Podcasts about blumira

Segment 1 - Interview with Rob Allen from Threatlocker Segment 2 - Topic: Growing Trend - Edge Computing and Hybrid Cloud Segment 3 - Interviews from RSAC 2025 Cyera Cyera is the fastest-growing data security company in history, empowering companies to classify, secure, and manage their data, wherever it is, and leverage the power of the industry's first AI native,unified Data Security Platform. Yotam Segev, Cyera's CEO sits down with CyberRisk TV at RSAC Conference 2025 to discuss Cyera's skyrocketing growth, its founding story and why an increasing number of Fortune500 companies are partnering with Cyera, and the company's latest product release: Adaptive DLP, a new AI data loss prevention solution. Recent Cyera News: Cyera Breaks World Record as the Fastest-Growing Data Security Company in History Data Security Leader Cyera Secures $300M in Series D Funding Cyera Acquires Trail Security for $162M Cyera Launches Data Incident Response Service Cyera Appoints Renowned Tech Exec Frank Slootman to Board of Directors This segment is sponsored by Cyera. Visit https://securityweekly.com/cyerarsac to learn more about them! Blumira In the evolving world of cybersecurity, the shift from a purely threat-centric mindset to a focus on operational excellence is no longer just a trend—it's a necessity. Matthew Warner, CEO and co-founder of Blumira, argues that this shift is particularly crucial for small and mid-sized businesses (SMBs) and the managed service providers (MSPs) that support them. Matthew believes that traditional SIEM and detection solutions have historically fallen short for these organizations, often due to their complexity, high cost, and steep learning curves. As a result, many SMBs have struggled to keep up with the sophistication of modern threats. Blumira was founded to change that. Matthew's vision is rooted in democratizing security—making powerful, automated detection and response tools simple, affordable, and accessible for everyone, especially those who need them most. By designing platforms that prioritize operational excellence—efficiency, usability, and actionable intelligence—Blumira enables organizations to be proactive rather than reactive. During the conversation, Matthew will share insights into the latest technologies and trends transforming the cybersecurity space, and offer actionable guidance for IT decision-makers. He'll explore how shifting strategy from chasing every alert to building a solid, efficient operational foundation can lead to better outcomes and stronger protection in the long run. Blumira Partners Blumira Launches New M365 Threat Response Feature Security should be accessible to everyone. At Blumira, we're building the future of detection and response — simple, smart, and built to empower the teams who need it most. Check out https://securityweekly.com/blumirarsac and take control of your security today. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-411

Segment 1 - Interview with Rob Allen from Threatlocker Segment 2 - Topic: Growing Trend - Edge Computing and Hybrid Cloud Segment 3 - Interviews from RSAC 2025 Cyera Cyera is the fastest-growing data security company in history, empowering companies to classify, secure, and manage their data, wherever it is, and leverage the power of the industry's first AI native,unified Data Security Platform. Yotam Segev, Cyera's CEO sits down with CyberRisk TV at RSAC Conference 2025 to discuss Cyera's skyrocketing growth, its founding story and why an increasing number of Fortune500 companies are partnering with Cyera, and the company's latest product release: Adaptive DLP, a new AI data loss prevention solution. Recent Cyera News: Cyera Breaks World Record as the Fastest-Growing Data Security Company in History Data Security Leader Cyera Secures $300M in Series D Funding Cyera Acquires Trail Security for $162M Cyera Launches Data Incident Response Service Cyera Appoints Renowned Tech Exec Frank Slootman to Board of Directors This segment is sponsored by Cyera. Visit https://securityweekly.com/cyerarsac to learn more about them! Blumira In the evolving world of cybersecurity, the shift from a purely threat-centric mindset to a focus on operational excellence is no longer just a trend—it's a necessity. Matthew Warner, CEO and co-founder of Blumira, argues that this shift is particularly crucial for small and mid-sized businesses (SMBs) and the managed service providers (MSPs) that support them. Matthew believes that traditional SIEM and detection solutions have historically fallen short for these organizations, often due to their complexity, high cost, and steep learning curves. As a result, many SMBs have struggled to keep up with the sophistication of modern threats. Blumira was founded to change that. Matthew's vision is rooted in democratizing security—making powerful, automated detection and response tools simple, affordable, and accessible for everyone, especially those who need them most. By designing platforms that prioritize operational excellence—efficiency, usability, and actionable intelligence—Blumira enables organizations to be proactive rather than reactive. During the conversation, Matthew will share insights into the latest technologies and trends transforming the cybersecurity space, and offer actionable guidance for IT decision-makers. He'll explore how shifting strategy from chasing every alert to building a solid, efficient operational foundation can lead to better outcomes and stronger protection in the long run. Blumira Partners Blumira Launches New M365 Threat Response Feature Security should be accessible to everyone. At Blumira, we're building the future of detection and response — simple, smart, and built to empower the teams who need it most. Check out https://securityweekly.com/blumirarsac and take control of your security today. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-411

Segment 1 - Interview with Rob Allen from Threatlocker Segment 2 - Topic: Growing Trend - Edge Computing and Hybrid Cloud Segment 3 - Interviews from RSAC 2025 Cyera Cyera is the fastest-growing data security company in history, empowering companies to classify, secure, and manage their data, wherever it is, and leverage the power of the industry's first AI native,unified Data Security Platform. Yotam Segev, Cyera's CEO sits down with CyberRisk TV at RSAC Conference 2025 to discuss Cyera's skyrocketing growth, its founding story and why an increasing number of Fortune500 companies are partnering with Cyera, and the company's latest product release: Adaptive DLP, a new AI data loss prevention solution. Recent Cyera News: Cyera Breaks World Record as the Fastest-Growing Data Security Company in History Data Security Leader Cyera Secures $300M in Series D Funding Cyera Acquires Trail Security for $162M Cyera Launches Data Incident Response Service Cyera Appoints Renowned Tech Exec Frank Slootman to Board of Directors This segment is sponsored by Cyera. Visit https://securityweekly.com/cyerarsac to learn more about them! Blumira In the evolving world of cybersecurity, the shift from a purely threat-centric mindset to a focus on operational excellence is no longer just a trend—it's a necessity. Matthew Warner, CEO and co-founder of Blumira, argues that this shift is particularly crucial for small and mid-sized businesses (SMBs) and the managed service providers (MSPs) that support them. Matthew believes that traditional SIEM and detection solutions have historically fallen short for these organizations, often due to their complexity, high cost, and steep learning curves. As a result, many SMBs have struggled to keep up with the sophistication of modern threats. Blumira was founded to change that. Matthew's vision is rooted in democratizing security—making powerful, automated detection and response tools simple, affordable, and accessible for everyone, especially those who need them most. By designing platforms that prioritize operational excellence—efficiency, usability, and actionable intelligence—Blumira enables organizations to be proactive rather than reactive. During the conversation, Matthew will share insights into the latest technologies and trends transforming the cybersecurity space, and offer actionable guidance for IT decision-makers. He'll explore how shifting strategy from chasing every alert to building a solid, efficient operational foundation can lead to better outcomes and stronger protection in the long run. Blumira Partners Blumira Launches New M365 Threat Response Feature Security should be accessible to everyone. At Blumira, we're building the future of detection and response — simple, smart, and built to empower the teams who need it most. Check out https://securityweekly.com/blumirarsac and take control of your security today. Show Notes: https://securityweekly.com/esw-411

In this episode of The Cybersecurity Defenders Podcast, we discuss stress management and avoiding burnout with Amanda Berlin, CEO of Mental Health Hackers.Amanda is the Senior Product Manager of Cybersecurity at Blumira, where she collaborates with a talented team to make security more accessible. With a career in IT spanning nearly her entire adult life, her expertise includes infrastructure security, network troubleshooting, purple teaming, and security awareness training.Beyond her role at Blumira, Amanda leads Mental Health Hackers, an organization dedicated to addressing the unique mental health challenges faced by cybersecurity professionals and heavy technology users. Through education and advocacy, she helps shine a light on the critical intersection of mental health and the tech industry.All of the links:Coffee bot: DonutsBook: The Fearless OrganizationAmerican Psychological AssociationMental Health hackers next at: Bsides Charm in Baltimore, Blue Team Con in Chicago... check social media for more

In this segment, Theresa will unpack the complexities of cyber resilience, and dive into new research that examines dynamic computing. She'll discuss how it merges IT and business operations, taps into data-driven decision-making, and redefines computing for the modern era. This segment is sponsored by LevelBlue. Visit https://www.Securityweekly.com/levelbluersac to learn more about them! In this segment, Jim can discuss how organizations can enhance their cybersecurity posture with Blumira's automated threat monitoring, detection and response solutions. Jim can talk about the exciting plans Blumira has in store for the next 3 years, emphasizing how the company is lowering the barrier to entry in cybersecurity for SMBs. Segment Resources: https://www.blumira.com/customer-stories/  https://www.blumira.com/why-blumira/ This segment is sponsored by Blumira. Visit https://securityweekly.com/blumirarsac to learn more about them! Show Notes: https://securityweekly.com/bsw-351

In this segment, Theresa will unpack the complexities of cyber resilience, and dive into new research that examines dynamic computing. She'll discuss how it merges IT and business operations, taps into data-driven decision-making, and redefines computing for the modern era. This segment is sponsored by LevelBlue. Visit https://www.Securityweekly.com/levelbluersac to learn more about them! In this segment, Jim can discuss how organizations can enhance their cybersecurity posture with Blumira's automated threat monitoring, detection and response solutions. Jim can talk about the exciting plans Blumira has in store for the next 3 years, emphasizing how the company is lowering the barrier to entry in cybersecurity for SMBs. Segment Resources: https://www.blumira.com/customer-stories/ https://www.blumira.com/why-blumira/ This segment is sponsored by Blumira. Visit https://securityweekly.com/blumirarsac to learn more about them! Show Notes: https://securityweekly.com/bsw-351

This week, it's time for security money, our quarterly review of the money of security, including public companies, IPOs, funding rounds and acquisitions from the previous quarter. This quarter, Rubrick's IPO saves the index, as Cisco finishes the acquisition of Splunk. The index is now made up of the following 25 pure play cybersecurity public companies: Secureworks Corp Palo Alto Networks Inc Check Point Software Technologies Ltd. Rubrik Inc Gen Digital Inc Fortinet Inc Akamai Technologies, Inc. F5 Inc Zscaler Inc Onespan Inc Leidos Holdings Inc Qualys Inc Verint Systems Inc. Cyberark Software Ltd Tenable Holdings Inc Darktrace PLC SentinelOne Inc Cloudflare Inc Crowdstrike Holdings Inc NetScout Systems, Inc. Varonis Systems Inc Rapid7 Inc Fastly Inc Radware Ltd A10 Networks Inc In this segment, Theresa will unpack the complexities of cyber resilience, and dive into new research that examines dynamic computing. She'll discuss how it merges IT and business operations, taps into data-driven decision-making, and redefines computing for the modern era. This segment is sponsored by LevelBlue. Visit https://www.Securityweekly.com/levelbluersac to learn more about them! In this segment, Jim can discuss how organizations can enhance their cybersecurity posture with Blumira's automated threat monitoring, detection and response solutions. Jim can talk about the exciting plans Blumira has in store for the next 3 years, emphasizing how the company is lowering the barrier to entry in cybersecurity for SMBs. Segment Resources: https://www.blumira.com/customer-stories/ https://www.blumira.com/why-blumira/ This segment is sponsored by Blumira. Visit https://securityweekly.com/blumirarsac to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-351

This week, it's time for security money, our quarterly review of the money of security, including public companies, IPOs, funding rounds and acquisitions from the previous quarter. This quarter, Rubrick's IPO saves the index, as Cisco finishes the acquisition of Splunk. The index is now made up of the following 25 pure play cybersecurity public companies: Secureworks Corp Palo Alto Networks Inc Check Point Software Technologies Ltd. Rubrik Inc Gen Digital Inc Fortinet Inc Akamai Technologies, Inc. F5 Inc Zscaler Inc Onespan Inc Leidos Holdings Inc Qualys Inc Verint Systems Inc. Cyberark Software Ltd Tenable Holdings Inc Darktrace PLC SentinelOne Inc Cloudflare Inc Crowdstrike Holdings Inc NetScout Systems, Inc. Varonis Systems Inc Rapid7 Inc Fastly Inc Radware Ltd A10 Networks Inc In this segment, Theresa will unpack the complexities of cyber resilience, and dive into new research that examines dynamic computing. She'll discuss how it merges IT and business operations, taps into data-driven decision-making, and redefines computing for the modern era. This segment is sponsored by LevelBlue. Visit https://www.Securityweekly.com/levelbluersac to learn more about them! In this segment, Jim can discuss how organizations can enhance their cybersecurity posture with Blumira's automated threat monitoring, detection and response solutions. Jim can talk about the exciting plans Blumira has in store for the next 3 years, emphasizing how the company is lowering the barrier to entry in cybersecurity for SMBs. Segment Resources: https://www.blumira.com/customer-stories/ https://www.blumira.com/why-blumira/ This segment is sponsored by Blumira. Visit https://securityweekly.com/blumirarsac to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-351

Learning about our customers, and developing products based on their needs is simple to understand, but difficult to execute when you balance your customer desires against what's best for your shareholders, and what your team can build, deliver and operate. Host Ashok Sivanand and Jim Simpson, CEO of Blumira, discuss his journey in product management, from early coding adventures with a Commodore 64 to leading a cybersecurity SaaS company. Discover how Jim's unique background as a third culture kid and his extensive experience in the tech industry have shaped his approach to product management, leadership, and navigating the intricate balance between customer needs and business demands. Unlock the full potential of your product team with Integral's player coaches, experts in lean, human-centered design. Visit integral.io/convergence for a free Product Access Lab workshop to gain clarity and confidence in tackling any product design or engineering challenge. Inside the episode... Jim Simpson's early fascination with coding and the pivotal decision between a Commodore 64 and an Atari. The influence of Jim's upbringing in Japan on his open-mindedness and adaptability in leadership. The transition from coding to product management: key lessons and pivotal moments Jim's approach to recruiting, mentoring, and nurturing talent in product management. How Blumira is innovating in the cybersecurity space under Jim's leadership as CEO. The challenges and rewards of stepping into a CEO role from a product management background. Practical advice for aspiring product managers on acquiring the necessary skills and mindset for success. An exploration of the ‘third culture kid' identity and its impact on professional and personal growth. The importance of customer interaction and how it shapes product development strategies. Subscribe to the Convergence podcast wherever you get podcasts including video episodes on YouTube at youtube.com/@convergencefmpodcast Learn something? Give us a 5 star review and like the podcast on YouTube. It's how we grow.   Follow the Pod Linkedin: https://www.linkedin.com/company/convergence-podcast/ Twitter: https://twitter.com/podconvergence Instagram: @podconvergence

Today our friend Amanda Berlin, Lead Incident Detection Engineer at Blumira, joins us to talk about being more mentally healthy in 2024! P.S. - did you miss Amanda's past visits to the program? Then check out episode 518, 536 and 588. Be sure to check out the next edition of Amanda's Defensive Security Handbook when it comes out in later January, 2024!

The Mindful Business Security Show is a call-in radio style podcast for small business leaders. Join our hosts as they take questions from business leaders like you! In this episode, Accidental CISO is joined by guest host Amanda Berlin. Amanda leads Detection Engineering at Blumira, where she and her team analyze the tactics, techniques, and procedures used by cyber criminals and create detection rules to spot the nefarious activity and protect their customers' systems. When she isn't ruining the day for the bad guys, she runs a non-profit called Mental Health Hackers that is dedicated to mental health among cyber professionals, produces training content for Antisyphon Training, and co-hosts the Brakeing Down Security podcast.   You can find Amanda on LinkedIn.   In this episode, Amanda mentioned several free tools and resources. Microsoft Sysmon Incident Response dot Org Microsoft IR Playbooks CISA Incident Response Playbooks   Are you struggling with how to deal with Cybersecurity, Information Security, or Risk Management in your organization? Be a caller on a future episode of the show. Visit our podcast page and sign up now!   Show Merch: https://shop.mindfulsmbshow.com/ Website: https://www.focivity.com/podcast Twitter: @mindfulsmbshow Hosted by: @AccidentalCISO Produced by: @Focivity Music by Michael Korbin from Pixabay

Today we're joined by Matt Warner of Blumira (remember him from episodes #551 and #529 and #507?) to talk about choosing the right XDR strategy! There's a lot to unpack here. Are EDR, MDR and XDR related? Can you get them all from one vendor - and should you? Do you run them on-prem, in the cloud, or both? Join us as Matt answers these questions and more!

XDR isn't just a fancy term or the latest trend; it represents consolidating security tools, enhancing defences against sophisticated attacks, and reducing response time to safeguard against data breaches.Starting from a solid foundation of centralized logs, organizations can use XDR as part of their cybersecurity strategy to detect breaches across many different sources of data. If we look specifically at the financial industry, XDR can be key in stopping attacks rapidly before they cause too much damage. Through reducing complexity and providing stack-wide visibility, SMBs within the banking sector can solve common challenges like understaffed teams and daunting compliance requirements.In this episode of the EM360 Podcast, Head of Content Matt Harris speaks to Matthew Warner, CTO and Co-founder of Blumira, to discuss: Security pain points in the BFSI spaceThe difference between EDR and XDRChoosing the right XDR strategy for your business

Today Amanda Berlin from Blumira teaches us how to unlock the power of Sysmon so we can gain insight into the good, bad and ugly things happening on our corporate endpoints!  Key takeaways: Sysmon turns your windows logging up to 11, and pairs well with a config file like this one or this one. Careful if you are are running sysmon on non-SSD drives - the intense number of writes might bring that disk to its knees. Just getting started logging all the things with sysmon?  Why not pump those logs into a free logging/alerting system like Wazuh? I think it was SolarWinds log collector I was trying to think of while recording the show, not CloudTrail.

Amanda joins us to discuss aspects of incident response, including how to get the right data to support findings related to an incident, SMB challenges, cloud event logging, and more! Amanda works for Blumira and is the co-author of "Defensive Security Handbook: Best Practices for Securing Infrastructure." In the Security News: How not to send all your browser data to Google, apparently Microsoft needs pressure to apply certain fixes, the mutli-hundred-billion-dollar-a-year industry that tries to secure everything above the firmware, security through obscrurity doesn't work, should you hire cybersecurity consultants, pen testing is key for compliance, defense contractor leaks, inside a McFlurry machine, Barracuda is still chasing hackers, why Linux is more secure than windows, more details on WinRar and middle-out compression, a Wifi worm?, CVE-2020-19909 is almost everything that is wrong with CVE, Tacos, and hacking through a Fire stick! All that and more on this episode of Paul's Security Weekly!  Visit https://www.securityweekly.com/psw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/psw-797

Amanda joins us to discuss aspects of incident response, including how to get the right data to support findings related to an incident, SMB challenges, cloud event logging, and more! Amanda works for Blumira and is the co-author of "Defensive Security Handbook: Best Practices for Securing Infrastructure." In the Security News: How not to send all your browser data to Google, apparently Microsoft needs pressure to apply certain fixes, the mutli-hundred-billion-dollar-a-year industry that tries to secure everything above the firmware, security through obscrurity doesn't work, should you hire cybersecurity consultants, pen testing is key for compliance, defense contractor leaks, inside a McFlurry machine, Barracuda is still chasing hackers, why Linux is more secure than windows, more details on WinRar and middle-out compression, a Wifi worm?, CVE-2020-19909 is almost everything that is wrong with CVE, Tacos, and hacking through a Fire stick! All that and more on this episode of Paul's Security Weekly!  Visit https://www.securityweekly.com/psw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/psw-797

Amanda joins us to discuss aspects of incident response, including how to get the right data to support findings related to an incident, SMB challenges, cloud event logging, and more! Amanda works for Blumira and is the co-author of "Defensive Security Handbook: Best Practices for Securing Infrastructure."   Show Notes: https://securityweekly.com/psw-797 

Amanda joins us to discuss aspects of incident response, including how to get the right data to support findings related to an incident, SMB challenges, cloud event logging, and more! Amanda works for Blumira and is the co-author of "Defensive Security Handbook: Best Practices for Securing Infrastructure."   Show Notes: https://securityweekly.com/psw-797 

A hosted panel discussion with industry leaders to explore the advantages of the SecOps Cloud Platform for product builders.The panel is moderated by LimaCharlie's Head of Product, Ross Haleliuk. The panel participants are:Founder & CTO of Recon InfoSec, Eric CapuanoLead Incident Detection Engineer at Blumira, Amanda BerlinWhat is the SecOps Cloud Platform?The SecOps Cloud Platform is a construct for delivering the core components needed to secure and monitor any given organization: things like, deploying endpoint capabilities through a single agent regardless of the technology, alerting and correlating from logs regardless of the source, automating analysis and response regardless of the environment.The SecOps Cloud Platform is:An environment where many solutions can exist, not as a collection of random tools, but as a series of cybersecurity solutions designed to interoperate in an un-opinionated way, from the ground up; where powerful systems can be put in place at incredible speeds.An environment fundamentally open through APIs, documentation, integrability, affordability; making it a neutral space for all cybersecurity professionals, whether they're in enterprise, services or vendors to build appropriate solutions.The SecOps Cloud Platform is not where data goes to die—it's a fabric, a sandbox ready for you to use, but also ready to disseminate data and insights to other systems as needed in cost-effective ways.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

Check out our sponsor (BLUMIRA) at https://blumira.com/brake youtube channel link: https://youtube.com/c/BDSPodcast Full video on our youtube Channel! https://www.youtube.com/watch?v=BkBeLuM_urk https://www.rapid7.com/blog/post/2023/07/11/cve-2023-29298-adobe-coldfusion-access-control-bypass/ https://www.darkreading.com/remote-workforce/hacker-infected-foiled-by-own-infostealer https://therecord.media/cisa-warnings-adobe-microsoft-citrix-vulnerabilities https://www.itsecurityguru.org/2023/07/18/millions-of-keyboard-walk-patterns-found-in-compromised-passwords/ https://therecord.media/airline-customer-support-phone-number-fraud-google https://twitter.com/Shmuli/status/1680669938468499458 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884 https://www.jdsupra.com/legalnews/tabletop-exercises-as-risk-mitigation-5278057/ https://www.darkreading.com/vulnerabilities-threats/linux-ransomware-poses-significant-threat-to-critical-infrastructure https://bevyengine.org/  - Rust game engine https://godotengine.org/ - a more mature Rust game engine https://flappybird.io/ - which I suck at, BTW Intro/outro music: "Flex" by Jeremy Blake Courtesy of YouTube Music Library (used with proper permissions)  

Today I'm excited to share a featured interview with our new friend Mike Toole of Blumira. We talk about all things EDR, including: How does it differ from something like Windows Defender? What things do I need to keep in mind if I'm in the market for an EDR purchase? Is Mac EDR any good? How do attackers bypass EDR? Will AI create industructible malware, take over the human race and then use our bodies for batteries?

Every company has a culture, whether you like it or not. And that culture needs to be cultivated so you can get the most out of your employees. Learn how to value employees, engage with them, and be transparent with them as a CEO. Today, Doug C. Brown talks with Jim Simpson, the CEO of Blumira, a leading cybersecurity provider of automated threat detection and response technology. In this episode, you will learn:- Why every company has a culture and why you have to cultivate that.- Why it's okay to make mistakes as an entrepreneur if you want to grow.- What Blumira does for small businesses that can't afford cybersecurity.

Today we're excited to share a featured interview with our new friend Jim Simpson, CEO of Blumira. Jim was in security before it was hip/cool/lucrative, working with a number of startups as well as some big names like Duo. Blumira and 7 Minute Security have a shared love for helping SMBs be more secure, so it was great to chat with Jim about the IT/security challenges faced by SMBs, and what we can do make security more simple and accessible for them.

Small and medium-sized enterprises (SMEs) face numerous challenges when it comes to cybersecurity. One of the most significant challenges is the lack of resources, including budget and personnel, to invest in robust cybersecurity measures. This often leaves SMEs vulnerable to cyber threats, such as phishing attacks, ransomware, and data breaches. Additionally, SMEs may not have the expertise to effectively implement and manage cybersecurity solutions, leaving them susceptible to cyber-attacks.This lack of attention to cybersecurity can lead to devastating consequences for SMEs, including financial losses, reputational damage, and legal liabilities.In this episode of the EM360 Podcast, Analyst Richard Stiennon speaks to Matthew Warner, CTO and Co-founder at Blumira, to discuss:Common cybersecurity threats that SMEs faceHow these threats differ from those faced by larger companiesImplementing effective cybersecurity measures

Today I sat down with Chris Furner of Blumira to talk about all things cyber insurance. Many of 7MinSec's clients are renewing their policies this time of year, and many are looking into policies for the first time. Naturally, there are a ton of questions to ask and things to think about to make good coverage decisions for your business: How do I get started in looking for a cyber policy - with my general liability insurer? Or are there companies that specialize just in cyber insurance? How do I make sure I have the appropriate levels of coverage? What are basic things I can do from a security standpoint that pretty much any insurer is going to expect me to do? Enjoy the interview, where we cover these questions - and more! And be sure to also check out Blumira's whitepaper on this topic called The State of Cyber Insurance.

Blumira is targeting an underserved part of the market; SMBs. Brian, the VP of Sales at Blumira, joins us to discuss how he is successfully running the sales team and growing revenue.  His background is in Enterprise selling and he highlights what is similar and also what is different with selling to SMBs. In this episode, you'll learn:The average length of a sales cycle working with SMBs and what we can learn from that on the enterprise side Advantages of having a rigorous POC process while also being flexible when neededImportance of having enough discipline to say no to some dealsBlumira: www.blumira.comBrian: On LinkedIn or bpenney@blumira.comYou might also like the following:162: Eric Appel, CRO @ Island: why stealth is sexy and the different way Island has built the sales team143: How to answer the “What does your company do?” question without being boring or using buzzwords109: Hot trends in cybersecurity with Amit Karp, Partner at Bessemer Venture PartnersSupport the show

Today we talk about Simple Ways to Test Your SIEM. Feel free to check out the YouTube version of this presentation, as well as our interview with Matt from Blumira for even more context, but here are the essential tools and commands covered: Port scanning nmap 10.0.7.0/24 - basic nmap scan massscan -p1-65535,U:1-65535 --rate=1000 10.0.7.0/24 -v - scan all 65k+ TCP and UDP ports! Password spraying Rubeus.exe spray /password:Winter2022! /outfile:pwned.txt - try to log into all AD accounts one time with Winter2022! as the password, and save any pwned creds to pwned.txt Kerberoasting and ASREPRoasting rubeus.exe kerberoast /simple rubeus asreproast /nowrap Key group membership changes net group "GROUP NAME" user-to-add-to-a-group /add Dump Active Directory hashes cme smb IP.OF.THE.DOMAINCONTROLLER -u user -p password --ntds --enabled ntdsutil "ac i ntds" "ifm" "create full c:dc-backup" q q SMB share hunting Invoke-HuntSMBShares -Threads 100 -OutputDirectory C:output - SMB enumeration using PowerHuntShares

Today we welcome our pal Matthew Warner (CTO and co-founder of Blumira) back to the show for a third time (his first appearance was #507 and second was #529). I complained to Matt about how so many SIEM/SOC solutions don't catch early warning signs of evil things lurking in customer networks. Specifically, I whined about 7 specific, oft-missed attacks like port scanning, Kerberoasting, ASREPRoasting, password spraying and more. (Shameless self-promotion opportunity: I will be discussing these attacks on an upcoming livestream on December 29). Matt dives into each of these attacks and shares some fantastic insights into what they look like from a defensive perspective, and also offers practical strategies and tools for detecting them! Note: during the discussion, Matt points out a lot of important Active Directory groups to keep an eye on from a membership point of view. Those groups include: ASAAdmins Account Operators Administrators Administrators Backup Operators Cert Publishers Certificate Service DCOM DHCP Administrators Debugger Users DnsAdmins Domain Admins Enterprise Admins Enterprise Admins Event Log Readers ExchangeAdmins Group Policy Creator Owners Hyper-V Administrators IIS_IUSRS IT Compliance and Security Admins Incoming Forest Trust Builders MacAdmins Network Configuration Operators Schema Admins Server Operators ServerAdmins SourceFireAdmins WinRMRemoteWMIUsers WorkstationAdmins vCenterAdmins

Today's episode of the 7 Minute Security podcast is brought to you by Blumira, which provides easy-to-use automated detection and response that can be set up in…well..about 7 minutes. Detect and resolve security threats faster, and prevent breaches. Try it free today at blumira.com/7ms. Hey friends, today we're giving you a first impressions look at a free easy asset management tool called Snipe-IT you can use to build your inventory with! Why is this important? Because it's the first critical security control! It might help to see this tool in action, so we invite you to check out our recent Twitch stream where we got it up and running in about 45 minutes.

Today's episode is brought to us by Blumira, which provides easy to use, automated detection and response that can be setup in…well…about 7 minutes! Detect and resolve security threats faster and prevent breaches. Try it free today at blumira.com/7ms! Today we have a really fun interview with Nato Riley of Blumira. He cut his IT/security teeth working for a cell phone company, exorcising malware demons out of workstations, and even building an email-based SIEM. He has had a very cool career path that involves embracing newbness, pushing aside imposter syndrome, and even begging for jobs! I think this interview can best be summed up by a direct quote from Nato: "Things absolutely go wrong, and I think that's what deters people from trying. But just because something goes wrong, doesn't mean you're necessarily going to die from it. So why not try?"

Episode 189 of the Unsecurity Podcast is now live! This week, Oscar and Brad are joined by Chris Furner and Jeremy Young with Blumira to discuss their perspectives on information security.New EvilProxy Phishing Service Allowing Cybercriminals to Bypass 2-Factor Securityhttps://thehackernews.com/2022/09/new-evilproxy-phishing-service-allowing.htmlTA505 Hackers Using TeslaGun Panel to Manage ServHelper Backdoor Attackshttps://thehackernews.com/2022/09/ta505-hackers-using-teslagun-panel-to.htmlGive episode 189 a listen or watch and send any questions, comments, or feedback to unsecurity@protonmail.com. Don't forget to like and subscribe!

Today we're so excited to welcome Amanda Berlin, Lead Incident Detection Engineer at Blumira, back to the show (did you miss Amanda's first appearance on the show?  Check it out here)!  You might already be familiar with Amanda's awesome Defensive Security Handbook or her work with the Mental Health Hackers organization.  Today we virtually sat down to tackle a variety of topics and questions, including: What if HAFNIUM2 comes out today and only affects 2 specific versions of Exchange?  Does Blumira buy every software/hardware thingy out there and have an evil scientist lab where they test out all these different exploits, and then create detections for them? Can an old, out-of-touch security guy like me still find a place at the Vegas hacker conferences (even though I hate lines, heat, crowds and partying)?  Spoiler alert: yes. Are security vendors more likely to share their software/hardware security services with a defensive security group like Blumira, rather than pentesters like 7MinSec? Does Amanda think there's a gender bias in the security industry? Besides being aware of it happening, what can we do to cut down the bullying/secure-splaining/d-baggery/etc. in the industry?

In this episode, host John Laurito talks with the CEO of Blumira, Jim Simpson, all about success and taking advantage of the opportunities they have in their life. Jim shares how he stepped outside his comfort zone, figuring out who he was and what shaped him to become the leader he is today.Jim Simpson joined Blumira in January as vice president of products. Over the past year, Simpson was responsible for guiding the company's strategic product roadmap to deliver the fastest time to security, with a focus on accessible, easy-to-use detection and response technology. With over two decades of experience growing successful security startups, Simpson previously led product management for the access security provider Duo Security, acquired by Cisco in 2018 for $2.35 billion. Before joining Duo, he led engineering and UX at the network security company Arbor Networks, acquired by NETSCOUT in 2015.Simpson's user-centric approach to solving customer problems is unique in an industry long known for overly complex, legacy solutions that often fail to protect organizations.Jim likes to look for the mystery in the world, and that comes in many forms: traveling, both locally on a bicycle and by planes, trains, and automobiles; creating, appreciating, and supporting art; and finally, sharing what he's learned via mentorship and coaching.Connect with Jim at:Website: https://www.blumira.com/LinkedIn: https://www.linkedin.com/in/gngrwsbi/Show notes:[1:59] Looking back on his life, what shaped who Jim is as a leader?[5:31] On stepping out of his comfort zone[11:45] Did he get to a point where he figured out who he really is as a leader?[16:28] Learning from his mistakes[19:24] Is there a time when a leader should display anger in an organization?[24:43] Good communication within the organization[29:14] What they do in Blumira[31:22] Where to find Jim[32:13] OutroGet a copy of Tomorrow's Leader on Amazon https://tinyurl.com/huseae9hText LEADER to 617-393-5383 to receive The Top 10 Things That The Best Leaders Are Doing Right NowFor questions, suggestions, or speaker inquiries, contact me at john@lauritogroup.com

Patch notes, and the risks associated with failure to patch. Finland's parliament comes under cyberattack. Killnet says there will be blood, but they may just be grandstanding for the home crowd. Cyberattacks against a UK firm that's criticized Russia's war. We're joined by FBI Cyber Division AD Bryan Vorndran and Adam Hickey, deputy assistant attorney general for the National Security Division with an introduction to Watchguard. Our guest is Matthew Warner from Blumira with tips on avoiding burnout. And not all criminal organizations are working for Russia. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/151 Selected reading. Already Exploited Zero-Day Headlines Microsoft Patch Tuesday (SecurityWeek)  Microsoft August 2022 Patch Tuesday fixes exploited zero-day, 121 flaws (BleepingComputer). IBM Patches High-Severity Vulnerabilities in Cloud, Voice, Security Products (SecurityWeek) Adobe Patch Tuesday: Code Execution Flaws in Acrobat, Reader (SecurityWeek)  ICS Patch Tuesday: Siemens, Schneider Electric Fix Only 11 Vulnerabilities (SecurityWeek)  VMSA-2022-0022 (VMware)  Emerson OpenBSI (CISA)  Emerson ControlWave (CISA) Mitsubishi Electric GT SoftGOT2000 (CISA)  Multiple attackers increase pressure on victims, complicate incident response (Sophos News) Life After Death—SmokeLoader Continues to Haunt Using Old Vulnerabilities (Fortinet Blog)  NBI launches probe into attack on Finnish Parliament site (Yle) Russian hacker warns cyberwarfare will turn deadly (Newsweek)  Russian hacker warns cyberwarfare will turn deadly (Newsweek) Suspected Russian cyber attack on British soil as firm subjected to ‘daily' hacks (The Telegraph) Meet DUMPS Forum: A pro-Ukraine, anti-Russia cybercriminal forum | Digital Shadows (Digital Shadows)

In this episode of The Gate 15 Interview, Andy Jabbour speaks with Amanda Berlin and Megan Roddie, cybersecurity leaders & mental health hackers, and they've got their hands in a lot more too!  Amanda is the Lead Incident Detection Engineer at Blumira and has worked in I.T. for almost her entire adult life. Before working at Blumira, Amanda's responsibilities have included infrastructure security, network hardware and software repair, email management, network/server troubleshooting and installation, purple teaming with a focus on phishing employees and organizational infrastructure as well as teaching employees about security and preventing exploits. She currently serves as the Chief Executive Officer for Mental Health Hackers and is the co-host of the Brakeing Down Security Podcast (BrakeSec Podcast, @brakesec)!  Megan is a Senior Security Engineer at IBM, Co-Author of SANS FOR509 and has worked in cybersecurity since graduating from Sam Houston State University (and while she was still a student!). Previous roles have been with the Texas Department of Public Safety, Recon InfoSec, and with IBM's X-Force. She currently serves as the Chief Financial Officer for Mental Health Hackers. Megan is also a Muay Thai fighter and coach.  Follow Mental Health Hackers on Twitter! @HackersHealth Follow Amanda on Twitter at @InfoSystir and on LinkedIn and follow Blumira on Twitter! Follow Megan on Twitter at @megan_roddie and on LinkedIn.  In the discussion we address:  Amanda & Megan's backgrounds and origin stories  Awesome tips for breaking into security!  DEFCON and how to score a free breakfast at DEFCON!!  Mental Health Hackers  The Brakeing Down Security podcast  Muay Thai, Musicals, Apples & Bannanas!  Fruits, music and so much more!  A few references mentioned in or relevant to our discussion include:  Mental Health Hackers website  Mental Health Hackers on Twitter! @HackersHealth  Amanda on Twitter at @InfoSystir and on LinkedIn.  Megan on Twitter at @megan_roddie and on LinkedIn.  Tom Williams on Twitter: @ginger_hax  Amanda's InfoSec Staples tweet - https://twitter.com/infosystir/status/972906318875983873?s=21&t=CCp0CmDgDcZXQVWtnpEXEA Blackhat USA 2022 - https://www.blackhat.com/us-22/defcon.html?_mc=sem_bhus_sem_bhus_x_tspr_Google_defcon30_bhusagcompetitvedefcon30_2022&gclid=Cj0KCQjwn4qWBhCvARIsAFNAMihsrClH8Aygi2UnTsbSus3teDdktlK2NiamBzyAORwM5nHcaE4pynwaArHkEALw_wcB  DEFCON 30 - https://defcon.org 10th Annual Brazilian Jiu-Jitsu Smackdown. A Brazilian Jiu-Jitsu event for information security professionals hosted by Jeremiah Grossman during Black Hat and Defcon - https://www.eventbrite.com/e/10th-annual-brazilian-jiu-jitsu-smackdown-tickets-348058561527 Amanda's Book! Defensive Security Handbook: Best Practices for Securing Infrastructure (1st Edition) - https://www.amazon.com/Defensive-Security-Handbook-Practices-Infrastructure/dp/1491960388 Megan's SANS Course! FOR509 Course Update - Introducing Google Workspace, the Multi-Cloud Intrusion Challenge - https://www.sans.org/blog/for509-course-update---introducing-google-workspace-the-multi-cloud-intrusion-challenge-and-more/

Join us for this valuable presentation featuring Jeremy Young | Director of Partner Strategy at Blumira alongside our host Ray Orsini of OITVOIP as we go over the SMB SIEM. SIEM is a four-letter word for most of those with previous experience with them. Tune In live as we go over how Blumira is making a solution that not only doesn't suck but actually enables MSPs to meet compliance and detection and response objectives, while still maintaining operational efficiency and providing an affordable option to clients. Be sure to follow our guest on LinkedIn and ask some questions for the event! Jeremy Young: https://www.linkedin.com/in/jyoung1216/ Blumira: https://www.blumira.com/

Join us for this valuable presentation featuring Jeremy Young | Director of Partner Strategy at Blumira alongside our host Ray Orsini of OITVOIP as we go over the SMB SIEM. SIEM is a four-letter word for most of those with previous experience with them. Tune In live as we go over how Blumira is making a solution that not only doesn't suck but actually enables MSPs to meet compliance and detection and response objectives, while still maintaining operational efficiency and providing an affordable option to clients. Be sure to follow our guest on LinkedIn and ask some questions for the event! Jeremy Young: https://www.linkedin.com/in/jyoung1216/ Blumira: https://www.blumira.com/

Today we're featuring a great interview with Matthew Warner, CTO and co-founder of Blumira. You might remember Matt from such podcasts as this one) when Matt gave us a fountain of info on why out-of-the-box Windows logging isn't awesome, and how to get it turned up to 11! Today, we talk about a cool report that Blumira put out called 2022 Blumira's State of Detection & Response, and dive into some interesting topics within it, including: How do companies like Blumira (who we rely on to stay on top of threats) keep their teams on top of threats? Why open source detections are a great starting point - but not a magic bullet Consider this "what if" - a C2 beacon lands on your prod file server in the middle of the work day. Do you take it down during a busy time to save/clean the box as much as possible? Or do you hope to be able to wait until the weekend and triage it on a weekend? Why annoying traffic/alerts are still worth having a conversation about. For example, if you RDP out of your environment and into Azure, that might be fine. But what about when you see an RDP connection going out to a Digital Ocean droplet? Should you care? Well, do you use Digital Ocean for legit biz purposes? Data exfiltration - where does it sit on your priority list? How hard is it to monitor/block? Common lateral movement tools/techniques Why honeypots rule!

Today we're pumped to share a featured interview with Amanda Berlin, Lead Incident Detection Engineer at Blumira. You might already be familiar with Amanda's awesome Defensive Security Handbook or fine work with Mental Health Hackers. We polled our Slack friends and structured this interview as an AAA (Ask Amanda Anything). That resulted in a really fun chat that covered many things technical and not technical! Questions we posed to Amanda include: Can you tell us more about your infosec superhero origin story and creation of your book? Will there ever be a new version of the Defensive Security Handbook? What blue team certs/YouTube vids/classes/conferences give the best bang for your buck? Was it a mistake to invent computers? From a logging standpoint, what devices provide blind spots (Linux systems, ioT devices, etc.)? You can wave a magic wand and solve any three security challenges instantly - what do you choose? Infosec Twitter drama. Love it? Leave it? Something inbetween? Tips to prevent business email compromise? How do we keep beloved family/friends (who keep falling prey to social engineering campaigns) safer on their computers and on the Web? Our company had a partial ransomware deployment a few years ago. Is changing Active Directory passwords changed and formatting affected systems enough? (Spoiler alert: no. See Microsoft's advice on the topic)

This week, we start the show off with an interview Mike Wilkes, Chief Information Security Officer at SecurityScorecard, for an interview about Third Party Risk Management! An interview featuring Amanda Berlin, Lead Incident Detection Engineer at Blumira! Finally, in the Security News for this week: Microsoft Zero-Days, Former Ethereum Developer Virgil Griffith Sentenced to 5+ Years in Prison for North Korea Trip, Chinese hackers are using VLC media player to launch malware, An update to Raspberry Pi OS Bullseye, Bearded Barbie hackers catfish high ranking Israeli officials & more! All that and more, on this episode of Paul's Security Weekly! This segment is sponsored by SecurityScorecard! Visit https://securityweekly.com/securityscorecard to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly  Show Notes: https://securityweekly.com/psw736

Amanda Berlin joins us to discuss what she's been up to since her last appearance on the show. It's only been a couple of years, but a lot has changed in that time. Tune in to hear about what changes the pandemic brought to the vision and operations of Mental Health Hackers, and how they pivoted to a virtual environment during this time. The crew talks about their experience going from traveling to 15-20+ conferences a year, down to hardly any conferences during Covid, and what their future plans are now that in-person events are coming back around. Amanda fills us in on her current role at Blumira, other business ventures, and where you can find her speaking/running a village in the near future!    Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw736

This week, we start the show off with an interview Mike Wilkes, Chief Information Security Officer at SecurityScorecard, for an interview about Third Party Risk Management! An interview featuring Amanda Berlin, Lead Incident Detection Engineer at Blumira! Finally, in the Security News for this week: Microsoft Zero-Days, Former Ethereum Developer Virgil Griffith Sentenced to 5+ Years in Prison for North Korea Trip, Chinese hackers are using VLC media player to launch malware, An update to Raspberry Pi OS Bullseye, Bearded Barbie hackers catfish high ranking Israeli officials & more! All that and more, on this episode of Paul's Security Weekly! This segment is sponsored by SecurityScorecard! Visit https://securityweekly.com/securityscorecard to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly  Show Notes: https://securityweekly.com/psw736

Amanda Berlin joins us to discuss what she's been up to since her last appearance on the show. It's only been a couple of years, but a lot has changed in that time. Tune in to hear about what changes the pandemic brought to the vision and operations of Mental Health Hackers, and how they pivoted to a virtual environment during this time. The crew talks about their experience going from traveling to 15-20+ conferences a year, down to hardly any conferences during Covid, and what their future plans are now that in-person events are coming back around. Amanda fills us in on her current role at Blumira, other business ventures, and where you can find her speaking/running a village in the near future!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw736

Today's featured interview is with Matthew Warner, CTO and co-founder of Blumira. We had a great chat about why out-of-the-box Windows logging isn't super awesome, "free" ways to get logging turned up to 11 (Microsoft's audit policy recommendations, sysmon, sysmon modular), as well as how to get better logging in hard-to-reach places like Kerberos. Be sure to also check out Blumira's resources on detecting Kerberoasting and simplifying Windows log collection and ongoing management with Poshim. And please check out the Webinar we did together which demonstrates some common pentest attacks - and how Blumira can detect them!

In this sponsored BDS episode, Bryan Brake and Amanda Berlin interview Emily Eubanks, a Security Operations Analyst for #Blumira. We discuss common business risks like IT staff turnover, a lack of Incident Response procedures, choosing not to follow PowerShell best practices, and MFA use for critical or sensitive applications. We also discuss ways to improve security posture to mitigate these risks as well as how Blumira can help organizations in light of these common business challenges. ADDITIONAL RESOURCES   OUR REDDIT AMA https://www.reddit.com/r/cybersecurity/comments/qao73j/we_are_a_security_team_with_20_years_of_ethical/    MFA https://attack.mitre.org/mitigations/M1032/  https://techcommunity.microsoft.com/t5/azure-active-directory-identity/your-pa-word-doesn-t-matter/ba-p/731984  https://www.yubico.com/blog/otp-vs-u2f-strong-to-stronger/    INCIDENT RESPONSE https://www.nist.gov/cyberframework/respond  https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf    POWERSHELL BEST PRACTICES https://www.blumira.com/analysis-of-a-threat-powershell-malicious-activity/  https://docs.microsoft.com/en-us/mem/configmgr/apps/deploy-use/learn-script-security  https://devblogs.microsoft.com/powershell/secrets-management-module-vault-extensions/  https://www.reddit.com/r/PowerShell/comments/g3b9h5/how_are_you_managing_secrets/    RISK: A lack of MFA where available or using SMS based MFA for critical applications. Please do not use SMS based MFA for critical applications. [6] [7] This is an easy layer of defense that has historically been very effective [5] One-Time Passwords (OTP) good but [8] FIDO U2F better Consider hardware tokens (e.g. Yubico YubiKey, Google Titan Security Key). MITIGATION:  Blumira requires use of MFA MFA related detections (e.g. AWS, Duo) BLUMIRA HELPS:   Incident Response Procedures   RISK: A lack of Incident Response Procedures or the decision to postpone incident response procedures because they would result in a disruption in service typically results in unfavorable outcomes. A written plan that identifies the roles, responsibilities, and procedures that should be set in motion once an incident has been declared.  If this is overwhelming to conceptualize, know there are a good amount of free and openly available resources already in existence to help with creations of new IR plans >> I highly recommend looking at NIST documentation to get an idea of what is possible and then scale to what is appropriate for your organization [4] The plan should be reviewed at a minimum once annually with everyone who is responsible for responding to incidents present. If anybody is unclear with their role, responsibilities or procedures then the Incident Response lead should work with them to get them there.  Incident Response procedures should be like a fire drill so that when there is a real fire, the team can work together to quickly put that fire out and minimize impact to the company and their customers. (Shoutout to the BDS podcast on drawing connections from fire fighting to Incident Response procedures with Dr. Catherine J. Ullman (@investigatorchi)) MITIGATION: Workflows Blumira helps with this by providing built-in guidance with workflows. Workflows ask direct questions and provide specific options to record responses to security findings to guide practitioners towards a conclusion. provides additional details to help operators make informed decisions in response to new findings. Finding analysis  BLUMIRA HELPS:   Recent or Frequent IT Staff Turnover   RISK: impedes troubleshooting logflow and/or investigations due the a lack of familiarity with the network environment Prevention might be the best solution? Giving your workers time during the work week to improve a work related skill can help identify when a team is reaching or exceeding their resource capacity. If your team is overworked they are more likely to make mistakes, will be less prepared to go the extra mile when it is needed because they'll already be tapped out of energy, and may be more likely to consider opportunities elsewhere. You want to limit keystone employees, meaning that if an employee leaves for whatever reason you do not want that employee's absence to cause a breakdown in processes for others. Redundancy is best here in most cases IMO. MITIGATION: Blumira works hard to create fewer, more actionable findings.  We strive to keep our alerts simple to provide the information that operators need to make informed decisions. We try to focus on findings that require action and provide workflows to provide additional guidance to help share recommendations on what to investigate next to evaluate the impact of a security event BLUMIRA HELPS:    PowerShell Scripting Best Practices   RISK: Detections will be less helpful if staff are frequently dismissing events in response to approved administrative behavior like maintenance scripts. Follow the PowerShell recommendations shared by Microsoft [1] including: Sign your scripts (lol Microsoft has this bolded by the way hint hint wink wink) “another method for keeping scripts security is vetting and signing your scripts Do not store secrets in PoSH scripts; if you are doing this you're gonna want to google “secrets management” [2] and learn more about how to secure store and access secrets across an enterprise environment  Briefly, there is a powershell module for vault secret extensions [3] some vault extensions include KeePass, LastPass, Hashicorp Vault, Azure KeyVault, KeyChain, and CredMan Use a recent version of Powershell (we are on version 7, but this article recommends 5+) Enable and collect powershell logs MITIGATION: Blumira detects on malicious powershell usage. BLUMIRA HELPS:     ADDITIONAL LINKS AND SOURCES:  [1] https://docs.microsoft.com/en-us/mem/configmgr/apps/deploy-use/learn-script-security  [2] https://www.reddit.com/r/PowerShell/comments/g3b9h5/how_are_you_managing_secrets/  [3] https://github.com/PowerShell/SecretManagement  [3] https://devblogs.microsoft.com/powershell/secrets-management-module-vault-extensions/  [4] https://www.nist.gov/cyberframework/respond  [5] https://attack.mitre.org/mitigations/M1032/  [6] https://techcommunity.microsoft.com/t5/azure-active-directory-identity/your-pa-word-doesn-t-matter/ba-p/731984  [7] https://www.zdnet.com/article/microsoft-urges-users-to-stop-using-phone-based-multi-factor-authentication/ [8] https://www.yubico.com/blog/otp-vs-u2f-strong-to-stronger/  https://www.blumira.com/analysis-of-a-threat-powershell-malicious-activity/

Amanda Berlin of Blumira speaks on malicious Powershell attacks and defense techniques.

 From Nato's email:Hi Bryan,   Discussing the challenges that come with not having good logging in place could be a great topic!  We could make it partly about how security maturity works, in the idea that security generally starts with awareness and visibility.   The topic sort of gets into the idea that knowing is half the battle, so logging can be transformative for helping a company properly secure themselves from online risks!   What do you think of this topic idea?   https://www.blumira.com/careers/ https://thenewstack.io/logging-and-monitoring-why-you-need-both/   https://prometheus.io/ https://www.sentinelone.com/blog/the-10-commandments-of-logging/   https://towardsdatascience.com/why-should-you-care-about-logging-442a195b80a1   https://www.g2.com/products/blumira-automated-detection-response/reviews#survey-response-4908309   (wouldn't you know it… a couple additional google searches, and I find this -brbr)https://www.executivegov.com/2021/08/omb-creates-maturity-framework-for-event-log-management/) https://insidecybersecurity.com/sites/insidecybersecurity.com/files/documents/2021/may/cs2021_0089c.pdf   Logging maturity in the US gov (OMB policy doc): https://www.whitehouse.gov/wp-content/uploads/2021/08/M-21-31-Improving-the-Federal-Governments-Investigative-and-Remediation-Capabilities-Related-to-Cybersecurity-Incidents.pdf   Are there examples of devices that don't give out logs? What if your vendor does not allow you to have logs? Can you create logs based on the activity of the device? What would that look like? Types of logs: Application logs Network logs Endpoint security logs OS logs IDS/IPS logs Vuln scanner logs  

Blumira is a leading cybersecurity provider of automated threat detection and response technology. Founded in Ann Arbor, Michigan, Blumira's cloud SIEM (security information and event management) helps mid-market organizations--often with limited security resources or expertise--to prevent, detect and respond to cybersecurity threats in near real-time. Blumira was recognized by G2 as a top cloud SIEM provider and placed in 20 categories including "Best Return on Investment (ROI)," "Fastest Implementation," and "Easiest to Use" in the G2 Spring 2021 Grid® Reports. Steve Fuller is Co-founder & CEO.

Blumira is a leading cybersecurity provider of automated threat detection and response technology. Founded in Ann Arbor, Michigan, Blumira's cloud SIEM (security information and event management) helps mid-market organizations--often with limited security resources or expertise--to prevent, detect and respond to cybersecurity threats in near real-time. Blumira was recognized by G2 as a top cloud SIEM provider and placed in 20 categories including "Best Return on Investment (ROI)," "Fastest Implementation," and "Easiest to Use" in the G2 Spring 2021 Grid® Reports. Steve Fuller is Co-founder & CEO.

In this episode I speak with Amanda Berlin, the Lead Incident Detection Engineer at Blumira, about her project Logmira. We discuss the benefits of enabling enhanced logging on Windows systems and how Logmira can streamline that process. Connect with Amanda Twitter: https://twitter.com/InfoSystir Mental Health Hackers: https://twitter.com/HackersHealth Logmira: https://github.com/Blumira/Logmira Blumira: https://twitter.com/blumirasec My Contact Info: Dustin@sysadminshow.com https://www.linkedin.com/in/dustinreybrouck/ … Continue reading "SAS 055 – Enhanced Windows Logging with Amanda Berlin" The post SAS 055 – Enhanced Windows Logging with Amanda Berlin first appeared on SysAdmin Show.

Matt Warner, Blumira CTO and Co-Founder, talks ransomware investigations.

GRC tools  (Governance Risk and Compliance)   @ki_twyce_   @TechSecChix   INfosec unplugged   Security Happy Hour   Eric's cyberpoppa show   Cyber Insight show - cohost   Blumira is hiring https://www.blumira.com/careers/  https://www.cio.com/article/3206607/what-is-grc-and-why-do-you-need-it.html   https://www.pwc.ch/en/insights/fs/10-pitfalls-when-implementing-grc-technology-and-how-to-avoid-them.html   https://www.oxial.com/all/how-to-go-about-choosing-your-grc-solution/   Why do we need a GRC tool? https://resilience.acoss.org.au/the-six-steps/managing-your-risks/risk-register   What are our business goals? (to make money... :D ) Are we mature enough to be measuring ourselves? How can we use this to be more efficient?   https://www.standardfusion.com/blog/the-future-of-grc-7-things-to-look-out-for/   Centralized Controls. ... Support for Future Standards. ... Automation Integrations (my add… helpdesk integrations,  3rd party) Scalability. ... Customizable Reporting. ... Flexibility. ... Task Delegation   GRC tool use in other areas   IT - makes more informed budget decisions, determines directions in business goals, asset mgmt Finance - Make better financial decisions, profitability Infosec-  vuln mgmt,  Compliance HR - determine hiring requirements Legal - ensures ethical management of the organization, reduces breach,    How do you implement GRC? https://www.crowe.com/insights/6-steps-for-a-successful-grc-implementation Step 0: everyone's input and use cases  Determine the total value gained by using a centralized GRC platform Missing data  Duplicate processes Duplicate data Manual steps that can be removed or automated Workflows to assist heavily manual areas such as communications, emails, approvals, and reporting Identify operational gaps to prioritize the areas you need to improve. Get your team on board with an effectively communicated plan. Build a strong foundation to support your GRC program Deploy a standardized GRC implementation across the board. Let the GRC framework evolve and grow after it's implemented.  

GRC tools  (Governance Risk and Compliance)   @ki_twyce_   @TechSecChix   INfosec unplugged   Security Happy Hour   Eric's cyberpoppa show   Cyber Insight show - cohost   Blumira is hiring https://www.blumira.com/careers/  https://www.cio.com/article/3206607/what-is-grc-and-why-do-you-need-it.html   https://www.pwc.ch/en/insights/fs/10-pitfalls-when-implementing-grc-technology-and-how-to-avoid-them.html   https://www.oxial.com/all/how-to-go-about-choosing-your-grc-solution/   Why do we need a GRC tool? https://resilience.acoss.org.au/the-six-steps/managing-your-risks/risk-register   What are our business goals? (to make money... :D ) Are we mature enough to be measuring ourselves? How can we use this to be more efficient?   https://www.standardfusion.com/blog/the-future-of-grc-7-things-to-look-out-for/   Centralized Controls. ... Support for Future Standards. ... Automation Integrations (my add… helpdesk integrations,  3rd party) Scalability. ... Customizable Reporting. ... Flexibility. ... Task Delegation   GRC tool use in other areas   IT - makes more informed budget decisions, determines directions in business goals, asset mgmt Finance - Make better financial decisions, profitability Infosec-  vuln mgmt,  Compliance HR - determine hiring requirements Legal - ensures ethical management of the organization, reduces breach,    How do you implement GRC? https://www.crowe.com/insights/6-steps-for-a-successful-grc-implementation Step 0: everyone's input and use cases  Determine the total value gained by using a centralized GRC platform Missing data  Duplicate processes Duplicate data Manual steps that can be removed or automated Workflows to assist heavily manual areas such as communications, emails, approvals, and reporting Identify operational gaps to prioritize the areas you need to improve. Get your team on board with an effectively communicated plan. Build a strong foundation to support your GRC program Deploy a standardized GRC implementation across the board. Let the GRC framework evolve and grow after it's implemented.      

This week Nato Riley from Blumira pays a visit to talk about the top threats to cloud computing.

Blumira-  Per crunchbase:“Blumira's end-to-end platform offers both automated threat detection and response, enabling organizations of any size to more efficiently defend against cybersecurity threats in near real-time. It eases the burden of alert fatigue, complexity of log management and lack of IT visibility. Blumira's cloud SIEM can be deployed in hours with broad integration coverage across cloud, endpoint protection, firewall and identity providers including Office 365, G Suite, Crowdstrike, Okta, Palo Alto, Cisco FTD and many others.” Contact sales@blumira.com   Patrick Garrity, VP of Operations. Patrick has years of experience in the security industry building and scaling usable security products. He currently leads Blumira's product, sales and marketing teams. Prior to joining Blumira, he led sales engineering, product marketing and international expansion for Duo Security. Twitter = @Thisisnottap   https://www.ibm.com/cloud/blog/top-5-advantages-of-software-as-a-service https://www.outsource2india.com/software/articles/software-as-a-service.asp   5 Advantages of SaaS Reduced time to benefit. Software as a service (SaaS) differs from the traditional model because the software (application) is already installed and configured. ... Lower costs. ... Scalability and integration. ... New releases (upgrades) ... Easy to use and perform proof-of-concepts. 5 Disadvantages of SaaS Insufficient Data Security. SaaS-based application model. Difficulty with Regulations Compliance.  Cumbersome Data Mobility.  Low Performance.  Troublesome Software Integration.   Limit Attack Surface https://www.wallix.com/blog/top-10-ways-to-limit-attack-surface https://www.okta.com/identity-101/what-is-an-attack-surface/ https://securityscorecard.com/blog/what-is-cyber-attack-surface-management

Amanda shares her insights and experience about why people don't test their SIEM (security information and event management), and explains why it is so important Connect with Amanda: https://www.linkedin.com/in/amandaberlin/ Visit her blog: https://infosystir.blogspot.com/ Visit Blumira: https://www.blumira.com/   Visit our website: https://www.shortarmsolutions.com/ You can also find us at: Linked In: https://www.linkedin.com/company/shortarmsolutions YouTube: https://www.youtube.com/channel/UCjUNoFuy6d1rouj_SBg3Qkw/featured Twitter: https://twitter.com/ShortArmSAS 

This week, Bob and Randy were joined by Patrick Garrity, VP of Operations at Blumira. We could have talked for hours, but we jumped around talking fun stuff like his 750k follower TikTok account being cancelled, and his love for skateboarding. We finished up by talking shop: data privacy tips and best methods of being secure, or at least having the visibility when you are not. Also in this episode, the guys shared their opinions of Masters of the Universe: Revelation and discussed that the show got review-bombed on Rotten Tomatoes. Bob also gave a warning about the show Sexy Beasts on Netflix. Again, always a great time and be sure to like us on the socials and subscribe everywhere fine podcasts are found.

https://www.linkedin.com/in/nato-riley/ (Nato Riley) is an Integrations Engineer at https://www.blumira.com/ (Blumira) and the Co-founder of https://cloudunderground.dev/ (Cloud Underground). Nato provides infrastructure, code, and security across all his efforts and is focused on helping Blumira build the most effective and efficient SIEM on the market for small to mid-sized businesses. He is the host of the “Nato as Code” and the "https://www.youtube.com/channel/UCnKbJ2vW3QYcLot2D1xeJmA (Cloud Underground)" productions on YouTube, the creator and maintainer of the Olympiad platform, and the founder of https://notiapoint.com/ (notiaPoint) (now known as https://cloudunderground.dev/ (Cloud Underground)). In this episode, we discuss starting in technology repairing computers, going to school for public speaking, finding passion in information security, trying too hard to pass certification tests, going out on his own, mentorships, burnout, diversity, and so much more. Where you can find Nato: https://www.linkedin.com/in/nato-riley/ (LinkedIn) https://twitter.com/NateRiles (Twitter) https://www.youtube.com/c/natoascode (Nato as Code - YouTube) https://www.youtube.com/channel/UCnKbJ2vW3QYcLot2D1xeJmA (Cloud Undeground - YouTube)

On this episode, we welcome Mike Behrmann, Director of Security at Blumira to talk with Cybrary's Director of Content, Will Carlson, about Workforce Development. Continuous professional development is an expectation at many growing companies today, but is it being made a priority? As Will and Mike discuss the moving target known as Cybersecurity, they delve into resume and job interview expectations, how to set goals that align with your cybersecurity journey, and the importance of cross training while finding your specialization.

For this episode, we welcome Amanda Berlin of Blumira. She is also the CEO of the non-profit organization Mental Health Hackers, and can be found on twitter at InfoSystir. Today, she tells us about a romance scam where she helped a friend finally understand she was being duped, and explains how these work, plus she'll tell us a little bit about a fifteen thousand dollar teddy bear.