rsa213

RSAC 2021 Episode #3 – May 19, 2021

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. All Our Devices Aren’t Belong 2 Us – 12:30 PM-12:45 PM

Sponsored By

sponsor
Visit https://securityweekly.com/eclypsium for more information!

Description

Against the ubiquitous backdrop of Zero Trust initiatives, we have all come to accept the motto of “Verify, then trust”. Yet, here we are building an entire stack of Zero Trust enabled technologies, upon a broken implicit-trust foundation. Nowhere is this risk more apparent, than at the device and firmware level. Indeed this is why both nation-state and criminal actors have converged upon a strategy that combines supply chain attack dynamics, with readily exploitable devices. This allows them to impart maximum impact against victim organizations, and even those victim’s downstream partners and customers. In order to address this evolving threat, organizations must take back security control of their devices, and stop trusting the fox that has quite frankly, become the hen house.

https://eclypsium.com/firmware-threat-report/

https://eclypsium.com/2020/07/21/device-integrity-and-the-zero-trust-framework/
https://eclypsium.com/2021/01/14/assessing-enterprise-firmware-security-risk-in-2021/

This segment is sponsored by Eclypsium.

Visit https://securityweekly.com/eclypsium to learn more about them!

Guest(s)

Scott Scheferman

Scott Scheferman – Principal Strategist at Eclypsium

@transhackerism

Scott, aka “Shagghie” in the community, is a public speaker, thought leader and cyber strategist. With decades of cyber consulting in both Federal and Commercial domains, he brings strong opinions and insight into any topic covering cyber, privacy, AI/ML, or the intersections of these. Winner of the first defcon badge-hacking contest and a defcon music artist, he currently works to bring urgent awareness to the device and firmware attack surface now being readily exploited.

Hosts

PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

2. Zero Trust, Beyond the Buzzword – 01:15 PM-01:30 PM

Description

Organizations continue to struggle understanding what Zero Trust is, how they move towards it, and ultimately how they implement it. There’s been a lot of co-opting of the term and practitioners are so tired of it and sometimes react in disgust or think that it’s marketing noise. I’d like to talk about the history of Zero Trust and where organizations can focus their efforts to start and/or continue their journey towards ZT.

So what is Zero Trust really?
Can organizations buy Zero Trust?
How do organizations get started implementing Zero Trust?
What kind of skills does an organization need to implement Zero Trust
Where does XDR, EDR, NAV, pick your technology fit in the Zero Trust narrative?

Segment Resources:

https://go.forrester.com/blogs/zero-trust-is-not-a-security-solution-it-is-a-strategy/ https://go.forrester.com/blogs/degree-requirements-are-poisoning-your-cybersecurity-talent-pool/ https://csrc.nist.gov/publications/detail/sp/800-207/final

Guest(s)

Steve Turner

Steve Turner – Analyst – Security and Risk at Forrester Research

@beingageek

Steve is an analyst at Forrester advising security and risk professionals about Zero Trust. Prior to joining Forrester, Steve served multiple security/infrastructure architecture, engineering, and emerging technology roles within the Fortune 500 financial, energy, public, and managed services provider (MSP) sectors.

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

3. MalWare Labs, The Key to the Next Generation of Threat Hunting – 02:00 PM-02:15 PM

Sponsored By

sponsor
Visit https://securityweekly.com/ReversingLabs for more information!

Description

Threat hunters are under increased pressure to rapidly analyze, classify, detect and respond to malicious files. ReversingLabs is stepping forward to address these needs with its new Malware Lab Solution. The ReversingLabs Malware Lab solution powers the next generation of threat hunting by delivering a unique combination of static and dynamic analysis capabilities at scale to identify malicious files including those in the software supply chain.

Porous perimeters, remote workers, and highly targeted attacks such as Sunburst are challenging traditional security infrastructures, processes, and organizational structures, requiring leaders to introduce new malware analysis capabilities that centralize the analysis and investigation of suspected unknown and emergent threats to quickly determine the appropriate response.

A recent ReversingLabs survey of information security professionals validated this need with nearly 40 percent of respondents agreeing their organization could improve security with a more formalized threat hunting and malware lab program. ReversingLabs is addressing this with the ReversingLabs Malware Lab solution that equips threat hunting experts with the industry’s only unified threat analysis engine and console to rapidly analyze, classify, detect and respond to malicious files.

This segment is sponsored by Reversing Labs.

Visit https://securityweekly.com/ReversingLabs to learn more about them!

Press Release: https://blog.reversinglabs.com/newsroom/press-releases/reversinglabs-new-malware-lab-solution-enables-next-generation-of-threat-hunting

ReversingLabs Web Site
https://www.reversinglabs.com/

RSA Microsite:
https://register.reversinglabs.com/rsa-2021

Guest(s)

Mario Vuksan

Mario Vuksan – CEO & Co-Founder at ReversingLabs

Mario founded ReversingLabs in 2009 and currently serves as CEO. In this role he drives all aspects of the company’s strategy, operations and implementation. Prior to ReversingLabs Mario has held senior technical positions at Bit9 (now Carbon-Black), Microsoft, Groove Networks, and PictureTel (now Polycom). He is the author of numerous research studies, speaking regularly at FS-ISAC, RSA, Black Hat and other leading security conferences.

Hosts

PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

4. Third-Party Risk / Supply Chain Risk – 02:45 PM-03:00 PM

Description

Why is third-party risk still such a challenge? Are companies using recent risk events (pandemic, solar winds, Colonial pipeline) as an opportunity to get better at risk management? How can firms better prepare for attacks to their third-party ecosystem?

Segment Resources:

https://go.forrester.com/blogs/make-covid-19-the-supply-chains-final-cautionary-tale/

Guest(s)

Alla Valente

Alla Valente – Analyst, Security & Risk at Forrester Research

@AllaValente

Alla is a senior analyst at Forrester serving security and risk professionals. She covers governance, risk, and compliance (GRC), third-party risk management (TPRM), and supply chain risk management (SCRM). In this role, Alla helps Forrester clients establish strategy, adopt best practices, and select technology to manage risk, address key regulatory compliance issues, and improve business resilience. Her research also includes ethics and trust in digital transformation, RegTech, and protecting the organization’s brand.

Hosts

MattAlderman

Matt Alderman

@maldermania

Executive Director at CyberRisk Alliance

5. Don’t Fall Into the COVID-19 Trap: Prioritize Your Web App Security – 03:30 PM-03:45 PM

Sponsored By

sponsor
Visit https://securityweekly.com/acunetix for more information!

Description

The shift away from web application security, caused by the pandemic and the focus on remote workforces, resulted in an increased number of web vulnerabilities. In this segment, Mark talks about the best starting point for organizations to get back on track and prioritize your web app security.

https://www.acunetix.com/white-papers/acunetix-web-application-vulnerability-report-2021/

This segment is sponsored by Acunetix.

Visit https://securityweekly.com/acunetix to learn more about them!

Guest(s)

Mark Ralls

Mark Ralls – President and Chief Operating Officer at Acunetix by Invicti

Mark Ralls is President and Chief Operating Officer of Invicti Security, a world leader in web application vulnerability scanning. In this role, Mark leads several functions, including the company’s Marketing team. Prior to joining Invicti, Mark was Managing Director of Business Operations at Vista Consulting Group, the consulting arm of Vista Equity Partners. Prior to joining Vista, Mr. Ralls worked as Senior Vice President of Product Management and Strategy at Social Solutions Global, where he led Product Management and Product Marketing teams and was responsible for driving product strategy for nonprofit and public sector customers. Before his time with Social Solutions, Mr. Ralls worked at SolarWinds, a provider of IT management software, where he served as Group Vice President of Business Applications and Analytics. Prior to SolarWinds, Mr. Ralls worked at the Boston Consulting Group, where he consulted for Fortune 1000 clients across a number of industries and functions.

Hosts

MattAlderman

Matt Alderman

@maldermania

Executive Director at CyberRisk Alliance