Enterprise Security Weekly (Video) – Détails, épisodes et analyse

This week, the cybersecurity industry's most basic assumptions under scrutiny. Following up our conversation with Wolfgang Goerlich, where he questions the value of phishing simulations, we discuss essays that call into question:

• the maturity of the industry
• the supposed "talent gap" with millions of open jobs despite complaints that this industry is difficult to break into
• cybersecurity's 'delusion' problem

Also some whoopsies:

• researchers accidentally take over a TLD
• When nearly all your customers make the same insecure configuration mistakes, maybe it's not all their fault, ServiceNow finds out

Fortinet has a breach, but is it really accurate to call it that?

Some Coalfire pentesters that were arrested in Iowa 5 years ago share some unheard details about the event, and how it is still impacting their lives on a daily basis five years later.

The news this week isn't all negative though! We discuss an insightful essay on detection engineering for managers from Ryan McGeehan is a must read for secops managers.

Finally, we discuss a fun and excellent writeup on what happens when you ignore the integrity of your data at the beginning of a 20 year research project that resulted in several bestselling books and a Netflix series!

Show Notes: https://securityweekly.com/esw-376

In this episode, we explore some compelling reasons for transitioning from traditional SOAR tools to next-generation SOAR platforms. Discover how workflow automation and orchestration offers unparalleled speed and flexibility, allowing organizations to stay ahead of evolving security threats. We also delve into how advancements in AI are driving this shift, making new platforms more adaptable and responsive to current market demands.

Segment Resources:

• Learn more about using Tines for Security
• Peruse the Tines library of 'Stories' built by Tines partners and customers
• Learn how to integrate AI tooling into Tines stories and workflows

This segment is sponsored by Tines. Visit https://securityweekly.com/tines to learn more about them!

Show Notes: https://securityweekly.com/esw-376

Join Swimlane CISO, Mike Lyborg and Security Weekly’s Mandy Logan as they cut through the AI peanut butter! While Generative AI is the not-so-new hot topic, it's also not the first time the cybersecurity industry has embraced emerging technology that can mimic human actions. Security automation and its ability to take action on behalf of humans have paved the way for generative AI to be trusted (within reason). The convergence and maturity of these technologies now have the potential to revolutionize how SecOps functions while force-multiplying SOC teams.

This segment is sponsored by Swimlane. Visit https://securityweekly.com/swimlanebh to learn more about them!

ProCircular, is a security automaton power-user and AI early adopter. Hear from Swimlane customer, Brandon Potter, CTO at ProCircular, about how use of Swimlane, has helped his organization increase efficiency, improve security metrics and ultimately grow their customer base without increasing headcount.

Segment Resources:

• ProCircular Case Study
• ProCircular Web Site

This segment is sponsored by Swimlane. Visit https://securityweekly.com/swimlanebh to learn more about them!

Show Notes: https://securityweekly.com/esw-373

As with any category of trends, the success rate of cybercrime ebbs and flows. As Russia seems be a safe haven for cybercriminals, it seemed for a while that the war in Ukraine might disrupt this activity. It did, but only for a short while.

Keith Jarvis walks us through the latest types, tactics, and trends in cybercrime. Secureworks' latest State of the Threat report reveals a disturbing dichotomy: how is it we understand our adversaries' so well, but continue to fail to stop them? In this interview, we aim to understand what needs to happen to tilt the odds a bit back in our favor.

Segment Resources:

• Secureworks State of the Threat Report
• Press Release

Show Notes: https://securityweekly.com/esw-341

Do you know what Macworld and Cloudflare are? Paul and John Strand talk about these topics and Threat Intelligence!

http://wiki.securityweekly.com/wiki/index.php/ES_Episode2

Paul and John Strand begin a new series here on Security Weekly. They delve into Threat Hunting, FireEye, Tripwire IP360, and much more. Check this prime OG Episode of Enterprise Security Weekly!

While non-profit doesn't mean "no budget" when it comes to cybersecurity, a lot of smaller to mid-sized non-profits operate on a shoestring, with little to no money for cybersecurity talent or spending. This is where Sightline Security steps in. Sightline's founder and CEO, Kelley Misata joins us today to explain how her own non-profit helps other non-profits improve their cybersecurity posture.

Show Notes: https://securityweekly.com/esw-341

High School students represent the very beginning of the pipeline for the Cyber industry. What are the attitudes and perspectives of these young people? How can we attract the best and brightest into our industry?

Show Notes: https://securityweekly.com/vault-esw-5

Finally, in the enterprise security news,

1. Lots of new security startups with early stage funding
2. SentinelOne picks up Chris Krebs and Alex Stamos’s consulting firm
3. PE firm picks up ActiveState - a company I haven’t thought about since I last downloaded ActiveState Perl 1000 years ago
4. Microsoft announces the limited release of Security Copilot
5. Semgrep releases a secrets scanner
6. AGI predicted to come much sooner than you might expect
7. NY State doubles down on cybersecurity regulations to protect its hospitals
8. the young hackers behind Mirai, one of the biggest botnets ever
9. Ransomware groups snitch on businesses to the SEC

Show Notes: https://securityweekly.com/esw-340

We regularly cover significant breaches on this podcast, but it is rare that we have enough information about a major breach to cover in enough detail to devote an entire segment to. Today, we dive into lessons learned from the breach of Okta's customer support system that targeted some other major security vendors.

This is part of a troubling trend, where the target of an attack only serves as a jumping off point to other organizations. China's 2023 attack of Microsoft is an example of this. It was easier to attack Microsoft 365, one of the world's largest business SaaS platforms, than to go after each of the 25 individual targets these Chinese actors needed access to.

Traditionally, we've thought of lateral movement as something that happens within a network segment, or even within a single organization. Now, we're seeing lateral movement between SaaS platforms, between clouds, from third party vendors to customer, and even from open source project to open source adopters.

In this segment, we'll cover five key lessons learned from Okta's breach, from information shared by Okta and three of its customers: 1Password, Cloudflare, and BeyondTrust.

1. Protect Your Session Tokens
2. Monitor for Unusual Behavior
3. SaaS Vendors Are Common Targets
4. Zero Trust Principles Work
5. MFA Isn't a Binary (on or off) Control

Segment Resources

• https://www.valencesecurity.com/resources/blogs/five-lessons-learned-from-oktas-support-site-breach

Show Notes: https://securityweekly.com/esw-340