This week, the cybersecurity industry's most basic assumptions under scrutiny. Following up our conversation with Wolfgang Goerlich, where he questions the value of phishing simulations, we discuss essays that call into question:

• the maturity of the industry
• the supposed "talent gap" with millions of open jobs despite complaints that this industry is difficult to break into
• cybersecurity's 'delusion' problem

Also some whoopsies:

• researchers accidentally take over a TLD
• When nearly all your customers make the same insecure configuration mistakes, maybe it's not all their fault, ServiceNow finds out

Fortinet has a breach, but is it really accurate to call it that?

Some Coalfire pentesters that were arrested in Iowa 5 years ago share some unheard details about the event, and how it is still impacting their lives on a daily basis five years later.

The news this week isn't all negative though! We discuss an insightful essay on detection engineering for managers from Ryan McGeehan is a must read for secops managers.

Finally, we discuss a fun and excellent writeup on what happens when you ignore the integrity of your data at the beginning of a 20 year research project that resulted in several bestselling books and a Netflix series!

Show Notes: https://securityweekly.com/esw-376

In this episode, we explore some compelling reasons for transitioning from traditional SOAR tools to next-generation SOAR platforms. Discover how workflow automation and orchestration offers unparalleled speed and flexibility, allowing organizations to stay ahead of evolving security threats. We also delve into how advancements in AI are driving this shift, making new platforms more adaptable and responsive to current market demands.

Segment Resources:

• Learn more about using Tines for Security
• Peruse the Tines library of 'Stories' built by Tines partners and customers
• Learn how to integrate AI tooling into Tines stories and workflows

This segment is sponsored by Tines. Visit https://securityweekly.com/tines to learn more about them!

Show Notes: https://securityweekly.com/esw-376

Join Swimlane CISO, Mike Lyborg and Security Weekly’s Mandy Logan as they cut through the AI peanut butter! While Generative AI is the not-so-new hot topic, it's also not the first time the cybersecurity industry has embraced emerging technology that can mimic human actions. Security automation and its ability to take action on behalf of humans have paved the way for generative AI to be trusted (within reason). The convergence and maturity of these technologies now have the potential to revolutionize how SecOps functions while force-multiplying SOC teams.

This segment is sponsored by Swimlane. Visit https://securityweekly.com/swimlanebh to learn more about them!

ProCircular, is a security automaton power-user and AI early adopter. Hear from Swimlane customer, Brandon Potter, CTO at ProCircular, about how use of Swimlane, has helped his organization increase efficiency, improve security metrics and ultimately grow their customer base without increasing headcount.

Segment Resources:

• ProCircular Case Study
• ProCircular Web Site

This segment is sponsored by Swimlane. Visit https://securityweekly.com/swimlanebh to learn more about them!

Show Notes: https://securityweekly.com/esw-373

As with any category of trends, the success rate of cybercrime ebbs and flows. As Russia seems be a safe haven for cybercriminals, it seemed for a while that the war in Ukraine might disrupt this activity. It did, but only for a short while.

Keith Jarvis walks us through the latest types, tactics, and trends in cybercrime. Secureworks' latest State of the Threat report reveals a disturbing dichotomy: how is it we understand our adversaries' so well, but continue to fail to stop them? In this interview, we aim to understand what needs to happen to tilt the odds a bit back in our favor.

Segment Resources:

• Secureworks State of the Threat Report
• Press Release

Show Notes: https://securityweekly.com/esw-341

While non-profit doesn't mean "no budget" when it comes to cybersecurity, a lot of smaller to mid-sized non-profits operate on a shoestring, with little to no money for cybersecurity talent or spending. This is where Sightline Security steps in. Sightline's founder and CEO, Kelley Misata joins us today to explain how her own non-profit helps other non-profits improve their cybersecurity posture.

Show Notes: https://securityweekly.com/esw-341

High School students represent the very beginning of the pipeline for the Cyber industry. What are the attitudes and perspectives of these young people? How can we attract the best and brightest into our industry?

Show Notes: https://securityweekly.com/vault-esw-5

Finally, in the enterprise security news,

1. Lots of new security startups with early stage funding
2. SentinelOne picks up Chris Krebs and Alex Stamos’s consulting firm
3. PE firm picks up ActiveState - a company I haven’t thought about since I last downloaded ActiveState Perl 1000 years ago
4. Microsoft announces the limited release of Security Copilot
5. Semgrep releases a secrets scanner
6. AGI predicted to come much sooner than you might expect
7. NY State doubles down on cybersecurity regulations to protect its hospitals
8. the young hackers behind Mirai, one of the biggest botnets ever
9. Ransomware groups snitch on businesses to the SEC

Show Notes: https://securityweekly.com/esw-340

We regularly cover significant breaches on this podcast, but it is rare that we have enough information about a major breach to cover in enough detail to devote an entire segment to. Today, we dive into lessons learned from the breach of Okta's customer support system that targeted some other major security vendors.

This is part of a troubling trend, where the target of an attack only serves as a jumping off point to other organizations. China's 2023 attack of Microsoft is an example of this. It was easier to attack Microsoft 365, one of the world's largest business SaaS platforms, than to go after each of the 25 individual targets these Chinese actors needed access to.

Traditionally, we've thought of lateral movement as something that happens within a network segment, or even within a single organization. Now, we're seeing lateral movement between SaaS platforms, between clouds, from third party vendors to customer, and even from open source project to open source adopters.

In this segment, we'll cover five key lessons learned from Okta's breach, from information shared by Okta and three of its customers: 1Password, Cloudflare, and BeyondTrust.

1. Protect Your Session Tokens
2. Monitor for Unusual Behavior
3. SaaS Vendors Are Common Targets
4. Zero Trust Principles Work
5. MFA Isn't a Binary (on or off) Control

Segment Resources

• https://www.valencesecurity.com/resources/blogs/five-lessons-learned-from-oktas-support-site-breach

Show Notes: https://securityweekly.com/esw-340

Once again, Theresa Lanowitz joins us to discuss Edge Computing, but with a twist this time, as Mani Keerthi Nagotu from SentinelOne joins us as well! As a field CISO, Mani knows all too well the struggles security leaders are going through, given the current market and threat landscape:

• Maybe not less budget, but more pressure to produce results and justify spending
• Security leaders being held personally accountable for performance
• Potential layoffs, and the need to achieve the same goals with less labor and tool overhead

Segment Resources

• https://cybersecurity.att.com/insights-report

This segment is sponsored by AT&T Cybersecurity. Visit https://securityweekly.com/attcybersecurity to learn more about them!

Show Notes: https://securityweekly.com/esw-340

During the news today, we went deep down the rabbithole of discussing security product efficacy. Adrian still doesn't believe in enterprise browsers beyond Google Chrome, but can't deny that Talon got a pretty favorable exit considering the state of the market. We see the first major exit for cybersecurity insuretechs, and discuss a few notable funding rounds.

We discuss Kelly Shortridge's essay on the origins and nature of the term "security" and what it means. Stephen Schmidt suggests 6 questions every board should ask their CISO, we explore Cyentia Labs' meta analysis of MITRE ATT&CK techniques, and Phil Venables shares some hilarious takes on infosec stereotypes.

Show Notes: https://securityweekly.com/esw-339

We've reached an inflection point in security. There are a handful of organizations regularly and successfully stopping cyber attacks. Most companies haven't gotten there, however. What separates these two groups? Why does it seem like we're still failing as an industry, despite seeming to collectively have all the tools, intel, and budget we've asked for?

Kelly Shortridge has studied this problem in depth. She has created tools (https://www.deciduous.app/), and written books (https://www.securitychaoseng.com/) to help the community approach security challenges in a more logical and structured way. We'll discuss what hasn't worked for infosec in the past, and what Kelly thinks might work as we go into the future.

Show Notes: https://securityweekly.com/esw-339

Today, we discuss the state of attack surface across the Internet. We've known for decades now that putting an insecure service on the public Internet is a recipe for disaster, often within minutes. How has this knowledge changed the publicly accessible Internet? We find out when we talk to Censys's Aidan Holland today.

Show Notes: https://securityweekly.com/esw-339

Oh, the HARror! Sanitizing HAR files is not as easy as some might lead you to believe. CISA funds Cyber.org for K-12 cyber education and ORNL creates a Center for AI Security Research (CAISER). Cloudflare creates a tool out of spite, and CISA creates a tool you shouldn't use in production? Biden's EO on "Safe, Secure, and Trustworthy AI" and the Top Five Things you need to know about how GenAI is used in Security Tools.

Five lessons learned form Okta's latest breach, should ransom payments be illegal, and why ransomware victims can't stop paying ransoms. We discuss the impact of the charges made against Solarwinds and its CISO by the SEC, the 2023 ISC2 Cybersecurity Workforce Survey, and Microsoft's latest open letter on security.

Finally we wrap up discussing a delicious $8M Series A for better bagels!

Show Notes: https://securityweekly.com/esw-338

This week, in the enterprise security news,

1. A funding that looks like an acquisition
2. And two for-sure acquisitions
3. Rumors that there are funding problems for early stage cyber startups, and we’ll see a lot more acquisitions before the end of the year
4. Speaking of rumors, Crowdstrike did NOT like last week’s Action1 acquisition rumor!
5. Shortening detection engineering feedback loops
6. HoneyAgents
7. More reflections on Black Hat 2024
8. The attacker does NOT just have to get it right once
9. and the defender does NOT have to get it right every time
10. Remember BEC scams? Yeah, they’re still enterprise enemy #1

All that and more, in the news this week on Enterprise Security Weekly!

Show Notes: https://securityweekly.com/esw-373

There is little to no organization of data within companies in 2023. We're all guilty of this at some level. The download folders and desktops on our personal machines are a mess. File servers, and cloud storage services are a mess. In Microsoft's recent data leak, AI researchers even had PC backups stored along side machine learning models for whatever reason.

Data is hard to classify, organize, and monitor. By designing for convenience, we've created convenience debt that now has to be paid down. In this segment we talk to Jackie McGuire about what needs to happen to accomplish this, at the enterprise level, and at scale.

Even if we can one day address the challenge of tracking and labeling data, we'll still have the challenge of addressing data integrity and resilience, which we'll also discuss if we have time!

Segment Resources: https://www.darkreading.com/risk/it-s-time-to-assess-the-potential-dangers-of-an-increasingly-connected-world-

Show Notes: https://securityweekly.com/esw-338

In this segment, we discuss the current state of the market recovery with Hank Thomas, founder of Strategic Cyber Ventures.

We've got market questions, like:

• What has changed in the last year?
• Are IPOs coming back any time soon?
• How large is the cybersecurity death pool?
• What do early and mid-sized startups need to do to survive in the current market?

Show Notes: https://securityweekly.com/esw-338

This week, we discuss Island's raise, unicorn status, and what that means for both the enterprise browser market and the cybersecurity market in general. We discuss Censys and the state of the external attack surface management market, or what they're trying to call, "exposure management". We discuss the details of the Okta breach in depth, and why we're worried about the larger impact it could have on the industry and vendor trust in general. Finally, we wrap up with some fun squirrel stories.

Show Notes: https://securityweekly.com/esw-337

In the age of remote and hybrid work, employees are now spending most of their time in the browser or virtual meetings, making the browser an increasingly important part of an enterprise's security strategy. According to Gartner, “By 2030, enterprise browsers will be the core platform for delivering workforce productivity and security software on managed and unmanaged devices for a seamless hybrid work experience.”

Learn more about:

• The browser's role in a business's security strategy
• How an enterprise browser can support your workforce
• Zero Trust Architecture and how businesses can enforce context-aware access controls and add customizable data loss prevention

Segment Resources:

• Complimentary Gartner Emerging Tech: Security – The Future of Enterprise Browsers Report
• Get started with Chrome Enterprise for free
• Learn about Google's Zero Trust solution, BeyondCorp Enterprise
• Customer spotlight: Check out the Google Cloud Next recording to hear how Snap is leveraging our secure enterprise browsing solution to protect their workforce
• How to contact us

This segment was sponsored by Google Chrome Enterprise. Visit https://securityweekly.com/chromeenterprise to learn more!

Show Notes: https://securityweekly.com/esw-337

In this interview, we talk to Chad Cardenas about why he created The Syndicate Group, which operates very differently from the typical VC firm with LPs and a collective fund to draw from. We'll discuss how the investor/startup relationship differs, and what the advantages of this model are.

Show Notes: https://securityweekly.com/esw-337

This week, in the enterprise security news,

1. AI dominates new funding rounds (I’m shocked. This is my shocked face.)
2. The buyer’s market continues, with lots of small acquisitions
3. SingTel sells off Trustwave at a significant loss
4. Yubico goes public (actually, a month ago, sorry we missed it)
5. Yubico can also now ship pre-registered security keys
6. New cybersecurity tools for board and exec-level folks
7. Lessons learned from recent ransomware attacks
8. Healthcare is increasingly under attack
9. A study on CISO tenure - longer than you might think!
10. Don’t miss today’s squirrel stories at the end!

All that and more, on this episode of Enterprise Security Weekly.

Show Notes: https://securityweekly.com/esw-336

One of the biggest challenges in security today is organizations' reluctance to share attack information. Perhaps legal teams are worried about liability, or maybe execs are just embarrassed about security failures. Whatever the reason, this trend makes it difficult for organizations to help each other. CrowdSec's mission is to make this process automated, anonymized, and seamless for security teams.

We talk to Phillip Humeau, one of CrowdSec's founders, about what it's like to build a such an unconventional cybersecurity business - one based around crowdsourcing and open source software.

Show Notes: https://securityweekly.com/esw-336

Today we interview Shane Sims, CEO of Kivu Consulting. We'll be talking about the current state of cybercrime and insights from incidents his consulting firm has recently worked. We'll discuss some of the latest stats and trends related to ransomware, as well as thoughts on future cybercrime trends. Shane will also share some stories from his time as an FBI agent, working undercover as a cybercriminal.

Segment Resources: Report - Mitigating Ransomware Risk: Determining Optimal Strategies for Business

Show Notes: https://securityweekly.com/esw-336

As long as there are profits to be made, cybercriminals will continue to monetize enterprise assets—whether they be devices, applications, data, or users. It only takes one weak or unknown asset to compromise an entire organization. Brian will discuss why enterprises need to move away from assumption-based approaches to asset data and decision making to evidence-based asset intelligence to secure their environments quickly, easily, and at scale.

This segment is sponsored by Sevco Security. Visit https://www.securityweekly.com/sevcoisw to learn more about them!

In this ISW interview, CRA's Bill Brenner catches up with Kevin Johnson of Secure Ideas for a chat about application security.

In this segment from ISW, Dakota State COO and General Counsel Stacy Kooistra talks to Bill Brenner about the university's effort create more cyber warriors.

Show Notes: https://securityweekly.com/esw-335

The world of AI is exploding, as excitement about generative AI creates a gold rush. We've already seen a huge number of new GenAI-based startups, products, and features flooding the market and we'll see a lot more emerge over the next few years. Generative AI will transform how we do business and how we interact with businesses, so right now is an excellent time to consider how to adopt AI safely.

Pamela Gupta's company literally has "trust" and "AI" in the name (Trusted.ai), so we couldn't think of anyone better to come on and have this conversation with.

Interview Resources:

• Trusted AI Website
• The NIST AI Risk Management Framework
• Pamela's Podcast - Trustworthy AI: De-Risk Business Adoption of AI

Show Notes: https://securityweekly.com/esw-335

With employees spending most of their working hours on the browser, web attacks are one of the biggest attack vectors today. Yet, both enterprises and security vendors today aren’t focused on securing the browser – a huge risk given that attackers can easily bypass Secure Web Gateways, SASE and SSE solutions.

This segment will demonstrate the importance of a browser-native solution, discuss the limitations of current solutions and how enterprises can better protect their employees from web attacks.

Segment Resources:

• DEF CON talk abstract
• Enterprise use cases for SquareX
• Data Sheet
• Why Browser Native Solutions are better than Cloud Based Proxies
• Blog on the Many Failures of Secure Web Gateways

This segment is sponsored by Square X. Visit https://securityweekly.com/squarexbh to learn how SquareX can protect your employees from web attacks!

The recent CrowdStrike outage and subsequent disruption tested organizations' resiliency and confidence as the world went offline. It served as a reminder that in an increasingly technology-dependent world, things will go wrong – but security leaders can plan accordingly and leverage emerging technologies to help minimize the damage.

In this interview, Tanium’s Vice President of Product Marketing Vivek Bhandari explains how AI and automation can help with remediation and even prevent similar outages from happening in the future, and breaks down the future of Autonomous Endpoint Management (AEM) as the solution for continuous cyber resilience in the face of disruption.

Segment Resources:

• The Future of Converged Endpoint Management is Autonomous Endpoint Management (AEM)

This segment is sponsored by Tanium. Visit https://securityweekly.com/taniumbh to learn more about them!

Show Notes: https://securityweekly.com/esw-373

There's a lot of talk about AI, especially with the rise of apps like ChatGPT. Despite there being a huge amount of hype, there are legitimately practical applications for leveraging AI concepts in meaningful ways to improve the efficiency and effectiveness of your cybersecurity program. We'll discuss a few examples and show you some ways to bring AI out of the hype and into a proper tool to empower your security and risk program.

This segment is sponsored by Tenable. Visit https://www.securityweekly.com/tenableisw to learn more about them!

Threat actors don’t think in silos and neither should cybersecurity solutions. In this fireside chat with Uptycs’ newly appointed CRO, Mike Campfield, learn why organizations need to adopt a consolidation approach to win in cyber security, why it’s important to “shift up,” and what Mike is most excited about in his new role.

This segment is sponsored by Uptycs. Visit https://www.securityweekly.com/uptycsisw to learn more about them!

Deidre Diamond, founder & CEO of CyberSN, talks about her efforts to address InfoSec burnout and the skills shortage impacting the industry.

Show Notes: https://securityweekly.com/esw-335

Each employee serves as a potential gateway to their organization, and the personal information of your workforce is readily accessible and exposed on the internet, making the organization susceptible to threats. DeleteMe is the solution that locates and eliminates personal data from the open web, safeguarding your organization.

This segment is sponsored by DeleteMe. Visit https://www.securityweekly.com/deletemeisw to learn more about them!

With all of the fancy tools, equipment, and logos most organizations are unable to understand where their data is and how it can be accessed. In the world of work from wherever and whenever orgs need a better handle on what this means. Ridge has worked to curate a set of solutions to meet and implement this need!

This segment is sponsored by Ridge IT Cyber. Visit https://www.securityweekly.com/ridgeitisw to learn more about them!

Why are we seeing a re-emergence of the demand for packet and flow-based forensic data in cloud environments? In this session, we’ll discuss three reasons why IT leaders still need the same if not even better visibility in the cloud than they have in their data centers.

We’ll also discuss the growing demand for Threat Exposure Management (TEM). Why does a leading analyst describe this as a transformation technology and how can you quickly visualize your environment the way the attackers do?

Segment Resources: https://www.viavisolutions.com/en-us/ptv/solutions/threat-exposure-management https://www.viavisolutions.com/en-us/ptv/solutions/high-fidelity-threat-forensics-remediation

This segment is sponsored by VIAVI Solutions. Visit https://www.securityweekly.com/viaviisw to learn more about them!

Show Notes: https://securityweekly.com/esw-334

On this week's news segment, we go down a bit of a rabbit hole on data lakes and have a GREAT conversation about where security data wrangling might or might not go in the future. We also discuss Nord Security's funding and $3B valuation, try to figure out what Synqly is doing, and discuss IronNet's demise.

We also find out which email solution is more secure (at least, according to insurance claim data), Google or Microsoft!

We wrap up, learning that forms of CAPTCHAs are apparently broken now, $3800 gets you a gaming PC in the shape of a sneaker, and someone has created the DevOps equivalent of dieselgate!

Show Notes: https://securityweekly.com/esw-334

In this segment, we'll explore some of the most useful lessons and interesting insights to come out of the last year's worth of breaches and data leaks! We'll explain why we will NOT be covering MGM in this segment. The breaches we will be covering include:

• Microsoft AI Research Data Leak
• Microsoft/Storm-0558
• CommutAir
• Riot Games
• Lastpass
• CircleCI
• RackSpace
• Drizly (yes, this breach is older, but the full story just wrapped a year ago!)

Show Notes: https://securityweekly.com/esw-334

This week, we changed things up a bit for the news segment and Allie Mellen joins us as a surprise guest host! We discuss Cisco's Splunk acquisition and what it means for Splunk customers, and "The Blob" - Allie's term describing the negative forces responsible for much of the overhyped marketing, silly trends, and substandard products we see in the industry.

Segment Resources:

Allie's blog on Cisco/Splunk:  https://www.forrester.com/blogs/splunk-is-good-for-cisco-but-cisco-needs-to-convince-splunk-customers-that-cisco-is-good-for-them/

Allie's blog on The Blob:  https://www.forrester.com/blogs/the-blob-is-poisoning-the-security-industry/

Show Notes: https://securityweekly.com/esw-333

The concept of Edge computing has evolved over the years and now has a distinct role alongside public cloud. Theresa Lanowitz, from AT&T Cybersecurity, and Chris Goettl from Ivanti join us to discuss what edge computing means for the market and for cybersecurity. Specifically, we'll discuss how:

• Strong use cases in the market today for edge computing
• Security's role in edge computing, as a relative newcomer to part of the broader planning process
• Edge computing requires new thinking about security because of its distributed nature

This segment is sponsored by AT&T Cybersecurity. Visit https://securityweekly.com/attcybersecurity to learn more about them!

Show Notes: https://securityweekly.com/esw-333

We ALL use SaaS. It has become ubiquitous in both our personal and professional lives. Somehow, the SaaS Security market has only recently began to emerge. Today's interview with Yoni Shohet, co-founder and CEO of Valence Security, aims to understand why it has taken so long for SaaS Security products to come to market, what that market currently looks like, and what a SaaS Security product actually does.

Show Notes: https://securityweekly.com/esw-333

This week we talk about finding, acquisitions and the state of the market. If you're interested in cybersecurity market discussion, this is the episode for you.

We also discuss what makes a cybersecurity influencer.

Show Notes: https://securityweekly.com/esw-332

If you've ever played Dungeons & Dragons, you probably know that the quality of the experience depends on how prepared, experienced, and talented the Dungeon Master is.

Today, we'll talk to InfoSec DM and practitioner extraordinaire Ryan Fried about some of the key elements that separate a good cybersecurity tabletop exercise from a bad one! This is literally his day job at Mandiant, and it doesn't hurt to have one of the world's largest libraries of attacker TTPs and the collective lessons learned from thousands of actual incident response experiences.

Show Notes: https://securityweekly.com/esw-332

Forrester Research releases a few annual reoccurring cybersecurity reports, but one of the biggest that covers the most ground is the Security Risk Planning Guide, which was recently released for 2024. One of the report's 17 authors, and research director, Merritt Maxim, will walk us through the report's most interesting insights and highlights. This is going to be considerably interesting considering some of this year's trends impacting security teams:

• An economic downturn, resulting in layoffs and budget freezes
• The widespread proliferation of generative AI technology
• The relentless and resilient nature of cybercrime, despite some notable law enforcement wins
• Ongoing discussion about the role and relevance of SOCs, CISO's, as well as the security department place in today's enterprise
• Increased enterprise reliance on SaaS and Cloud, as vendors and service providers continue to struggle with securing their products and services

Show Notes: https://securityweekly.com/esw-332

Many cybersecurity experts are calling recent attacks on healthcare more sophisticated than ever. One attack disrupted prescription drug orders for over a third of the U.S. and has cost $1.5 billion in incident response and recovery services. Separately, an operator of over 140 hospitals and senior care facilities in the U.S. was also victimized. These attacks are becoming all too common. Disruptions can lead to life-and-death situations with massive impacts on patient care. All industries, especially healthcare, have to better prepare for ransomware attacks. Are you ready to turn the tables on threat actors? Marty Momdjian, Semperis EVP and General Manager provides advice on how hospitals can regain the upper hand.

This segment is sponsored by Semperis. Visit https://securityweekly.com/semperisbh to learn more about them!

The annual report details the latest ransomware attack trends and targets, ransomware families, and effective defense strategies. Findings in the report uncovered an 18% overall increase in ransomware attacks year-over-year, as well as a record-breaking ransom payment of US$75 million – nearly double the highest publicly known ransomware payout – to the Dark Angels ransomware group.

Segment Resources: For a deeper dive into best practices for protecting your organization and the full findings, download the Zscaler ThreatLabz 2024 Ransomware Report Link below - https://zscaler.com/campaign/threatlabz-ransomware-report

This segment is sponsored by Zscaler. Visit https://securityweekly.com/zscalerbh to learn more about them!

Show Notes: https://securityweekly.com/esw-372

In this news segment, we start off by discussing funding, acquisitions, and Ironnet's unfortunate demise. We discuss Gmail's new, extra verifications for sensitive actions and Lockheed Martin's Hoppr SBOM and software supply-chain utility kit. We get into CISA's roadmap to help secure open source software, and their offer to run free vulnerability scans for the United States' 150,000+ water utilities. Then, discussion turns back to some more negative items with Brazil's self-inflicted $11 billion dollar data leak, and the MGM/Caesar's ransomware attacks, which seem like they could have a common attacker and initial attack vector (a shared IT support company, perhaps). We also discuss Microsoft's post mortem on the Storm-0558 attack. Kelly Shortridge wants to know, "why are you logging into production hosts", someone is submitting garbage CVEs, and Mozilla finds that privacy policies from auto manufacturers are a privacy TRAIN WRECK. Finally, we wrap up discussing tools that can detect deepfake audio, as well as the likelihood that this will be the start of a game of leapfrog, as deepfakes get increasingly better over time. And we discuss Delphi's offer to create a 'digital clone' of you that could live on forever, haunting your descendants.

Show Notes: https://securityweekly.com/esw-331 

We talk to Chris Sanders today, who has been steeped in the world of SecOps and detection/response for many years. After many years of writing books and training folks in the cybersecurity industry, he started delving into cognitive psychology and educational effectiveness. He leverages this knowledge in the training classes he builds and delivers. Today we'll discuss why it seems like defenders are still failing, despite the security industry largely (and arguably) receiving the resources it has been requesting.

Show Notes: https://securityweekly.com/esw-331 

Discussing ways to ensure client success with MDR and discuss the ways organizations hurt MDR efficacy with overly broad global exclusions, poor deployment practices, and poor policy hygiene.

This segment is sponsored by Sophos. Visit https://securityweekly.com/sophos to learn more about them!

Show Notes: https://securityweekly.com/esw-331 

Check out this interview from the ESW Vault, hand picked by main host Adrian Sanabria! This segment was originally published on November 18, 2022. This segment will focus on (1) Why Did Sephora Get Fined $1.2M and Why Are They on Probation? (2) Why Data Privacy is Being Overhauled in 2023 (and How You Can Be Ready)

Segment Resources:

• https://www.consumerreports.org/electronics-computers/privacy/i-said-no-to-online-cookies-websites-tracked-me-anyway-a8480554809/ 
• https://www.geekwire.com/2022/the-bittersweet-serendipity-that-gave-these-two-startup-leaders-a-shared-mission-in-online-privacy/
• https://www.boltive.com/blog/why-having-a-consent-management-platform-is-not-enough
• https://www.boltive.com/blog/bracing-for-2023-privacy-laws
• https://ceoworld.biz/2022/07/03/three-ways-your-data-is-leaking-in-advertising-and-how-to-avoid-it/

Show Notes: https://securityweekly.com/vault-esw-4 

In this interview, Raghu discusses the specific challenges in securing the cloud and how to overcome them. He shares how to make your life easier by making security a team sport, how to gain the visibility you need across clouds, data centers, and endpoints, and how to get a return on your cloud security investments.

This segment is sponsored by Illumio. Visit https://securityweekly.com/illumiobh to learn more about them!

It’s no secret that the attack surface is increasing and the best defense is one that’s matched to the most relevant risks. Through proactive and reactive research, The SafeBreach Labs team helps customers discover their most critical threats and security gaps by building the industry’s most current and complete playbook of attacks. In this session, SafeBreach Director of Research Tomer Bar will share how attacks are conducted, which APT group have been the most active, and how breach and attack simulation can help teams think like an adversary and leverage recent vulnerabilities to gain accurate insights.

Segment Resources: https://www.safebreach.com/safebreach-labs/

This segment is sponsored by SafeBreach. Visit https://securityweekly.com/safebreachbh to learn more about them!

Show Notes: https://securityweekly.com/esw-330 

There's still serious, late stage funding for compelling tech in cybersecurity, SpyCloud proves with it's $110M Series D. We discuss the SentinelOne/Wiz merger rumors. Sadly layoffs and even company failures are still occurring, thought Tyler thinks the market downturn is close to bottoming out. NordVPN spins off an AI skunkworks called NordLabs. The Browser Company has a great company vision page that's worth checking out. Two interesting LLM prompt-related tools to check out are PIPE and promptmap (both on github). Brazilian phone spyware WebDetetive (sic) gets hacked and all victim data deleted. US takes down QakBot and *removes* it from infected systems! Finally, a homing pigeon proves that birds are faster than gigabit Internet :D

Show Notes: https://securityweekly.com/esw-330 

Having direct visibility into your access data is crucial for two reasons: 1. Simplifying audit preparation and 2. Managing progress of your identity program to ensure peak performance. Internal auditors and compliance managers need easy access to granular data points to understand and demonstrate compliance to external agencies. Gaining access to real time data creates a great deal of autonomy for audit and identity teams to be able to delve deep into their identity programs and prove compliance. However, making the data available even internally can put organizations at risk for data leaks and data policy violations. Erik will outline how companies can gain access to their current identity search and dashboard data and be able to query in their preferred BI tool based on their own data privacy policies and business needs, significantly reducing risk.

This segment is sponsored by SailPoint. Visit https://securityweekly.com/sailpoint to learn more about them!

Show Notes: https://securityweekly.com/esw-330 

During this segment, Jon will explore today’s ransomware economy players from IABS to RaaS affiliates, to money launders and now C2Ps. For the discussion, Jon will leverage Halcyon’s latest research, which demonstrates a new technique to uncover how C2Ps, like Cloudzy, are used to identify upcoming ransomware campaigns and other advanced attacks. The research revealed that Cloudzy, knowingly or not, provided services to attackers while assuming a legitimate business profile. Threat actors that leveraged Cloudzy include APT groups tied to the Chinese, Iranian, North Korean, Russian, Indian, Pakistani, and Vietnamese governments; a sanctioned Israeli spyware vendor whose tools are known to target civilians; several criminal syndicates and ransomware affiliates whose campaigns have spurred international headlines.

This segment is sponsored by Halcyon. Visit https://securityweekly.com/halcyonbh to learn more about them!

In this session, Snehal will discuss several real-world examples of what autonomous pentesting discovered in networks just like yours. You’ll hear more about how fast and easy it was to safely compromise some of the biggest (and smallest) networks in the world - with full domain takeover in a little more than a few hours. Learn how you can safely do the same in your own network today!

This segment is sponsored by Horizon3.ai. Visit https://securityweekly.com/horizon3aibh to learn more about them!

In this Black Hat 2023 interview, CRA’s Bill Brenner and Sophos’ John Shier discuss the company’s latest research on the Royal ransomware gang. Though Royal is a notoriously closed off group that doesn’t openly solicit affiliates from underground forums, granular similarities in the forensics of the attacks suggest all three groups are sharing either affiliates or highly specific technical details of their activities.

This segment is sponsored by Sophos. Visit https://securityweekly.com/sophosbh to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw-329 

Record funding levels over the last two weeks top 2023 and the same time last year. We discuss Palo Alto's plans for the future, CISA's analysis of the LAPSUS$ hacking group, and the uselessness of Quantum Security pitches. Chrome adds the ability to alert users about malicious extensions. A great post from Thinkst has us talking about why vendors (and buyers) need to be careful about default behaviors and documentation. You won't want to miss the excellent squirrel story - a front end for Reddit that looks like Microsoft Outlook.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw-329 

Incredibly, the seemingly simple task of managing corporate-owned devices is still a struggle for most organizations in 2023. Maybe best MDM for Mac doesn't work with Windows, or the best MDM for Windows doesn't work with Mac. Maybe neither have Linux support. Perhaps they don't provide enough insight into the endpoint, or control over it. Whatever the case, security leaders never seem satisfied with their MDM solution and are always investigating new ones. Now, Kolide has stepped in with a unique approach to device management, combining the flexibility and industry support for OSQuery and built to integrate with IdP giant Okta. We discuss Kolide's entrance into the device management space and the current state of MDM - what's wrong with it, and how does Kolide propose to fix it?

This segment is sponsored by Kolide. Visit https://securityweekly.com/kolide to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw-329 

Devo, the security analytics company, recently launched data orchestration, a data analytics cloud, and security operations center (SOC) workflow enhancements. Enterprise security teams are struggling with growing data volumes—and they’re also up against headcount and budget constraints. These solutions offer security teams data control, cost optimizations, and efficient automation for better security outcomes.

Segment Resources: https://www.devo.com/defend-everything/

This segment is sponsored by Devo. Visit https://securityweekly.com/devobh to learn more about how Devo's new solutions can streamline your security operations.

As security monitoring has gotten more mature over the years, remediating security vulnerabilities is still stuck in the dark ages requiring mountains of CVE reports and thousands of manual tasks to be done by network engineers at the wee hours of the nights and weekends. Cyber resilience requires a more continuous approach to remediation, one that does not depend on manual work but also one that can be trusted not to cause outages.

This segment is sponsored by BackBox. Visit https://securityweekly.com/backboxbh to learn more about them!

Show Notes: https://securityweekly.com/esw-372

The rapid growth of APIs used to build microservices in cloud-native architecture has left many enterprises in the dark when it comes to knowing where, how many, and what types of APIs they have. With multiple teams creating their own API endpoints without shared visibility or governance, exposed APIs can become a critical threat vector for hackers to exploit. Edgio's new advanced API security capabilities give customers integrated and unparalleled protection at the edge, protecting APIs that are critical to modern businesses. Edgio delivers these services as part of its fully integrated holistic Web Application and API protection solutions giving customers the ability to respond to threats quicker. An edge-enabled holistic security platform can effectively reduce the attack surface, and improve the effectiveness of the defense while reducing the latency of critical web applications via its multi-layered defense approach. Edgio's security platform “shrinks the haystacks” so that organizations can better focus on delivering key business outcomes.

This segment is sponsored by Edgio. Visit https://securityweekly.com/edgiobh to learn more about them!

Offensive security is a proactive approach that identifies weaknesses using the same exploitation techniques as threat actors. It combines vulnerability management with pen testing and red team operations to “expose and close” vulnerabilities before they are exploited.

This segment is sponsored by Fortra. Visit https://securityweekly.com/fortrabh to learn more about them!

Join us at Black Hat as we delve into the world of Managed Detection and Response (MDR) providers. In this podcast, we'll explore the critical factors to consider when selecting an MDR provider, uncover the common shortcomings in their services, and discuss the necessary evolution required to ensure ongoing effectiveness and enhanced value for customers. Get ready to unravel the complexities of MDR and gain insights into the future of this vital cybersecurity solution.

This segment is sponsored by Critical Start. Visit https://securityweekly.com/criticalstartbh to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw-328 

As more organizations explore edge computing, understanding the entire ecosystem is paramount for bolstering security and resiliency, especially within a critical industry like healthcare. In this segment, Theresa Lanowitz, Head of Cybersecurity Evangelism at AT&T Business, will provide a deep dive into the state of edge computing—specifically, how it is revolutionizing healthcare.

This segment is sponsored by AT&T Cybersecurity. Visit https://securityweekly.com/attcybersecuritybh to learn more about them!

With Active Directory (AD) exploited in 9 out of 10 cyberattacks, delaying AD modernization—especially after a merger or acquisition—can compound security risks. Security is the most compelling reason to migrate to a pristine AD forest or perform an AD forest or domain consolidation, but many organizations delay such projects due to the effort and planning they require. We talk with Mickey Bresman about the keys to a smooth and secure AD modernization strategy.

This segment is sponsored by Semperis. Visit https://securityweekly.com/semperisbh to learn more about them!

Security organizations are increasingly adopting data lakes and cloud services as additions or alternatives to traditional SIEMs, but face challenges like scarcity of data engineering expertise and high data ingestion and cloud compute costs. To overcome these, a new security data stack is emerging, guided by models like SecDataOps and supported by solutions like Tenzir. In this segment, we will be talking about what is driving the heavy use of data in security operations, why that is stressing traditional security operations tools and processes, and what some early-adopter organizations are doing to meet these challenges.

This segment is sponsored by Tenzir. Visit https://securityweekly.com/tenzirbh to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw-328 

In the enterprise security news,

1. Check Point buys Perimeter 81 to augment its cybersecurity
2. 2023 Layoff Tracker: SecureWorks Cuts 300 Jobs
3. Hackers Rig Casino Card-Shuffling Machines for ‘Full Control’ Cheating
4. ‘DoubleDrive’ attack turns Microsoft OneDrive into ransomware
5. NYC bans TikTok on city-owned devices 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw-328