Enterprise Security Weekly (Audio)
373 episodes - English - Latest episode: 4 days ago - ★★★★★ - 14 ratingsHosted by Adrian Sanabria, Tyler Shields, Katie Teitler, and Sean Metcalf.
If you’re looking for advice and information on enterprise security solutions, look no further than Enterprise Security Weekly! We give you an “insider” perspective into security vendors, including coverage on new product announcements, integrations, funding, M&A, and more! Adrian, Tyler, Katie, and Sean have unique perspectives on the enterprise security landscape. All four hosts are former analysts. Adrian has been a consultant, practitioner, founder, and runs Security Weekly Labs. Tyler has spent many years as a marketing executive for security vendors. Katie has also recently moved to a vendor marketing role. Sean is founder and CTO at Trimarc Security, a professional services company which focuses on improving enterprise security. Together they provide valuable resources for protecting the enterprise and following the market each week!
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
This Week: short on funding, long on research and analysis & RSAC Interviews - ESW #363
May 24, 2024 16:11 - 2 hours - 146 MBOnly one funding announcement this week, so we dive deep into Thoma Bravo's past and present portfolio. They recently announced a sale of Venafi to Cyberark and no one is quite sure how much of a hand they had in the LogRhythm/Exabeam merger, and whether or not they sold their stake in the process. We also have a crazy stat Ross Haleliuk spotted in Bessemer's analysis: "13 out of 14 cybersecurity companies acquired in the past year for over $100M were from Israel". Is this an anomaly? Does...
Post-RSAC, Our Heads Are Spinning, and Big News Keeps on Coming! Plus On-Site Interviews from RSAC - ESW #362
May 16, 2024 21:28 - 2 hours - 126 MBSuddenly SIEMs are all over the news! In a keynote presentation, Crowdstrike CEO George Kurtz talked about the company's "next-gen" SIEM. Meanwhile, Palo Alto, who was taken to task by some for not having an active presence on the RSAC expo floor, hits the headlines for acquiring IBM's SIEM product, just to shut it down! Meanwhile, LogRhythm and Exabeam merge, likely with the hopes of weathering the coming storm. The situation seems clear - there's no such thing as "best of breed" SIEM an...
Executive Interviews from RSAC! - ESW #361
May 09, 2024 19:00 - 2 hours - 149 MBTune in to hear 9 executive interviews from RSA Conference 2024, featuring speakers from Zscaler, Open Systems, Aryaka, OpenText, Hive Pro, Critical Start, Anomali, Cyware, and Pentera! Find individual descriptions for each interview on the show notes. Show Notes: https://securityweekly.com/esw-361
Preparation: The Less Shiny Side of Incident Response - Joe Gross - ESW #360
May 02, 2024 22:36 - 1 hour - 108 MBIt's the most boring part of incident response. Skip it at your peril, however. In this interview, we'll talk to Joe Gross about why preparing for incident response is so important. There's SO MUCH to do, we'll spend some time breaking down the different tasks you need to complete long before an incident occurs. Resources 5 Best Practices for Building a Cyber Incident Response Plan This segment is sponsored by Graylog. Visit https://securityweekly.com/graylog to learn more about them! ...
Autonomous - I don't think that word means what you think it means - Adam Shostack, Ely Kahn - ESW #359
April 25, 2024 19:00 - 1 hour - 105 MBA clear pattern with startups getting funding this week are "autonomous" products and features. Automated detection engineering Autonomously map and predict malicious infrastructure ..."helps your workforce resolve their own security issues autonomously" automated remediation automated compliance management & reporting I'll believe it when I see it. Don't get me wrong, I think we're in desperate need of more automation when it comes to patching and security decision-making. I just ...
From Hackers to Streakers - How Counterintelligence Teams are Protecting the NFL - Joe McMann - ESW #358
April 18, 2024 22:21 - 1 hour - 97.2 MBProtecting a normal enterprise environment is already difficult. What must it be like protecting a sports team? From the stadium to merch sales to protecting team strategies and even the players - securing an professional sports team and its brand is a cybersecurity challenge on a whole different level. In this interview, we'll talk to Joe McMann about how Binary Defense helps to protect the Cleveland Browns and other professional sports teams. This week, Adrian and Tyler discuss some cr...
Understanding KillNet and Recent Waves of DDoS Attacks - Michael Smith - ESW #357
April 11, 2024 22:34 - 1 hour - 94.4 MBIn the days when Mirai emerged and took down DynDNS, along with what seemed like half the Internet, DDoS was as active a topic in the headlines as it was behind the scenes (check out Andy Greenberg's amazing story on Mirai on Wired). We don't hear about DDoS attacks as much anymore. What happened? Well, they didn't go away. DDoS attacks are a more common and varied tool of cybercriminals than ever. Today, Michael Smith is going to catch us up on the state of DDoS attacks in 2024, and we'll...
Getting Vulnerability Management Back on the Rails - Patrick Garrity - ESW #356
April 05, 2024 09:00 - 1 hour - 100 MBNVD checked out, then they came back? Maybe? Should the xz backdoor be treated as a vulnerability? Is scan-driven vulnerability management obsolete when it comes to alerting on emerging threats? What were some of the takeaways from the first-ever VulnCon? EPSS is featured in over 100 security products, but is it properly supported by those that benefit from it? How long do defenders have from the moment a vulnerability is disclosed to patch or mitigate it before working exploits ar...
Why cyber hygiene requires curious talent - Clea Ostendorf - ESW #355
March 29, 2024 18:29 - 1 hour - 94.1 MBMany years ago, I fielded a survey focused on the culture of cybersecurity. One of the questions asked what initially drew folks to cybersecurity as a career. The most common response was a deep sense of curiosity. Throughout my career, I noticed another major factor in folks that brought a lot of value to security teams: diversity. Diversity of people, diversity of background, and diversity of experience. I've seen auto mechanics, biologists, and finance experts bring the most interesting...
Top 5 Myths About API Security and What to Do Instead - Robert Dickinson - ESW #354
March 22, 2024 17:59 - 1 hour - 92.6 MBWhile awareness and attention towards cybersecurity are on the rise, some popular and persistent myths about cybersecurity have almost become threats themselves. API security requires a modern understanding of the threat landscape, with the context that most API providers desire to be more open and accessible to all. We will debunk the 5 worst myths about protecting your APIs. Segment Resources: API Security Basics - Everything You Need to Know Graylog API Security - Gain Visibility & C...
Addressing Identity-Related Threats in 2024 - Rod Simmons - ESW #353
March 15, 2024 21:00 - 1 hour - 101 MBIn this interview, we talk to Rod Simmons, the VP of Product Strategy at Omada. We'll discuss the complex topic of securing identities against ever growing threats. We'll discuss challenges like unnecessary access, accounts with too many permissions, and a threat landscape that is increasingly finding success from targeting identities. Finally, we'll discuss where the Identity Governance and Administration (IGA) market is going. Segment Resources: Analyst Report: The State of Identity Go...
What can we do today to prevent tomorrow's breach? - Michael Mumcuoglu - ESW #352
March 07, 2024 23:03 - 1 hour - 93.4 MBDefenders spend a lot of time and money procuring and implementing security controls. At the heart of SecOps and the SOC are technologies like XDR, SIEM, and SOAR. How do we know these technologies are going to detect or prevent attacks? Wait for the annual pen test? Probably not a good idea. In this segment, we'll talk with Michael Mumcuoglu about how MITRE's ATT&CK framework can help defenders better prepare for inevitable attack TTPs they'll have knocking on their doors. Segment Res...
Hacktivism Unveiled: Insights into the Footprints of Hacktivists - Pascal Geenens - ESW #351
March 01, 2024 00:12 - 1 hour - 113 MBPascal Geenens from Radware joins us to discuss the latest research findings relating to hacktivists an other actors using volumetric and other network-based attacks. We'll discuss everything from the current state of DDoS attacks to use in the military and even the impact of cyberattacks on popular culture! You can find the report Pascal mentions here, on Radware's website: https://www.radware.com/threat-analysis-report/ In this week's news segment, we discuss the lack of funding announ...
Threat Intelligence & Threat Hunting - Chris Cochran - ESW Vault
February 22, 2024 15:00 - 22 minutes - 10.2 MBCheck out this interview from the ESW Vault, hand picked by main host Adrian Sanabria! This segment was originally published on September 22, 2021. Chris will discuss the relevance of intelligence and threat hunting today and how they work together. He will also talk about his EASY framework for creating impactful intelligence and its relation to hunting! Show Notes: https://securityweekly.com/vault-esw-8
Material: cybersecurity word of the year, thanks to the SEC - Amer Deeba - ESW #350
February 15, 2024 23:45 - 1 hour - 101 MBIn this segment, featuring guest Amer Deeba, we'll explore how the SEC's new breach reporting rules will affect companies. We've got a ton of questions: What behavior has to change? What additional preparation needs to take place? How does this rule affect data security? How does it affect crisis communications? And most importantly, when is an incident "material"? This is almost a special episode on crazy new products. For the first half of the show, we discuss startup funding, market f...
Zero-Trust is Meaningless if Your Cryptography is Flakey - Vincent Berk - ESW #349
February 09, 2024 17:54 - 1 hour - 87.4 MBLegacy systems are riddled with outdated and unreliable cryptographic standards. So much so that recent proprietary research found 61 percent of the traffic was unencrypted, and up to 80% of encrypted network traffic has some defeatable flaw in its encryption No longer can enterprises take their cryptography for granted, rarely evaluated or checked. Knowing when, where and what type of cryptography is used throughout the enterprise and by which applications is critical to your overall se...
The Elephant in the Pipeline: Securing the Wild, Untamed Software Supply Chain - Pete Morgan - ESW #348
February 01, 2024 23:21 - 1 hour - 98.2 MBWe've seen general users targeted with phishing, financial employees targeted for BEC scams, and engineers targeted for access to infrastructure. The truly scary attacks, however, are the indirect ones that are automated. The threats that come in via software updates, or trusted connections with third parties. The software supply chain is both absolutely essential, and fragile. A single developer pulling a tiny library out of NPM can cause chaos. A popular open source project changing hand...
2024: The Year Cross-Platform Endpoint Management Finally Gets Good? - Zach Wasserman - ESW #347
January 25, 2024 00:00 - 1 hour - 130 MBWe interview the co-founder and CTO of Fleet to understand why good, cross platform MDM/EMM has been such a challenge for so many years. Want good Windows device management? You're probably going to compromise on MacOS management. Ditto for Windows if you prioritize your Macs. Want good Linux device management? It doesn't exist. Hopefully, Fleet can change all that in 2024, as they aim to complete their support for all major platforms, using the open source OSQuery project as their base. ...
Creating Trust in Biometric Authentication for Identity Verification - Sabrina Gross - ESW #346
January 19, 2024 15:37 - 1 hour - 130 MBThe general public has varied opinions of biometric authentication, and an increasingly reluctant relationship with it, as more and more facial recognition is forced upon us (especially those of us that travel frequently). Facial recognition doesn't work for everyone, so what other options do we have? In this interview, we'll explore accessibility in identity verification and the viability of voice-based authentication. How big an issue are AI-powered voice imposters? How will companies li...
GenAI Threats and Concerns, Building a Security Business Around Open Source - Ev Kontsevoy, Greg Notch - ESW #345
January 11, 2024 23:58 - 2 hours - 206 MBGenAI hype is still at peak levels, but clearly some of the hopes and dreams pinned on it will fail, while other use cases we haven't even imagined will become commonplace. Greg Notch joins us to share his thoughts on what security leaders and the general public should be more or less worried about when it comes to GenAI. Many founders and early stage startups closely guard product details and information about their roadmap and go-to-market plan. Is it a bad idea then to build a company b...
2023 End-of-Year Wrapup - ESW Vault
January 04, 2024 17:25 - 49 minutes - 25.3 MBThis is a special episode of ESW: our year-end wrapup for 2023. Want to make sure you didn't miss any big stories in 2023? This is the episode to check out! In under an hour, we'll summarize 2023, covering things like: our mindset coming into 2023 from 2022 how 2023 kicked off some special themed episodes we recorded in 2023 the state of the fragile and recovering startup market key acquisitions in 2023 and some acquisition rumors that never led to anything breach post-mortems and...
MegatronAL on Kicking in the Door to Cybersecurity - Angela Marafino - ESW Vault
December 28, 2023 17:00 - 28 minutes - 13.1 MBI once told my college advisor that I wanted to double major in computer science and jazz performance. She laughed at me. Instead, I jumped into a career in IT and played jazz - without a degree in either. Turns out, that was fine - the industry valued experience and results over academic achievement. Today's guest has two degrees, one in fine arts, one in pre-law, and that's also fine. If there's anything I've learned in InfoSec, it's the mind that matters most, less so the degrees or certs...
2023 Funding, SASE Certification - Mike Privette, Pascal Menezes - ESW #344
December 22, 2023 16:28 - 2 hours - 264 MBWe're excited to give an end-of-year readout on the performance of the cybersecurity industry with Mike Privette, founder of Return on Security and author of the weekly Security, Funded newsletter. This year, this podcast has leaned heavily on the Security, Funded newsletter to prep for our news segment, as it provides a great summary of all the funding and M&A events going on each week. In this segment, we look back at 2023, statistics for the year, comparisons to 2022, interesting insigh...
Identity Verification, Telemetry Data, Pickleball Chaos - Tucker Callaway, Rob O'Farrell - ESW #343
December 15, 2023 22:00 - 2 hours - 277 MBOn this podcast, we've often struggled with whether or not to include stories and discussion on identity verification. Is identity verification cybersecurity proper, or cybersecurity adjacent as part of fraud prevention? As always, when we're unsure, we find folks to talk to and learn more. Today, we'll be learning about weak points in the identity verification chain from Rob O'Farrell. He'll also be helping us to understand what identity verification is, and why it's important to cybersec...
Lessons from 10 years running the first cyber-exclusive investment firm - Bob Ackerman - ESW #342
December 08, 2023 13:26 - 1 hour - 144 MBBob Ackerman argues that, from an investment perspective, cybersecurity is like life sciences - a complex, nuanced field that is difficult field to invest in part-time. So his firm, Allegis Cyber, became one of the first to focus exclusively on investing in cyber startups. In this segment, we'll discuss one of Allegis's recent investments, SixMap, and Bob's other investment/accelerator vehicle, Data Tribe. Data Tribe sources investments from national intelligence, with examples like Dragos t...
Non-profits need security too & Cybercrime is booming - Keith Jarvis, Kelley Misata - ESW #341
December 02, 2023 00:00 - 2 hours - 152 MBWhile non-profit doesn't mean "no budget" when it comes to cybersecurity, a lot of smaller to mid-sized non-profits operate on a shoestring, with little to no money for cybersecurity talent or spending. This is where Sightline Security steps in. Sightline's founder and CEO, Kelley Misata joins us today to explain how her own non-profit helps other non-profits improve their cybersecurity posture. As with any category of trends, the success rate of cybercrime ebbs and flows. As Russia seems ...
Breaking into Cyber – Perspective from a High School - Tim Cathcart - ESW Vault
November 23, 2023 18:00 - 32 minutes - 14.7 MBHigh School students represent the very beginning of the pipeline for the Cyber industry. What are the attitudes and perspectives of these young people? How can we attract the best and brightest into our industry? Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/vault-esw-5
Exploring the Intersection of Security for Edge Computing and Endpoint - Theresa Lanowitz, Mani Keerthi Nagothu - ESW #340
November 16, 2023 23:42 - 2 hours - 158 MBOnce again, Theresa Lanowitz joins us to discuss Edge Computing, but with a twist this time, as Mani Keerthi Nagotu from SentinelOne joins us as well! As a field CISO, Mani knows all too well the struggles security leaders are going through, given the current market and threat landscape: Maybe not less budget, but more pressure to produce results and justify spending Security leaders being held personally accountable for performance Potential layoffs, and the need to achieve the same go...
Aidan Holland, Kelly Shortridge - ESW #339
November 10, 2023 22:00 - 2 hours - 146 MBToday, we discuss the state of attack surface across the Internet. We've known for decades now that putting an insecure service on the public Internet is a recipe for disaster, often within minutes. How has this knowledge changed the publicly accessible Internet? We find out when we talk to Censys's Aidan Holland today. We've reached an inflection point in security. There are a handful of organizations regularly and successfully stopping cyber attacks. Most companies haven't gotten there, ...
Jackie McGuire, Hank Thomas - ESW #338
November 03, 2023 21:00 - 2 hours - 147 MBIn this segment, we discuss the current state of the market recovery with Hank Thomas, founder of Strategic Cyber Ventures. We've got market questions, like: What has changed in the last year? Are IPOs coming back any time soon? How large is the cybersecurity death pool? What do early and mid-sized startups need to do to survive in the current market? There is little to no organization of data within companies in 2023. We're all guilty of this at some level. The download folders an...
Marco Genovese, Noriko Bouffard, Chad Cardenas - ESW #337
October 27, 2023 21:00 - 2 hours - 125 MBIn the age of remote and hybrid work, employees are now spending most of their time in the browser or virtual meetings, making the browser an increasingly important part of an enterprise's security strategy. According to Gartner, “By 2030, enterprise browsers will be the core platform for delivering workforce productivity and security software on managed and unmanaged devices for a seamless hybrid work experience.” Learn more about: The browser's role in a business's security strategy H...
Shane Sims, Philippe Humeau - ESW #336
October 20, 2023 21:00 - 2 hours - 147 MBToday we interview Shane Sims, CEO of Kivu Consulting. We'll be talking about the current state of cybercrime and insights from incidents his consulting firm has recently worked. We'll discuss some of the latest stats and trends related to ransomware, as well as thoughts on future cybercrime trends. Shane will also share some stories from his time as an FBI agent, working undercover as a cybercriminal. Segment Resources: Report - Mitigating Ransomware Risk: Determining Optimal Strategies f...
Trustworthy AI, ISW Interviews - Pamela Gupta - ESW #335
October 13, 2023 21:00 - 1 hour - 138 MBThe world of AI is exploding, as excitement about generative AI creates a gold rush. We've already seen a huge number of new GenAI-based startups, products, and features flooding the market and we'll see a lot more emerge over the next few years. Generative AI will transform how we do business and how we interact with businesses, so right now is an excellent time to consider how to adopt AI safely. Pamela Gupta's company literally has "trust" and "AI" in the name (Trusted.ai), so we couldn...
Lessons From the Last Year's Breaches, ISW Interviews - ESW #334
October 06, 2023 18:00 - 2 hours - 196 MBIn this segment, we'll explore some of the most useful lessons and interesting insights to come out of the last year's worth of breaches and data leaks! We'll explain why we will NOT be covering MGM in this segment. The breaches we will be covering include: - Microsoft AI Research Data Leak - Microsoft/Storm-0558 - CommutAir - Riot Games - Lastpass - CircleCI - RackSpace - Drizly (yes, this breach is older, but the full story just wrapped a year ago!) On this week's news segment, ...
Golden SaaS Age, Edge Computing, Cisco/Splunk - Allie Mellen, Theresa Lanowitz, Yoni Shohet, Chris Goettl - ESW #333
September 29, 2023 21:00 - 2 hours - 119 MBWe ALL use SaaS. It has become ubiquitous in both our personal and professional lives. Somehow, the SaaS Security market has only recently began to emerge. Today's interview with Yoni Shohet, co-founder and CEO of Valence Security, aims to understand why it has taken so long for SaaS Security products to come to market, what that market currently looks like, and what a SaaS Security product actually does. The concept of Edge computing has evolved over the years and now has a distinct role ...
2024 Security Planning, Better Tabletop Exercises - Merritt Maxim, Ryan Fried - ESW #332
September 22, 2023 21:00 - 2 hours - 127 MBForrester Research releases a few annual reoccurring cybersecurity reports, but one of the biggest that covers the most ground is the Security Risk Planning Guide, which was recently released for 2024. One of the report's 17 authors, and research director, Merritt Maxim, will walk us through the report's most interesting insights and highlights. This is going to be considerably interesting considering some of this year's trends impacting security teams: An economic downturn, resulting in la...
MDR & Self Sabotage, Detection Difficulty - Jason Lassourreille, Chris Sanders - ESW #331
September 15, 2023 21:00 - 2 hours - 140 MBDiscussing ways to ensure client success with MDR and discuss the ways organizations hurt MDR efficacy with overly broad global exclusions, poor deployment practices, and poor policy hygiene. This segment is sponsored by Sophos. Visit https://securityweekly.com/sophos to learn more about them! We talk to Chris Sanders today, who has been steeped in the world of SecOps and detection/response for many years. After many years of writing books and training folks in the cybersecurity industry, he...
Why Data Privacy is Being Overhauled in 2023 - Dan Frechtling - ESW Vault
September 07, 2023 16:00 - 44 minutes - 20.5 MBCheck out this interview from the ESW Vault, hand picked by main host Adrian Sanabria! This segment was originally published on November 18, 2022. This segment will focus on (1) Why Did Sephora Get Fined $1.2M and Why Are They on Probation? (2) Why Data Privacy is Being Overhauled in 2023 (and How You Can Be Ready) Segment Resources: https://www.consumerreports.org/electronics-computers/privacy/i-said-no-to-online-cookies-websites-tracked-me-anyway-a8480554809/ https://www.geekwire.c...
Simplify Your Audit Process, News, BlackHat Interviews - Tomer Bar, Raghu Nandakumara, Erik Huckle - ESW #330
September 01, 2023 21:00 - 2 hours - 145 MBHaving direct visibility into your access data is crucial for two reasons: 1. Simplifying audit preparation and 2. Managing progress of your identity program to ensure peak performance. Internal auditors and compliance managers need easy access to granular data points to understand and demonstrate compliance to external agencies. Gaining access to real time data creates a great deal of autonomy for audit and identity teams to be able to delve deep into their identity programs and prove compl...
Tackling the Perennial Problem of Device Management, News, BlackHat Interviews - Jason Meller - ESW #329
August 25, 2023 21:00 - 2 hours - 144 MBIncredibly, the seemingly simple task of managing corporate-owned devices is still a struggle for most organizations in 2023. Maybe best MDM for Mac doesn't work with Windows, or the best MDM for Windows doesn't work with Mac. Maybe neither have Linux support. Perhaps they don't provide enough insight into the endpoint, or control over it. Whatever the case, security leaders never seem satisfied with their MDM solution and are always investigating new ones. Now, Kolide has stepped in with a ...
News and Interviews from BlackHat 2023 - ESW #328
August 18, 2023 21:00 - 2 hours - 122 MBIn the Enterprise Security News, 1. Check Point buys Perimeter 81 to augment its cybersecurity 2. 2023 Layoff Tracker: SecureWorks Cuts 300 Jobs 3. Hackers Rig Casino Card-Shuffling Machines for ‘Full Control’ Cheating 4. ‘DoubleDrive’ attack turns Microsoft OneDrive into ransomware 5. NYC bans TikTok on city-owned devices As more organizations explore edge computing, understanding the entire ecosystem is paramount for bolstering security and resiliency, especially within a critical in...
Black Hat Startup Spotlight Finalists - Alex Matrosov, Ian Amit - ESW #327
August 11, 2023 21:00 - 2 hours - 140 MBBinarly is one of only a few startups focused on highlighting security issues in firmware. The company has discovered a remarkable number of vulnerabilities in firmware in a very short time. Its' founder, Alex Matrosov, joins us to discuss insights discovered along his company's journey to convince vendors that firmware is worth securing. This week in the Enterprise News, we discuss Kubernetes attacks and CPU attacks. We also have a better idea of what valuation losses might be for security ...
Surging Email Impersonation Threats, Creating Online Kids' Safety Community - Fareedah Shaheed, John Wilson - ESW #326
August 04, 2023 21:00 - 2 hours - 127 MBWhile malware and ransomware tend to dominate cybersecurity headlines, Fortra’s research shows that nearly 99% of email threats reaching corporate inboxes utilize impersonation rather than malware. Email impersonation is a key component of credential phishing, advance fee fraud, hybrid vishing, and business email compromise schemes. Because email impersonation scams rely on social engineering rather than technology, the barrier to entry for an aspiring cybercriminal is almost non-existent. I...
Rethinking the CISO Model, Edge Ecosystem Insights - Nathan Case, Theresa Lanowitz - ESW #325
July 28, 2023 21:00 - 2 hours - 139 MBThe traditional concept of the CISO may literally be 'too much', according to Nathan Case. It's based on systems of control and unrealistic assumptions that don't survive contact with real life. In this conversation, we'll discuss what the top security leadership role should be, and how it differs from the current/old school concept. The concept of Edge computing has evolved over the years and now has a distinct role alongside the public cloud. AT&T Cybersecurity just released their 12...
Enhancing Enterprise Security UX: Embracing Zero-ish Trust - Ryan Fried, Juliet Okafor - ESW #324
July 21, 2023 21:00 - 2 hours - 134 MBToday, we talk to Juliet about what's wrong with security programs today and what security leaders should be doing to fix them. We'll discuss how security programs can look rosy... until the incident hits, and the true posture of the organization is laid bare. How can CISOs still look good and maintain the org's trust under the worst of circumstances? In this interview, Jules will tell us how. Zero Trust is an imperfect concept and is often impractical to deploy comprehensively at scale, but...
SIEM Rules - Eric Capuano, Tim MalcomVetter - ESW #323
July 14, 2023 21:00 - 2 hours - 136 MBInfoSec might have a hoarding problem, but it’s easy to understand why. It’s almost impossible to know what logs you’re doing to need, when you’re going to need them, or for what reason. SIEM vendors have taken advantage of these InfoSec data FOMO tendencies, however, and are making a killing charging a premium for storage - even when the storage in question is your own on-prem hardware. There ARE alternatives, however, but it seems most folks aren’t aware of this. In this interview with Eri...
Zero to Full Domain Admin: The Real-World Story of a Ransomware Attack - Joseph Carson - ESW Vault
July 06, 2023 09:00 - 35 minutes - 17.4 MBCheck out this interview from the ESW Vault, hand picked by main host Adrian Sanabria! This segment was originally published on August 11, 2022. Following in the footsteps of an attacker and uncovering their digital footprints, this episode will uncover an attacker’s techniques used and how they went from zero to full domain admin compromise, which resulted in a nasty ransomware incident. It will also cover general lessons learned from Ransomware Incident Response. Visit https://www....
Unveiling DSPM & the Future of Cloud Data Security: State of IoT in 2023 - Dan Benjamin, Paddy Harrington - ESW #322
June 30, 2023 21:00 - 2 hours - 139 MBSecuring data is hard. Business stops when data flows are hindered, stopped, sometimes even slowed. Placing controls around data traditionally leads to more friction and less productivity. Can it be a different story in the cloud? Today, we find out when we talk to Dan Benjamin about why he founded Dig and the space they're trying to fill in public cloud services. Paddy Harrington joins us from Forrester research to discuss his findings in this year's state of IoT security report. Computers ...
How Good CISOs Build Bad Security Programs - Juliet Okafor - ESW Vault
June 22, 2023 16:40 - 34 minutes - 16.6 MBCheck out this interview from the ESW Vault, hand picked by main host Adrian Sanabria! This segment was originally published on September 29, 2021. No Man is an Island. Neither can a security program exist without interconnections and strong relationships to the rest of the business. Yet, over and over again I meet Security Leaders that thrive on designing security fiefdoms with large moats, and one bridge that they roll down only when they intend to roll out a new technology, initiati...
Downer News Week - Andrew Mundell, Daniel Corbett - ESW #321
June 16, 2023 21:00 - 2 hours - 164 MBThe WAF has a relatively long history with InfoSec. A few years back, we saw the traditional architecture separated by new technologies and philosophies on the best way to detect and stop web-borne attacks. In this episode with Daniel Corbett, we'll take a deep dive into the latest on WAF capabilities, what it means to be 'next-gen' in the WAF world, and how LLM AI like ChatGPT could influence the attacks we see (and have to defend against) in the near future. Explore the rapidly-evolving la...