IE Zero-Day, Flashpoint, Malware Sandboxes – ESW #169

 

 

In the Enterprise News, Paul and Matt cover new InfoSec products of the week, CyberArk’s new JIT access capabilities, a Micro patch that simulates a workaround for the recent zero-day IE flaw, easier and faster AD rollback and recovery with STEALTHbits StealthRECOVER, automating protection from advanced threats with the new Kaspersky Sandbox, compromised credentials monitoring with FlashPoint, and some funding and acquisition updates from Security Compass, Sysdig, Waterfall Security, ServiceNow, and FireEye!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

IE Zero-Day, Flashpoint, Malware Sandboxes

  1. New infosec products of the week: January 17, 2020 – Help Net Security
  2. Security Compass secures funding to enhance solutions portfolio and accelerate growth – Help Net Security – Not entirely certain how they help organizations, looks like they have products as well as services. Requires more digging to identify the value, seems to be a source analyzer…
  3. CyberArk’s new just-in-time access capabilities help reduce risk and improve operational efficiency – Help Net Security – Great features here, all it takes is one production outage or security event and the business can make it really difficult to get code tested and deployed. These features will help organizations be more agile.
  4. Waterfall Security Solutions secures significant new funding round – Help Net Security
  5. Micropatch simulates workaround for recent zero-day IE flaw, removes negative side effects – Help Net Security – If I still had to support Windows 7, I’d consider this: Since the February Patch Tuesday is quite a while away and since Windows 7 and Windows Server 2008 R2 users without Extended Security Updates might not get the patch at all, ACROS Security decided to provide a micropatch that simulates the offered workaround (restricts access to the vulnerable JScript.dll) without its negative side effects (reduced functionality for components or features that rely on that particular .dll).
  6. STEALTHbits StealthRECOVER 1.5: Easier and faster AD rollback and recovery – Help Net Security
  7. New Kaspersky Sandbox automates protection from advanced threats – According to a Kaspersky survey of IT decision-makers, 47% of SMBs and 51% of enterprises say that it is becoming more difficult to differentiate between generic and advanced attacks. This means security analysts have to spend time evaluating numerous suspicious files instead of focusing on investigating, and responding to, the most critical threats. This could be even more challenging, as larger SMBs and small enterprises face an IT security talent shortage, so all the responsibilities of managing security fall on the shoulders of IT departments. While true, but not all sandboxes are the same…I’d look at some of the smaller startups, like Intezer or VMRay, but would also consider some of the free ones as well.
  8. ServiceNow to Acquire Loom Systems – With Loom Systems, ServiceNow will increase customers’ ability to apply AI to their knowledge base of issues and fixes for better insights into root causes and allow them to automate remediation tasks, reducing the number of Level 1 IT incidents. – I believe this is a valid use of AI/machine learning, plenty of data to “learn” from, or at least model and automate decisions and remediation processes. This is important for enterprise SOCs. I’d also look at Siemplify for this as well.
  9. Sysdig Closes $70M in Series E Funding to Enable Enterprises to Confidently Secure Cloud-Native Workloads in Production
  10. FireEye adds Cloudvisory to its stable | SC Media
  11. Flashpoint Introduces Compromised Credentials Monitoring, Helping Organizations Lessen Exposure from Breaches, Leaks – Are there reasons not to do this? Enterprise enables organizations to search and monitor Flashpoint’s unique collections for compromised enterprise accounts and passwords in order to flag accounts, reset employee passwords, and restrict permissions to prevent actors from accessing confidential or personally identifiable information (PII). Again, free vs. commercial argument could be made, but if you are in an enterprise setting, likely money well spent?

Hosts

Matt Alderman
Matt Alderman – CEO
Paul Asadoorian
Paul Asadoorian – Founder & CTO

Guests

Announcements

  • Our next webcast is February 13th with Sri Sundaralingam, Vice President, Product and Solutions Marketing at ExtraHop where we will discuss Cloud Native Network Detection and Response! Register for our upcoming webcasts by visiting securityweekly.com, selecting the webcast drop down from the top menu bar and clicking registration.
  • Join us at InfoSecWorld 2020 – March 30 – April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020 and click the register button to register with our discount code!
  • Attend RSA Conference 2020, February 24-28 and join thousands of security professionals, forward-thinking innovators and solution providers for five days of actionable learning, inspiring conversation and breakthrough ideas. Register before January 24 and save $900 on a Full Conference Pass. Save an extra $150 by going to securityweekly.com/rsac2020 and using our code to register!