Explore every episode of the podcast The Security Swarm Podcast
| Title | Pub. Date | Duration | |
|---|---|---|---|
| Top Spear Phishing Methods | 27 Sep 2024 | 00:34:19 | |
In this episode of the Security Swarm Podcast, host Andy Syrewicze and guest Romain Basset dive into the top spear phishing methods used in both the enterprise space and across all businesses, based on internal research conducted by Hornetsecurity. The conversation covers spear phishing techniques, including initial contact, tax/W2, C-suite/CEO, lawyer, banking, and gift card fraud. They analyze the differences in the prevalence of these methods between enterprises and smaller businesses and provide insights on how organizations can combat these threats through training and robust processes. Do you want to join the conversation? Join us in our Security Lab LinkedIn Group! Key Takeaways:
Timestamps: (03:26) Discussion on initial contact fraud (07:12) Exploration of tax fraud and W-2 phishing (13:35) Examination of C-suite fraud and the importance of processes (19:25) Lawyer Fraud and Enterprise vs. SMB Differences (23:47) Banking Fraud and Processes (26:39) Gift Card Fraud Episode Resources: What is a Spear Phishing attack? The Top 5 Spear Phishing Examples and Their Psychological Triggers -- Hornetsecurity's Phishing Simulation, as part of its Security Awareness Service, is invaluable for organizations looking to protect themselves from the evolving spear phishing threats discussed in this episode. This solution provides realistic phishing simulations and comprehensive security awareness training, enabling employees to recognize and respond effectively to spear phishing attempts. By fostering a culture of security awareness, SAS is crucial for businesses aiming to strengthen their overall security posture and mitigate the risk of successful phishing attacks. | |||
| Data Broker Breaches - Insider Threats and More | 19 Sep 2024 | 00:40:27 | |
In this episode of the Security Swarm Podcast, host Andy Syrewicze and guest Eric Siron provide a comprehensive monthly threat review. They cover several major cybersecurity incidents and trends from the past month, including:
They also touch on the topics of vendor risk management and the history of election tampering and provide recommendations for organizations to mitigate these threats. In conclusion, EP62 provides valuable insights into the ever-changing cybersecurity landscape and offers practical advice for security professionals. Do you want to join the conversation? Join us in our Security Lab LinkedIn Group! Key Takeaways:
Timestamps: (03:17) The National Public Data Breach (12:21) The Issues with Social Security Numbers (18:02) The Danger of Insider Threats (27:10) The Risks of Vendor Dependence (34:12) Recommendations for Protecting Against Threats Episode Resources: In-depth analyses from Hornetsecurity’s Security Lab #StopRansomware: RansomHub Ransomware | CISA Passkeys in Microsoft Entra: Benefits, Implementation Tips & More (hornetsecurity.com) How Threat Actors Tamper with Elections (hornetsecurity.com) -- Secure your organization against the evolving threat landscape! Discover how Hornetsecurity's Advanced Threat Protection, Security Awareness Service, and 365 Total Protection can safeguard your business from data breaches, insider threats, and more. Learn more and protect your organization today! | |||
| Microsoft’s Security Saga Continues: Insights from Whistleblower | 22 Jul 2024 | 00:35:42 | |
In this episode, Andy sits down once again with Paul to continue their conversation about Microsoft’s struggles with security. The episode focuses on a recent report from ProPublica about a Microsoft whistleblower named Andrew Harris. The report alleges that Microsoft was aware of a serious vulnerability in its on-premises Active Directory Federation Services (ADFS) software that could have enabled the SolarWinds supply chain attack, but chose not to fix it or disclose it to customers. Andy and Paul discuss how Microsoft's focus on new features and cloud growth over security, as well as the desire to win lucrative government contracts, may have contributed to this decision. They also touch on the challenges faced by Microsoft's security response team and the broader issue of security being seen as a cost center rather than a profit driver. Key Takeaways:
Timestamps: (02:22) - Explaining the Whistleblower's Allegations and the SolarWinds Attack (07:32) - Vulnerability in ADFS and Microsoft's "Security Boundaries" Argument (13:06) - Why Was the Issue Swept Under the Rug? (19:16) - The Challenges Faced by the Microsoft Security Response Center (MSRC) (26:24) - Satya Nadella's Comments on Prioritizing Security over New Features (27:38) - The Controversy Around the "Recall" Feature in Windows 11 Episode Resources: | |||
| Summer Olympics 2024: How and Why Threat Actors Target the Games | 12 Jul 2024 | 00:30:00 | |
In this episode of the Security Swarm podcast, host Andy is joined by Romain Basset from Hornetsecurity to discuss the cybersecurity implications of the upcoming 2024 Olympic Games in Paris, France. The conversation explores how the geopolitical landscape, with ongoing global tensions and conflicts, creates a high-profile stage that threat actors may target for hacktivism, financial gain, or destabilization. Throughout the episode, they highlight the increased risks leading up to the 2024 Games, noting that French infrastructure has already been targeted by various threat actor groups, including DDoS attacks. They discuss the blurring lines between cybercrime and geopolitical threats, with many threat actors now engaging in both financially and politically motivated attacks. Key takeaways:
Timestamps: (01:15) - Why Cybersecurity is Important for the Olympics (02:25) - Geopolitical Tensions and Threat Actors (04:31) - Potential Cyber Attacks - Scams, Extortion, Disinformation (06:50) - The 2018 Pyeongchang Olympics Cyber Attack (12:48) - False Flags and Attribution Challenges (16:05) - Overlap Between Cybercrime and Geopolitical Destabilization (19:13) - Real-World Impacts of Geopolitical Cyber Tensions (23:08) - Cybersecurity Best Practices and Advice Episode Resources: Read our blog about Russia’s notorious history of attacking the Olympics Protect your business before it’s too late with 365 Total Protection Train your users to spot phishing emails during the Olympics with Security Awareness Service | |||
| Celebrating 50 Episodes: A Review of our Top Security Discussions (PT2) | 03 Jul 2024 | 00:32:54 | |
For our 50th episode of the Security Swarm Podcast, Andy and Eric Siron look back at the last 49 episodes of the show. They go through some core security topics and discuss whether they’re still relevant, how they’ve changed in comparison to the evolving threat landscape and provide updates on some of the major stories discussed. This is part 2 of a 2-part episode. | |||
| Celebrating 50 Episodes: A Review of our Top Security Discussions (PT1) | 27 Jun 2024 | 00:31:12 | |
For our 50th episode of the Security Swarm Podcast, Andy and Eric Siron look back at the last 49 episodes of the show. They go through some core security topics and discuss whether they’re still relevant, how they’ve changed in comparison to the evolving threat landscape and provide updates on some of the major stories discussed. This is part 1 of a 2-part episode, with part 2 coming next week. Key Takeaways:
Timestamps: (00:31) Using ChatGPT to create ransomware - still a relevant and evolving topic (02:22) How tech pros should handle security news and zero-days (09:09) The re-emergence of Emotet and the challenges of disrupting botnets (12:04) The persistent problem of social engineering and email attacks (13:25) The importance of immutability and backups against ransomware (16:29) The security of Microsoft 365 (19:35) Deep dive on the QuickBot malware (20:20) The necessity of advanced threat protection (ATP) (22:58) Guidance on effective security awareness training (25:41) Tips for IT admins on working with CISOs (26:07) Microsoft's throttling of legacy on-premises Exchange servers (28:11) Discussing Episodes 12 and 13, recorded live at InfoSecurity Europe, on compliance and security horror stories
| |||
| OSINT in The Hands of Hackers | 19 Jun 2024 | 00:32:59 | |
In this episode of the Security Swarm Podcast, host Andy is joined by Romain Basset, the Director of Technology Strategy at Hornetsecurity. They’re exploring the topic of Open-Source Intelligence (OSINT) - what it is, how threat actors use it to launch effective attacks, and the dangers it poses. Throughout the episode, they discuss the ease with which OSINT can gather information using AI and other tools and provide examples of how it can be used in phishing, business email compromise, and even deep fake attacks. The conversation also touches on the importance of privacy awareness and security awareness training to mitigate these threats. Key Takeaways:
Timestamps: (02:24) - Definition of OSINT (07:17) - How AI makes OSINT-powered attacks easier (15:22) - Using OSINT to target organizations (25:35) - Mitigating OSINT-powered attacks Episode Resources: Train your users with a personalised Security Awareness Service Business Email Compromise: The $43 Billion Scam
| |||
| The Security Implications of Migrating from VMware | 14 Jun 2024 | 00:46:59 | |
In this episode of the Security Swarm Podcast, host Andy and recurring guest, Paul, talk about the challenges and opportunities organizations face amidst the Broadcom acquisition of VMware. They discuss the steep price hikes for VMware licenses and the security vulnerabilities recently discovered in VMware products. This acquisition has prompted many businesses to consider alternative solutions, and the episode provides a comprehensive overview of the available options within the Microsoft ecosystem. They cover a range of migration strategies, including moving to the Microsoft ecosystem through Azure, Azure Stack HCI, and on-premises Hyper-V solutions. Andy and Paul offer valuable insights into ensuring a secure and seamless transition away from VMware, making this episode essential listening for IT professionals navigating these significant changes. Key takeaways:
Timestamps: (02:51) - Vulnerabilities in VMware (07:30) - Migrating to the Microsoft Ecosystem (13:38) - On-Premises Microsoft Options (38:45) - Security Considerations for Migrations (44:52) - Pragmatic Approach to Platform Selection Episode Resources: Microsoft and Broadcom to Support License Portability Paul’s article on options for migrating from VMware to Microsoft | |||
| New Threat Campaign Distributing DarkGate Malware & The Massive 911 S5 Botnet Takedown | 10 Jun 2024 | 00:38:40 | |
In this episode of the Security Swarm Podcast, host Andy and recurring guest Eric Siron discuss the Monthly Threat Review for June 2024. They explore a new threat campaign distributing the Darkgate Malware using a technique called pastejacking. Additionally, they touch upon the 911 S5 Proxy Botnet takedown and how threat actors are exploiting Stack Overflow to distribute malware. Key takeaways:
Timestamps: (03:15) - Insights into Email Threat Trends and Industry Targeting in Cybersecurity Landscape (13:15) - Unveiling New Cybersecurity Threat Campaign using Pastejacking (23:31) - Massive Botnet Take Down and Arrest of Operator: A Victory Against Cybercrime (29:29) - Beware of Malicious Packages: A Cautionary Case Study from Stack Overflow Episode Resources: | |||
| Windows Server 2025: New Security Features Revealed | 31 May 2024 | 00:46:14 | |
In this podcast episode, Andy and Paul discuss the upcoming release of Windows Server 2025 and the myriad security enhancements it will bring. They delve into various topics such as improvements to Active Directory, delegated managed service accounts, Kerberos protocol enhancements, SMB enhancements, hot patching, REFS file system for confidential computing, and extended security updates. Key takeaways:
Timestamps: (07:05) - Enhancements in Active Directory Security and Numa Support: A Deep Dive (13:19) - Revolutionizing Service Accounts: Delegated Managed Service Accounts Explained (20:28) - Revamping Windows Server Security: Say Goodbye to NTLM and Hello to Kerberos (28:15) - Revolutionizing SMB with Quick Protocol and Hot Patching in Windows Server 2025 (32:34) - Revolutionizing Patching with Hot Patching in Windows Server and Azure (36:02) - Revolutionizing Data Protection with Resilient File System and Confidential Computing (39:34) - Exploring Confidential Compute, Server Upgrades, and Extended Security Updates in Windows Server Environment (42:37) - Windows Server 2025 Release Date Speculations and Future Episode Teasers Episode Resources: What’s new in Windows Server 2025 from MS Learn | |||
| Passkeys in Microsoft Entra: Benefits, Implementation Tips & More | 23 May 2024 | 00:35:16 | |
In this episode of the Security Swarm Podcast, our host Andy and guest speaker Jan Bakker discuss passkeys in the Microsoft ecosystem. They cover topics such as the definition of passkeys, prerequisites, tips for implementation, and the user experience. They also highlight the user-centric enrollment process, the role of conditional access, and the potential challenges and advantages of transitioning to passkeys. Key takeaways:
Timestamps: (03:04) - Unlocking the Future of Passkeys and the Evolution of Authentication (06:18) - Exploring the Security Benefits of Device Bound and Syncable Passkeys (14:54) - How to Prepare for Passkeys in Microsoft 365 (23:03) - Navigating the Rollout of Passkeys for Enhanced Security: Admins vs End Users (29:03) - Maximizing Security with Passkeys, Conditional Access, and Authentication Policies (33:01) - Unveiling the Convenience of Device-Bound Passkeys in Vasquez for Microsoft 365
Episode Resources:
| |||
| Did the CSRB Force Microsoft's Hand on Security? | 15 May 2024 | 00:47:32 | |
Microsoft has recently been criticized for not prioritizing security enough. Following the CSRB's Report on the Storm-0558 attack, Microsoft announced that security is now a top priority, with a commitment to address security issues before new product innovations. In this podcast episode, Andy and Paul Schnackenburg discuss the blog post which analyzes the Secure Future Initiative and its advancements. The conversation brings up the burning question: Was it the Cyber Safety Review Board (CSRB) that catalyzed Microsoft’s proactive stance on security? Key takeaways:
Timestamps: (06:52) Key Insights from Charlie Bell’s Blog Post Addressing Cyber Security Concerns (11:22) Enhancing Security Measures in Response to the CSRB’s Report (21:22) Top Security Practices for Protecting Tenants and Production Systems (24:46) Enhancing Cloud Security with Micro Segmentation and Software Supply Chain Protection (30:44) Challenges and Considerations in Cloud Security Logging and Storage (34:37) Enhancing Cloud Security with Microsoft Sentinel and Vulnerability Reporting (37:37) Unveiling Common Vulnerabilities and the Importance of Secure Authentication in Cloud Environments (42:34) Analyzing Microsoft's Response to a Security Incident Episode Resources: The Blog Post from Charlie Bell | |||
| The Complexity and Confusion of the Defender Ecosystem | 12 Sep 2024 | 00:40:34 | |
In this episode of the Security Swarm Podcast, host Andy Syrewicze and our regular guest, Paul Schnackenburg, provide a comprehensive overview of the Microsoft Defender ecosystem. They cover the various Defender products, including:
They also discuss the "Defender adjacent" services like Microsoft Entra (identity), Microsoft Purview (data security/governance), and Microsoft Defender for Cloud Apps (CASB). A key focus of the discussion is the complexity and management challenges that come with this expansive Defender suite. The host and the guest note the large number of different management portals, the difficulty of adequately configuring and leveraging all the features, and the need for dedicated security teams to utilize these enterprise-grade tools fully. Further down the line, Andy and Paul explore the significant value that third-party security solutions can provide in augmenting or simplifying the M365 security experience. They highlight how third-party tools can offer easier deployment, management, and specialized capabilities that may be outside the core focus of the broader Defender ecosystem, thereby enhancing the overall security posture of an organization. Overall, this episode takes a deep dive into the Microsoft Defender landscape, exploring the pros and cons of the comprehensive suite and offering insights on how organizations can optimize their security with a mix of Microsoft and third-party solutions. Do you want to join the conversation? Join us in our Security Lab LinkedIn Group! Key Takeaways:
Timestamps: (02:00) Overview of the Microsoft Defender ecosystem (07:00) Differences between Microsoft Defender for Endpoint P1, P2, and Business Premium (13:00) Explanation of Microsoft Defender for Identity and its on-premises vs cloud components (19:00) Discussion of Microsoft Defender Vulnerability Management and its challenges for small/medium businesses (32:00) Value that third-party security solutions can provide compared to the Microsoft Defender suite Episode Resources: Security Swarm Episode on M365 Security Licensing -- Overwhelmed by the complexity of the Microsoft Defender ecosystem? Simplify your Microsoft 365 security, risk management, governance, compliance, and backup with 365 Total Protection by Hornetsecurity. | |||
| Microsoft's SFI Expansion, UK's New PSTI Law & Updates on Change Healthcare Attack | 09 May 2024 | 00:45:09 | |
In this week's episode, Andy and guest Eric Siron discuss the cybersecurity landscape based on data from the Monthly Threat Report for May 2024. They cover a range of news items, including Microsoft's recent announcement to expand the Secure Future Initiative, the new PSTI (Product Security and Telecommunications Infrastructure) Act in the UK and a significant brand impersonation campaign targeting the German financial entity Commerzbank. Additionally, they provide updates on the Change Healthcare ransomware attack. Key takeaways:
Timestamps: (04:02) Insights from the Latest Monthly Threat Report: Decrease in Email Threats, Top Targeted Industries, and Impersonated Brands (14:02) Breaking Bad Habits: QR Codes, OAuth, and User Training (15:18) Microsoft's Security Issues and Response to CSRB’s Criticism: Committed to Improve Security (25:23) New UK Law Mandates Security Standards for Consumer IoT Devices (34:02) Impact of Ransomware Attack on Change Healthcare and the Dilemma of Paying Ransom
Episode Resources: Full Monthly Threat Report May 2024 Sharpen your Instincts with Security Awareness Training
| |||
| A Breakdown of CSRB's Findings on Microsoft Storm-0558 Breach (PART 2) | 02 May 2024 | 00:28:38 | |
Today’s episode of the Security Swarm Podcast is a continuation from last week’s episode where Andy and Paul discussed the CSRB’s findings on Microsoft’s Storm-0558 Breach. In their discussion, they continue picking apart the findings and providing their insights. Episode Resources: | |||
| A Breakdown of CSRB's Findings on Microsoft Storm-0558 Breach (PART 1) | 26 Apr 2024 | 00:32:13 | |
In this episode of The Security Swarm Podcast, Andy and Paul discuss the Cyber Safety Review Board's findings of the Microsoft Storm-0558 breach. During the episode, they talk about the implications of the breach and explore Microsoft’s security culture, stressing the need to prioritize robust security measures over rapid feature developments. Key Takeaways:
Timestamps: (10:07) - Microsoft's Security Culture: Past, Present, and Future (15:45) - Uncovering Lack of Transparency and Accountability in Major Cloud Vendors (20:09) - Microsoft's Security Standards: A Critical Assessment and Call for Action (28:53) - A Discussion on Cloud Audit Logging Episode Resources: Cyber Safety Review Board Report Microsoft Trustworty Computing Memo
| |||
| The XZ Utils Backdoor, CSRB's Report on Storm-0558 & More | 16 Apr 2024 | 00:43:18 | |
In this episode of the Security Swarm Podcast, our host Andy Syrewicze discusses the key findings from Hornetsecurity’s Monthly Threat Report with guest Michael Posey. The Monthly Threat Report is a valuable resource that provides monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space. In this episode, Andy and Michael talk about recent security events such as the Cyber Safety Review Board's (CSRB) report assessment of the Storm-0558 attack, the FTC’s reports on impersonation attacks, and an alarming potential supply chain attack on the XZ Utils package in open-source Linux distributions. Key takeaways:
Timestamps: (05:26) - Rising Trends in Email Threats and Cybersecurity Impersonation Tactics (15:26) - The Importance of Email Security and Supply Chain Attacks in Today's Cyber Landscape (18:12) - Uncovering the Storm-0558 Breach: Analysis and Recommendations (27:33) - FTC Reports on Impersonation Attacks and the Importance of End User Training in Cybersecurity (34:25) - Major Security Threat Uncovered in XZ Utils Package in Open Source Linux Distributions (40:22) - Insights on Cybersecurity Issues and Mitigations Episode Resources: | |||
| Security Risks of Always On Remote Access | 09 Apr 2024 | 00:35:33 | |
In this episode of The Security Swarm Podcast, host Andy Syrewicze is joined by Matt Lee from Pax8 to discuss the risks associated with deploying always on remote access software on managed endpoints. The conversation spans various topics, including Matt Lee's extensive background in the MSP space, where he shares insights gained from his experience with a mass ransomware event. Together, they explore the risks and implications of constant remote access, emphasizing the need for organizations to adopt a more proactive stance toward cybersecurity. Key takeaways:
Timestamps: (11:08) - Navigating Remote Access in Highly Regulated Managed Service Provider (MSP) Environments (14:02) - Maximizing Security with Just in Time, Just Enough Access (17:41) – The ConnectWise ScreenConnect Vulnerability and the Importance of Communication (26:32) – The Need for Maturity in the Cybersecurity Space (31:10) – Don't Let Perfect be the Enemy of Good Episode Resources:
| |||
| Passkeys: The Future of Authentication? | 04 Apr 2024 | 00:38:04 | |
We're thrilled to have Jan Bakker, a seasoned Cloud Consultant with over 10 years of IT experience, joining us from the Netherlands. In this episode, Andy and Jan explore the revolutionary concept of passkeys, a technology that aims to replace traditional passwords and enhance security by providing phishing resistance. The conversation delves into the significance of passkeys and their value in improving user experience and security measures. The guys even discuss what is currently known publicly about passkeys in M365. Key takeaways
Timestamps: (00:13) - Unveiling the Power of Pass Keys in Cybersecurity with Jan Bucker (03:47) - The Rise of MFA Bypass Kits and Adversary in the Middle Attacks (14:55) - Unlocking the Future of Passwordless Authentication with Passkeys (24:55) - Addressing Persistent Access in Malicious Apps and OAuth: A Call for Improved Security Practices (29:59) - Unpacking the Importance of Phishing Resistance and Token Security in Cybersecurity (33:01) - Enhancing Security with Passkeys and Onboarding Procedures in Public Services Episode resources: The Security Swarm Podcast - EP24: The Danger of Malicious OAuth Apps in M365 Start your free trial of M365 Total Protection
| |||
| Are Tech “Innovations” Accelerating Security Threats? | 28 Mar 2024 | 00:36:04 | |
In today's fast-paced world, digital transformation has become a necessity for businesses to stay ahead of the game. With the increasing reliance on digital tools, however, there has been a seemingly corresponding rise in security incidents. Coincidence? The evolving landscape of IT and technology has brought to the forefront the question of whether the latest tech "innovations" are actually accelerating security threats. In this episode, Andy and Paul delve deeper into this issue, exploring how businesses can balance their need for technological advancements with maintaining robust security measures to protect against cyber threats. Timestamps: (2:54) – Commentary on the Rate of Change in Technology (13:21) – How has Innovation in Microsoft Cloud Services Contributed? (23:33) – What is the Cost of Innovation on Security Postures? Episode Resources: 365 Total Protection Free Trial
| |||
| Tips and Tricks for Getting Started in Cybersecurity | 21 Mar 2024 | 00:43:40 | |
Ever wondered what it takes to break into the exciting world of cybersecurity? Join us in our latest podcast episode as we sit down with Grant Collins, an infrastructure security engineer and cybersecurity career coach. From choosing the right degree to navigating the hiring process, acquiring essential skills, and building a robust professional network, Grant and Andy share their personal experiences and insights. Throughout the episode, they debate on academic vs practical learning by comparing the merits of pursuing a cybersecurity/IT degree versus gaining real-world experience and self-directed training. They discuss the pros and cons of each approach, offering valuable insights to help you chart your own path in the cybersecurity landscape. Timestamps: (5:08) – Why Should You Consider a Career in Cybersecurity? (11:30) – What Educational Pathways Can I Take to Learn Cybersecurity? (26:15) – How can I Cultivate Practical Skills in Cybersecurity? (34:13) – What are Some Tips and Tricks for Landing a Job in Cybersecurity? Episode Resources: Check out Grant’s YouTube Channel TryHackMe | Cyber Security Training Hack The Box: Hacking Training For The Best | Individuals & Companies | |||
| Lockbit's Return, ScreenConnect Vulnerability & a US Healthcare Cyber Attack | 14 Mar 2024 | 00:47:29 | |
Security headlines have been buzzing with major security events this month. In this podcast episode, Andy and Eric Siron discuss Hornetsecurity's Monthly Threat Report, analyzing recent security incidents and sharing expert insights. Tune in for more information on Lockbit's takedown and its reemergence days later, the CVSS 10 vulnerability in ConnectWise Screenconnect, and the Change Healthcare cyber-attack that has practically paralyzed prescription refills and is likely contributing to numerous deaths in the US. Timestamps: 3:32 – Hornetsecurity Industry Data Review for Feb 1st to March 1st 14:10 – The “takedown” and re-emergence of LockBit 18:33 – CVSS 10 Vulnerability in ConnectWise ScreenConnect 31:11 – Optum/Change Healthcare Ransomware Attack Episode Resources: ScreenConnect Vulnerability – CVE-2024-1709 | |||
| Insider Threats in Microsoft 365 | 06 Mar 2024 | 00:32:08 | |
Join host Andy and special guest Philip Galea, R&D Manager at Hornetsecurity, as they explore insider threats within Microsoft 365. In this episode, the focus is on SharePoint Online and OneDrive for Business, shedding light on the nuances of insider threats and offering valuable insights on safeguarding against them. Tune in for expert analysis and practical tips on fortifying your defenses and protecting your organization's sensitive data in the evolving landscape of cloud-hosted infrastructures. Episode Resources: | |||
| The Magic Behind DMARC, DKIM, and SPF? | 06 Sep 2024 | 00:27:39 | |
In this episode of the Security Swarm Podcast, host Andy and his guest Michael Posey discuss the email authentication protocols of SPF, DKIM, and DMARC. They explain what these protocols are, how they work, and why they are important for protecting against email spoofing and impersonation attacks. Michael shares his insights from working with MSPs and the channel, noting that while these protocols are not overly complex, they are often overlooked or misunderstood by IT professionals. The hosts dive into the specifics of each protocol - SPF defines which mail servers are allowed to send email for a domain, DKIM adds a cryptographic signature to validate the message's origin and integrity, and DMARC ties the two together to specify how receivers should handle authentication failures. The discussion covers the benefits of these protocols in improving email security and reputation, as well as the importance of adopting them industry-wide to reduce impersonation tactics used by threat actors. The hosts also touch on the history of cryptography and the need to layer security controls rather than relying on any single solution. Overall, this episode provides a comprehensive overview of these essential email authentication standards. Key Takeaways:
Timestamps: (05:50) SPF (Sender Policy Framework) (11:23) DKIM (DomainKeys Identified Mail) (16:11) How DMARC brings SPF and DKIM together (21:32) Key Protocols for Security and Compliance (24:11) Defense in Depth Episode Resources: | |||
| Microsoft vs Midnight Blizzard | 29 Feb 2024 | 00:38:18 | |
During last week’s episode, we briefly spoke about major security incidents that took place between January and February 2024, including the Midnight Blizzard attack. Today, we're delving deeper into the specifics of this attack. From exploiting OAuth mechanics to navigating Microsoft's corporate environment, the attackers demonstrated a level of sophistication that evaded conventional detection controls. Tune in to hear Andy and Paul examine its intricate attack chain and discuss their insights on what Microsoft should do in response. Timestamps: (2:00) – What does the attack chain for this breach look like? (7:11) – Timeline of the Attack (8:53) – Thoughts on Microsoft’s Response (18:55) – A Definition of an OAuth App and a Service Principal (27:36) – What do Admins need to do about this? (33:20) – Does the speed of change and the scale of Cloud Services negatively impact security? Episode Resources: Andy and Paul Discuss Malicious OAuth Apps | |||
| Midnight Blizzard, AnyDesk Breach & a $27 Million Ransomware Attack | 23 Feb 2024 | 00:38:42 | |
The Monthly Threat Report by Hornetsecurity is a valuable resource that provides monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space. For this episode, Andy is joined by Hornetsecurity’s CTO – Yvonne Bernard, for an in-depth analysis of major security breaches and ransomware attacks that occurred between January and February 2024. From the Midnight Blizzard attack on Microsoft to a ransomware attack that cost Johnson Controls 27 million USD, our hosts explore what went wrong and provide expert recommendations from the Security Lab at Hornetsecurity on how to protect your business from similar threats. Timestamps: (3:20) – Email Threat Trends from January (6:51) – What were the Most Targeted Industries for January? (9:52) – What were the most impersonated brands in January? (12:30) – A Discussion on the Midnight Blizzard attack on Microsoft (22:38) – The Recent Breach of AnyDesk (27:15) – $27 Million Cost of Ransomware attack on Johnson Controls (32:34) – A C-Suite Look at Microsoft 365 Co-Pilot and the Danger of Misconfigured Permissions Episode Resources: Episode on Malicious OAuth Applications Microsoft post on Midnight Blizzard Attack Detailed Tactics Post from Microsoft on Midnight Blizzard Attack | |||
| Co-Pilot and Misconfigured Permissions - A Looming Threat? | 14 Feb 2024 | 00:32:09 | |
The use of Large Language Models (LLMs), like ChatGPT has skyrocketed, infiltrating multiple facets of modern life. In today's podcast episode, Andy and Paul Schnackenburg explore Microsoft 365 Co-Pilot and some surprising risks it can surface. Microsoft 365 Co-Pilot is more than just a virtual assistant: it's a powerhouse of productivity! It is a versatile generative AI tool that is embedded within various Microsoft 365 applications, and as such, it can execute various tasks across different software platforms in seconds. Amidst discussions about Co-Pilot’s unique features and functionalities, many wonder: How does M365 Co-Pilot differ from other LLMs, and what implications does this hold for data security and privacy? Tune in to learn more! Timestamps: (4:16) – How is Co-Pilot different from other Large Language Models? (11:40) – How are misconfigured permissions a special danger with Co-Pilot? (16:53) – How do M365 tenant permission get so “misconfigured”? (21:53) – How can your organization use Co-Pilot safely? (26:11) – How can you easily right-size your M365 permissions before enabling Co-Pilot? Episode Resources: Paul’s article on preparing for Co-Pilot Webinar with demo showcasing the theft of M365 credentials Start your free trial of M365 Total Protection Effortlessly manage your Microsoft 365 permissions
| |||
| The Dark Side of QR Codes | 07 Feb 2024 | 00:31:38 | |
QR Codes are used everywhere in our society, from reading restaurant menus to accessing Wi-Fi networks and authenticating payments. However, as with any technological advancement, there's a flip side. While QR codes are not malicious in their essence, the landscape has shifted in recent years. Threat actors have evolved their tactics to exploit QR codes in various ways, posing new cybersecurity challenges. In this episode, host Andy teams up with Microsoft Certified Trainer Paul Schnackenburg to discuss the darker side of QR codes and the different ways in which threat actors are deceiving individuals. Episode Resources: The Danger of Malicious OAuth Apps in M365 Train your users to spot malicious emails with the Security Awareness Services Demo Safeguard your users from malicious QR codes with Advanced Threat Protection
| |||
| EP30 (PART 2): Dissecting Microsoft's Secure Future Initiative | 31 Jan 2024 | 00:29:41 | |
In this two-part episode, Andy and Paul Schnackenburg discuss Microsoft’s recently announced Secure Future Initiative, a multi-year commitment to revolutionize the design, building, testing and operation of technology for enhanced security standards in the age of AI. The discussion stems from the aftermath of the Storm 0558 breach that occurred in July 2023, orchestrated by Chinese nation-state threat actors. Tune in to gain a comprehensive understanding of the Secure Future Initiative and its implications. Episode Resources: Episode 17: On-Prem Security vs. Cloud Security Microsoft’s Announcement Regarding the Secure Future Initiative | |||
| EP30 (PART 1): Dissecting Microsoft's Secure Future Initiative | 24 Jan 2024 | 00:30:42 | |
In this two-part episode, Andy and Paul Schnackenburg discuss Microsoft’s recently announced Secure Future Initiative, a multi-year commitment to revolutionize the design, building, testing and operation of technology for enhanced security standards in the age of AI. The discussion stems from the aftermath of the Storm 0558 breach that occurred in July 2023, orchestrated by Chinese nation-state threat actors. Tune in to gain a comprehensive understanding of the Secure Future Initiative and its implications. Stay tuned for part 2! Timestamps: (2:55) – An Update on the Microsoft Storm-0558 Breach (8:40) – The Microsoft Secure Future Initiative (SFI) (12:12) – Comparison with the 2002 Trustworthy Computing Initiative Memo (17:39) – The Trustworthiness of On-Prem vs. The Cloud (23:04) – How Does Microsoft Want to Use AI in Security?
Episode Resources: 365TP Compliance & Awareness Free Trial EP17: On-Prem Security vs Cloud Security EP18: Generative AI in Defensive Tools EP22: Can you trust Microsoft with Security?
| |||
| Monthly Threat Report - January 2024 | 17 Jan 2024 | 00:52:06 | |
We're kicking off 2024 with our Monthly Threat Report analysis. Every month, our Security Lab looks into M365 security trends and email-based threats and provides commentary on current events in the cybersecurity space. In this episode, Andy and Eric Siron discuss the Monthly Threat Report for January 2024. Tune in to learn about the top-targeted industries, brand impersonations, the MOVEit supply chain attack, the active attack by the Iranian hacking group "Homeland Justice" on the Albanian government, and much more! Episode Resources: Full Monthly Threat Report for January 2024 Annual Cyber Security Report 2024 | |||
| Monthly Threat Report – December 2023 | 06 Dec 2023 | 00:32:12 | |
Our final episode for 2023 is here! To wrap up the year, Andy and Umut Alemdar will be discussing our Monthly Threat Report for December 2023. The Monthly Threat Report by Hornetsecurity brings you monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space. In this episode, Andy and Umut are focusing on data from the month of November. Tune in to hear about Microsoft’s recent zero-day vulnerabilities, the most common file types used to deliver malicious payloads, M365 brand impersonations and a lot more! Episode Resources: | |||
| EP29: Security Then vs Now: What’s Changed? | 01 Dec 2023 | 00:50:12 | |
As the year comes to a close, the Security Swarm podcast takes a reflective journey, comparing the landscape of security then and now. In this special episode, Andy and Eric Siron explore the intriguing evolution of cybersecurity from the days of floppy disks and DOS to the complex, interconnected world of today. Tune in to learn about the significant shifts in security incidents, drawing correlations and highlighting differences. From the era of viruses attempting to one-up each other with floppy disks to the present, where data theft and ransomware dominate the landscape. Timestamps: (2:56) – What was security like in the early days of IT and how does it compare to now? (12:18) – Why are threat-actors more persistent now than they used to be? (23:33) – Security horror stories then vs. now (44:40) – How has Andy and Eric’s Stances on Security Changed from then vs. now? Episode Resources: Central African Republic and El Salvador Adopt Cryptocurrency as Legal Tender | |||
| EP28: Differences Between DNS/Route-Based Email Security and Email Security via API | 24 Nov 2023 | 00:37:46 | |
Remember the days of DNS route-based email security? It's been a steadfast approach, but in recent years, the landscape has shifted towards API-driven solutions, particularly evident in platforms like Microsoft 365 utilizing the Graph API. In this episode, Umut Alemdar from Hornetsecurity's Security Lab joins Andy once again to discuss email filtration, particularly the DNS route-based approach versus the emerging API-based method. The discussion isn’t just a comparison; it’s an exploration of how these two approaches can complement each other in a hybrid model, offering a more robust and versatile email security framework. Episode Resources: | |||
| Egregious Security Practices in the Workplace | 02 Sep 2024 | 00:52:54 | |
In this episode of the Security Swarm Podcast, host Andy and his regular guest, Eric, talk about the worst workplace security practices they've seen. From weak password policies to unsecured devices and poor data management, they share real-life stories and insights that will make you cringe - and hopefully inspire you to tighten up your organization's security posture. They also discuss the importance of employee security training, the challenges of software patching, and the dangers of "security by personality" - when people make decisions based on gut feelings rather than data. It's a candid, sometimes humorous look at the security nightmares that keep IT pros up at night. Whether you're an infosec professional or just someone who wants to keep your company's data safe, this episode is packed with valuable lessons. Grab a pen and paper - you'll want to take notes on what not to do when it comes to workplace cybersecurity. Key Takeaways:
Timestamps: (00:00) Welcome to the Security Swarm Podcast (03:19) Exploring Weak Password Policies (11:26) The Importance of Employee Security Training (19:16) Unsecured Devices: A Dangerous Vulnerability (27:34) Mismanaging Data: Risky Business (37:40) The Perils of Ignoring Software Updates (45:30) Security Decisions Driven by Personality, Not Data Episode Resources: Security Risks of Always on Remote Access GM shared our driving data with insurers without consent, lawsuit claims | |||
| Monthly Threat Report - November 2023 | 17 Nov 2023 | 00:40:44 | |
The Monthly Threat Report by Hornetsecurity brings you monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space. This edition of the Monthly Threat Report focuses on data from October. During the episode, Andy and Eric Siron explore the rise of PDF-delivered malicious payloads, shifts in target industries, and escalating brand impersonation attempts in shipping and finance. They delve into Microsoft’s response to a recent cloud services attack and a significant vulnerability in Citrix NetScalers dubbed CitrixBleed, shedding light on the evolving threat landscape. Join us for an insightful analysis of the latest cybersecurity developments, providing valuable insights for both professionals and enthusiasts alike. Timestamps: (3:07) – What is the general state of email threats during the last month? (6:31) – What types of files are being used to deliver malicious files? (9:38) – What industries are being targeted the most throughout the data period? (14:40) – What are the most impersonated brands during the last month? (18:52) – An update on the Microsoft Storm-0558 breach (23:01) – The CitrixBleed Vulnerability Impacting Citrix NetScaler (30:31) – Commentary on the SEC’s charges against SolarWinds and their CISO Episode Resources: Full Monthly Threat Report for November Law Enforcement Shutdown of Qakbot Paul and Andy Discuss Storm-0558 Security Awareness Service - Request Demo | |||
| EP27: The Story of Backup and Recovery in Microsoft 365 | 07 Nov 2023 | 00:27:17 | |
Paul Schnackenburg is back for another episode with Andy and this time, to discuss the story of backup and recovery inside of Microsoft 365. M365 backup has been a confusing experience over the years, especially with Microsoft's contradictory "no backup needed" guidance. To add to the confusion, Microsoft has introduced its own M365 backup product. During the episode, we'll look at the various methods and tools that have been used natively within M365 to help with backup, as well as why these methods frequently fall short. Don't miss out on this informative discussion as we delve into the complexities of data protection and recovery in M365! Episode Resources: Free eBook - Microsoft 365: The Essential Companion Guide 365 Total Backup – Request a Trial | |||
| EP26: Questionable Methods for Protecting Backups from Ransomware | 31 Oct 2023 | 00:34:31 | |
In today’s episode, we’re delighted to welcome back Eric Siron, who’s no stranger to our show. Andy and Eric will be exploring some historical methods devised by the security community to safeguard backups against ransomware such as air gapping, removable media and application whitelisting. But here's the twist: we're approaching these protective measures from the mindset of a relentless threat actor, someone who's determined to breach your defenses and make your backups their own. Throughout the episode, we will discuss common misconceptions surrounding these historical solutions, often described as the ultimate ransomware defenses. Do they genuinely live up to the hype? Why do they seem to fall short when used in a vacuum? Tune in to learn more! Episode Resources: The Backup Bible by Eric Siron EP22: Can You Trust Microsoft with Security? Immutable Protection Against Ransomware | |||
| EP25: Key Takeaways from our Ransomware Survey | 26 Oct 2023 | 00:31:47 | |
In today's digital landscape, ransomware threats have become an increasingly significant concern for organizations of all sizes. Cybercriminals are continuously devising new ways to exploit vulnerabilities, and the repercussions can be devastating. Its ever-evolving nature makes it a top threat. To uncover the full extent of its threat, Hornetsecurity recently conducted a survey to gauge the awareness and preparedness of businesses in the face of ransomware attacks. In today’s episode, Andy and Matt Frye, Head of Presales and Education at Hornetsecurity, will recap the key findings and insights from the ransomware survey as well as offer effective tools and protocols to protect your business. Timestamps: (3:20) – How important is ransomware protection in terms of IT priorities? (4:41) – How many organizations do NOT have a DR plan in place? (9:28) – How many organizations protect their backups from ransomware? (12:10) – What types of tools are organizations using to combat ransomware? (15:45) – How many organizations have been victims of ransomware? (18:12) – How many ransomware victims managed to recovery from backup? (20:50) – What are the most common vectors of attack for ransomware? (24:00) – How many people see real value from security awareness training? (27:37) – How many organizations using M365 have a DR plan in place for ransomware? Episode Resources: Full Ransomware Survey Results EP12: What We Learned by Asking the Community About Compliance | |||
| EP24: The Danger of Malicious OAuth Apps in M365 | 18 Oct 2023 | 00:30:19 | |
Malicious OAuth apps are an issue that has plagued M365 for many years. By default, end users are given great freedom to “authorize” OAuth apps and provide them access to the M365 tenant, unknowingly creating a security issue that persists even once the affected user’s password has changed! In today’s episode, Andy and Paul Schnakenburg discuss the danger of malicious OAuth apps at length, providing listeners info on the danger, what you can do about it, and what you need to look out for! Hope you enjoy! Timestamps: (1:57) – What are malicious OAuth Applications? (5:21) – Who can authorize OAuth Applications in a M365 tenant? (8:25) – How are malicious OAuth Applications getting past Microsoft Review? (14:56) – An example of a how a malicious OAuth Application might function in an attack (17:44) – Mitigation and prevention of malicious OAuth Application attacks (25:35) – The M365 Essential Companion Guide eBook Episode Resources: Free eBook 'Microsoft 365: The Essential Companion Guide' | |||
| Monthly Threat Report - October 2023 | 09 Oct 2023 | 00:35:45 | |
The Monthly Threat Report by Hornetsecurity brings you monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space. This edition of the Monthly Threat Report focuses on data from the month of September 2023. The cybersecurity landscape is ever-evolving, and this month is no exception. Andy and Umut will be analysing the latest types of email threats. Unsurprisingly, the Entertainment and Mining industries continue to be the bullseye for malicious actors. Over the past 30 days, these sectors have borne the brunt of cyberattacks. Meanwhile, Microsoft remains in the spotlight for all the wrong reasons, as security incidents continue to plague the tech giant. This raises questions about the company's security culture and its ability to safeguard its vast user base. Tune in for more details! Timestamps: (2:37) – Email Threat Numbers for the data period. (4:18) – File Types used for the delivery of malicious payloads. (7:39) – What are the top targeted industry verticals? (11:19) – What were the most impersonated brands during the last month? (21:15) – Microsoft’s Continued Security Issues (31:19) – Vulnerabilities in libwebp Episode Resources: | |||
| EP23: The Importance of Certification in the Security Space | 04 Oct 2023 | 00:34:31 | |
You can’t be in the IT security space without thinking about certifications. Certifications are the backbone of our industry, serving as benchmarks for knowledge, skills, and expertise. But, let's face it, navigating the maze of IT and security certifications available can be a daunting task making it difficult to figure out which route you need to take. In today’s episode, Andy and Umut Alemdar explore the critical role certifications play in our field and why these certifications hold more value than just being decorative pieces on your office wall. They’ll also go a little further into the top certifications that are particularly relevant for security professionals in today's ever-changing cybersecurity landscape. Timestamps: (2:45) - Why is certification important in the Security Space (7:28) - What are the benefits of getting certified? (11:45) - Vendor-specific certifications (16:05) - Are Linux certifications relevant to security professionals? (22:21) - What are the most important vendor-agnostic security certifications? Episode Resources: Careers at Hornetsecurity (We offer training!) Andy on LinkedIn, Twitter or Mastodon Umut on LinkedIn | |||
| EP22: Can You Trust Microsoft with Security? | 26 Sep 2023 | 00:38:40 | |
In this week’s episode, Andy and Paul have a discussion that has been brewing for the past several episodes. Microsoft has experienced a series of security incidents in the last few years. For example, the SolarWinds debacle in 2020, multiple exchange server on-prem issues, and more recently the Storm-0558 incident. The core issue that all these problems raise, especially for a major global cloud provider, is trust. Can Microsoft be trusted to secure these services that millions around the globe use every single day? This is the main question that the guys get into in this episode along with lots of other great discussions around security in the Microsoft Cloud. Timestamps: (1:55) – There has been a recent string of security issues at Microsoft (6:42) – Storm-0558 (16:38) – Follow up on the SolarWinds attack from 2020 (20:50) – Multiple Exchange on-prem vulnerabilities over the last several years (22:55) – Power Platform cross-tenant un-authorized access (26:61) – Communication seems to be a sore spot across all these issues (31:21) – Trust is critical for the survival of “the cloud” Episode Resources: Monthly Threat Report - September 2023 Microsoft 365: The Essential Companion Guide - Free eBook Paul’s recent article on Microsoft’s security issues Results of Microsoft’s Storm-0558 Investigation | |||
| EP21: Life as a Cybersecurity CEO - An Inside Look | 20 Sep 2023 | 00:28:34 | |
In this week’s episode, Andy sits down with Daniel Hofmann, the CEO of Hornetsecurity, for an exclusive glimpse into life as a cybersecurity CEO in the modern era. During the episode, Daniel shares the complexities of leading a top-tier security organization exploring the challenges and rewards that come with the role whilst touching upon some predictions for the ever-evolving cybersecurity industry. With cybersecurity being an industry that never stands still, the conversation also delves into the constant opportunities for innovation. Tune in to discover ways of staying informed and constantly adapting to the shifting threat landscape. Timestamps: (2:13) – What is it like being the CEO of a Cybersecurity Company? (7:27) – What are the main methods that Daniel uses to keep up to date on the industry? (10:05) – What was the main driving reason behind founding Hornetsecurity? (13:26) – Solving security problems with a unique approach. (18:28) – How is AI changing the cybersecurity industry? (24:08) – Daniel’s cybersecurity predictions for the future. Episode Resources: Hornetsecurity’s Advanced Threat Protection Episode 18: Generative AI in Defensive Tools
| |||
| Monthly Threat Report - September 2023 | 12 Sep 2023 | 00:36:52 | |
The Monthly Threat Report by Hornetsecurity brings you monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space. In today’s episode with Yvonne Bernard – CTO at Hornetsecurity, we are analyzing data from the month of August 2023. During the episode, Andy and Yvonne explore the overall threat trends including:
Timestamps: (3:22) – General threat trends for this month’s data period (7:11) – What were the most used file types used for malicious payloads during the data period? (10:10) – What are the most targeted industries for this data period? (12:04) – The most impersonated brands from this month’s report (16:52) – Commentary on the FBI’s disruption of the Qakbot Botnet (22:54) – An update on the Microsoft Storm-0558 breach (33:46) – Data breaches account for 14 million lost records Episode Resources: Full Monthly Threat Report - September 2023 EP07: A Discussion and Analysis of Qakbot | |||
| How Threat Actors Tamper with Elections | 22 Aug 2024 | 00:36:09 | |
In this episode of the Security Swarm Podcast, host Andy is joined by Umut Alemdar, Head of Security Lab at Hornetsecurity, to explore the escalating threat of election interference by cyber threat actors across the globe. They talk about motivations driving these actors and the various tactics used to infiltrate political parties, target election equipment, and spread misinformation, including the use of deepfakes. The episode also revisits significant cases of election meddling, from the 2015 German Bundestag hack to the 2020 Iranian hack of U.S. city election websites, highlighting the ongoing risks. Andy and Umut conclude with strategies to combat these threats, emphasizing the importance of policy changes, enhanced public communication, and rigorous cybersecurity training for election officials. Key Takeaways:
Timestamps: (01:00) Introduction and Categorizing Threat Actors (08:00) Infiltrating Political Parties and Targeting Election Equipment (09:44) Consequences of Spreading Misinformation (14:00) Past Attacks: Germany, France, and Ukraine (21:32) US-Based Attacks: 2016 Presidential Election and Breaching City Websites (28:30) What Can Be Done? Policies, Communication, and Monitoring Episode Resources: EU Sanctions Russian Hackers for German Bundestag Hack | |||
| EP20: What's Going on With Azure AD? | 06 Sep 2023 | 00:34:21 | |
Paul Schnackenburg joins Andy in this episode to discuss the recent rebranding of Azure AD to Microsoft Entra ID, as well as talk about some new identity features in the Microsoft Cloud. To kick things off, they provide a brief overview of what Azure AD is/was and its crucial role in the Microsoft Cloud ecosystem. Amidst the changes, Andy and Paul emphasize a critical point: IT professionals and security experts primarily care about understanding a platform's functionality, features, and ability to solve real-world problems. The name may change, but the core value remains the same. Timestamps: 2:03 – Azure AD is Now Microsoft Entra 9:35 – Relevant Acronyms for the Identity Space 13:49 – Entra Internet Access 21:28 – Entra Private Access 26:44 – M365 / Entra ID Tenant Restrictions 30:23 – How Do These Features Factor Into the Storm-0558 Breach? Episode resources: Hornetsecurity 365 Total Protection Podcast episode: Licensing Security Features in M365 Azure Active Directory Domain Services | |||
| EP19: How to Sell Cybersecurity to the C-Suite | 30 Aug 2023 | 00:30:33 | |
As cybersecurity professionals, MSSPs, and security vendors, we often get mired down in the weeds of the “tech” involved in the job and frequently struggle to convey the value of said technology to the C-Suite. With that said, we’re deviating from our regularly scheduled programming this week to bring you something of a “soft-skills” episode to address this key point. This week we’re excited to bring you the business and C-Suite knowledge of our very own Hornetsecurity Chief Operating Officer, Daniel Blank for a discussion on how you can get your leadership team to see value in technology, put priority on security, and ultimately sell cybersecurity to the C-Suite. Hope you enjoy! Timestamps: 2:23 – Conveying the Value of Cybersecurity to Leadership without Using the Fear Angle 15:50 – Compliance and Similar Issues Often Drives C-Suite Attention 26:05 – An Example - What Would Daniel Look for When Having to Make a C-Suite Decision? Episode Resources: Andy on LinkedIn, Twitter or Mastodon Daniel on LinkedIn | |||
| EP18: Generative AI in Defensive Tools | 22 Aug 2023 | 00:31:41 | |
In today’s episode, Andy and Umut are unravelling the transformative impact of AI in cybersecurity defense. Discover how AI empowers defenders with enhanced knowledge of setting up robust defense mechanisms, from firewalls to anomaly detection systems. Amidst the prevailing focus on AI's darker aspects, this episode illuminates its positive role in the security space, equipping blue teams to match wits with increasingly intelligent adversaries. Our hosts, Andy and Umut, both distinguished members of the Security Lab at Hornetsecurity, will provide expert insights into how Hornetsecurity's suite of products leverages AI to display a concrete example in the industry. Join us as we shift the narrative from AI's potential for malicious use to how defensive toolsets and security experts are harnessing its power. Timestamps: 3:12 – How has AI changed the threat landscape? 6:10 – How can AI help blue teams? 16:08 – An example of AI used defensively in a software stack 26:24 – What advancements in AI in the security space are we likely to see in the future? Episode Resources: EP08: Advanced Threat Protection: A Must Have in Today's Ecosystem? EP03: The Reemergence of Emotet and Why Botnets Continue to Return OpenAI Cybersecurity Grant Program AI can steal data by listening to keystrokes with 95% accuracy Andy on LinkedIn, Twitter or Mastodon Umut on LinkedIn | |||
| EP17: On-Prem Security vs Cloud Security | 16 Aug 2023 | 00:40:19 | |
In today’s episode we have Eric Siron, Microsoft MVP, joining Andy for a discussion on the debated topic of On-Prem Security versus Cloud Security from a security standpoint. The digital landscape has transformed, raising questions about securing multiple cloud services, APIs, and the scattered user base. We explore how defenses have evolved and although default protections have strengthened, attack vectors have grown smarter with the growth of ransomware. Join us as we dissect these changes and their impact on modern security paradigms in an era where protection and adaptation are paramount. Disclaimer: This episode was recorded just before news of the Microsoft breach hit the headlines. Thus, while some of the perspectives may seem momentarily misaligned due to the unfolding events, the core insights and conclusions drawn remain the same. Timestamps: 3:50 – What is the current state of on-premises infrastructure in terms of security? 12:37 – How does compliance factor into on-premises security? 21:12 – Is Infrastructure in the cloud more secure? 33:12 – Is “The Cloud” or “On-Premises” more secure? Episode Resources: Monthly Threat Report - August 2023 Andy and Paul Discuss M365 Security Andy and Paul Discuss the Difficulty of Licensing Security Features in M365 Hornetsecurity Ransomware Survey Findings | |||