive, and not a huge inconvenience. “Four months into the incident, PsExec was run from a VPN source IP to create a scheduled task on domain controllers.” – This should generate an alert, also curious how common this is for legitimate admins or software to create a scheduled task on a domain controller…