Podcasts about enterprise security news

Segment 1 - Enterprise Security News, Live at IDV This week, in the enterprise security news, Acquisitions potential IPOs Terminator Salvation in real life First $1B one-employee business? Mikko puts in his notice Pitch Black in real life, and more! Segment 2 - Interview with Dr. Tina Srivastava The #1 cause of data breaches is stolen credentials. What if we didn't store credentials anymore? We explore Badge's innovative approach—which enables users to generate a private key on the fly instead of storing credentials—to enhance security, solve key use cases such as shared devices, and deliver measurable ROI. Additionally, we'll uncover the unavoidable recovery flow challenges, where users must rely on a pre-enrolled recovery device or fallback passwords, and discuss what this means for enterprise security and cost savings. By shifting the paradigm toward ephemeral key generation, Badge eliminates stored credentials, optimizes enterprise cost savings, and future-proofs authentication. Segment Resources: Mission-Driven Identity Innovation with Dr. Tina Srivastava Authenticate 2024 - Data Privacy & Accessibility with Tina Srivastava Lecture 2: Airplane Aerodynamics CyberArk/Badge Joint Solution Brief Badge Integration With Cisco Duo Delivers Unique, Hardware-less MFA Experience Passwordless Authentication without Secrets! Segment 3 - Interviews from RSAC 2025 Executive Interview with Saviynt Evolving compliance needs, overflowing tech stacks, and the ever-increasing number of types of enterprise identities — not to mention the complications resulting from business use of AI — means traditional identity platforms can't keep up with the needs of today's enterprises. Organizations need something smarter: converged, cloud-native and future-ready identity security that scales with enterprises as they grow, addressing their cybersecurity challenges today and in the future. Join us in this episode as we break down the shortcomings of legacy IAM and uncover how an intelligent, identity-centric approach sets enterprises on the path to success. Segment Resources: Learn more about The Saviynt Identity Cloud Identity Cloud solution brief This segment is sponsored by Saviynt! To learn more or get a free demo, please visit https://securityweekly.com/saviyntrsac Executive Interview with Ready1 Semperis has launched Ready1, a first-of-its-kind enterprise resilience platform designed to bring structure, speed, and coordination to cyber crisis management. The release of Ready1 coincides with Semperis' new global study, The State of Enterprise Cyber Crisis Readiness, which highlights a dangerous gap between perceived readiness and real-world response capabilities. This segment is sponsored by Ready1, powered by Semperis. Visit https://securityweekly.com/ready1rsac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-410

Segment 1 - Enterprise Security News, Live at IDV This week, in the enterprise security news, Acquisitions potential IPOs Terminator Salvation in real life First $1B one-employee business? Mikko puts in his notice Pitch Black in real life, and more! Segment 2 - Interview with Dr. Tina Srivastava The #1 cause of data breaches is stolen credentials. What if we didn't store credentials anymore? We explore Badge's innovative approach—which enables users to generate a private key on the fly instead of storing credentials—to enhance security, solve key use cases such as shared devices, and deliver measurable ROI. Additionally, we'll uncover the unavoidable recovery flow challenges, where users must rely on a pre-enrolled recovery device or fallback passwords, and discuss what this means for enterprise security and cost savings. By shifting the paradigm toward ephemeral key generation, Badge eliminates stored credentials, optimizes enterprise cost savings, and future-proofs authentication. Segment Resources: Mission-Driven Identity Innovation with Dr. Tina Srivastava Authenticate 2024 - Data Privacy & Accessibility with Tina Srivastava Lecture 2: Airplane Aerodynamics CyberArk/Badge Joint Solution Brief Badge Integration With Cisco Duo Delivers Unique, Hardware-less MFA Experience Passwordless Authentication without Secrets! Segment 3 - Interviews from RSAC 2025 Executive Interview with Saviynt Evolving compliance needs, overflowing tech stacks, and the ever-increasing number of types of enterprise identities — not to mention the complications resulting from business use of AI — means traditional identity platforms can't keep up with the needs of today's enterprises. Organizations need something smarter: converged, cloud-native and future-ready identity security that scales with enterprises as they grow, addressing their cybersecurity challenges today and in the future. Join us in this episode as we break down the shortcomings of legacy IAM and uncover how an intelligent, identity-centric approach sets enterprises on the path to success. Segment Resources: Learn more about The Saviynt Identity Cloud Identity Cloud solution brief This segment is sponsored by Saviynt! To learn more or get a free demo, please visit https://securityweekly.com/saviyntrsac Executive Interview with Ready1 Semperis has launched Ready1, a first-of-its-kind enterprise resilience platform designed to bring structure, speed, and coordination to cyber crisis management. The release of Ready1 coincides with Semperis' new global study, The State of Enterprise Cyber Crisis Readiness, which highlights a dangerous gap between perceived readiness and real-world response capabilities. This segment is sponsored by Ready1, powered by Semperis. Visit https://securityweekly.com/ready1rsac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-410

Segment 1 - Enterprise Security News, Live at IDV This week, in the enterprise security news, Acquisitions potential IPOs Terminator Salvation in real life First $1B one-employee business? Mikko puts in his notice Pitch Black in real life, and more! Segment 2 - Interview with Dr. Tina Srivastava The #1 cause of data breaches is stolen credentials. What if we didn't store credentials anymore? We explore Badge's innovative approach—which enables users to generate a private key on the fly instead of storing credentials—to enhance security, solve key use cases such as shared devices, and deliver measurable ROI. Additionally, we'll uncover the unavoidable recovery flow challenges, where users must rely on a pre-enrolled recovery device or fallback passwords, and discuss what this means for enterprise security and cost savings. By shifting the paradigm toward ephemeral key generation, Badge eliminates stored credentials, optimizes enterprise cost savings, and future-proofs authentication. Segment Resources: Mission-Driven Identity Innovation with Dr. Tina Srivastava Authenticate 2024 - Data Privacy & Accessibility with Tina Srivastava Lecture 2: Airplane Aerodynamics CyberArk/Badge Joint Solution Brief Badge Integration With Cisco Duo Delivers Unique, Hardware-less MFA Experience Passwordless Authentication without Secrets! Segment 3 - Interviews from RSAC 2025 Executive Interview with Saviynt Evolving compliance needs, overflowing tech stacks, and the ever-increasing number of types of enterprise identities — not to mention the complications resulting from business use of AI — means traditional identity platforms can't keep up with the needs of today's enterprises. Organizations need something smarter: converged, cloud-native and future-ready identity security that scales with enterprises as they grow, addressing their cybersecurity challenges today and in the future. Join us in this episode as we break down the shortcomings of legacy IAM and uncover how an intelligent, identity-centric approach sets enterprises on the path to success. Segment Resources: Learn more about The Saviynt Identity Cloud Identity Cloud solution brief This segment is sponsored by Saviynt! To learn more or get a free demo, please visit https://securityweekly.com/saviyntrsac Executive Interview with Ready1 Semperis has launched Ready1, a first-of-its-kind enterprise resilience platform designed to bring structure, speed, and coordination to cyber crisis management. The release of Ready1 coincides with Semperis' new global study, The State of Enterprise Cyber Crisis Readiness, which highlights a dangerous gap between perceived readiness and real-world response capabilities. This segment is sponsored by Ready1, powered by Semperis. Visit https://securityweekly.com/ready1rsac to learn more about them! Show Notes: https://securityweekly.com/esw-410

In this week's Enterprise Security News, Adrian, Tyler, and Katie discuss: 1. Tons of funding! 2. A notable acquisition! 3. The line is blurring between services and product firms 4. Apparently IronNet isn't dead? 5. The toxicity of Hero culture in tech 6. Knowing when to quit 7. AI-powered fraud is hitting close to home 8. Quantum snake oil is getting worse 9. Prompt injection 10. Are you being hacked by your washing machine? All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-348

In this week's Enterprise Security News, Adrian, Tyler, and Katie discuss: 1. Tons of funding! 2. A notable acquisition! 3. The line is blurring between services and product firms 4. Apparently IronNet isn't dead? 5. The toxicity of Hero culture in tech 6. Knowing when to quit 7. AI-powered fraud is hitting close to home 8. Quantum snake oil is getting worse 9. Prompt injection 10. Are you being hacked by your washing machine? All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-348

In the Enterprise Security News, 1. Check Point buys Perimeter 81 to augment its cybersecurity 2. 2023 Layoff Tracker: SecureWorks Cuts 300 Jobs 3. Hackers Rig Casino Card-Shuffling Machines for ‘Full Control' Cheating 4. ‘DoubleDrive' attack turns Microsoft OneDrive into ransomware 5. NYC bans TikTok on city-owned devices   As more organizations explore edge computing, understanding the entire ecosystem is paramount for bolstering security and resiliency, especially within a critical industry like healthcare. In this segment, Theresa Lanowitz, Head of Cybersecurity Evangelism at AT&T Business, will provide a deep dive into the state of edge computing—specifically, how it is revolutionizing healthcare. She will discuss key findings from the “2023 AT&T Cybersecurity Insights™ Report: Focus on Healthcare” and provide insight into how to prepare for securing the healthcare edge ecosystem. This segment is sponsored by AT&T Cybersecurity. Visit https://securityweekly.com/attcybersecuritybh to learn more about them!     With Active Directory (AD) exploited in 9 out of 10 cyberattacks, delaying AD modernization—especially after a merger or acquisition—can compound security risks. Security is the most compelling reason to migrate to a pristine AD forest or perform an AD forest or domain consolidation, but many organizations delay such projects due to the effort and planning they require. Security Weekly talks with Semperis CEO Mickey Bresman about the keys to a smooth and secure AD modernization strategy. This segment is sponsored by Semperis. Visit https://securityweekly.com/semperisbh to learn more about them!   Security organizations are increasingly adopting data lakes and cloud services as additions or alternatives to traditional SIEMs, but face challenges like scarcity of data engineering expertise and high data ingestion and cloud compute costs. To overcome these, a new security data stack is emerging, guided by models like SecDataOps and supported by solutions like Tenzir, purpose-built for security data use cases. In this segment, we will be talking about what is driving the heavy use of data in security operations, why that is stressing traditional security operations tools and processes, and what some early-adopter organizations are doing to meet these challenges.  This segment is sponsored by Tenzir. Visit https://securityweekly.com/tenzirbh to learn more about them!   The rapid growth of APIs used to build microservices in cloud-native architecture has left many enterprises in the dark when it comes to knowing where, how many, and what types of APIs they have. With multiple teams creating their own API endpoints without shared visibility or governance, exposed APIs can become a critical threat vector for hackers to exploit. Edgio's new advanced API security capabilities give customers integrated and unparalleled protection at the edge, protecting APIs that are critical to modern businesses. Edgio delivers these services as part of its fully integrated holistic Web Application and API protection solutions giving customers the ability to respond to threats quicker. An edge-enabled holistic security platform can effectively reduce the attack surface, and improve the effectiveness of the defense while reducing the latency of critical web applications via its multi-layered defense approach. Edgio's security platform “shrinks the haystacks” so that organizations can better focus on delivering key business outcomes. This segment is sponsored by Edgio. Visit https://securityweekly.com/edgiobh to learn more about them!   Offensive security is a proactive approach that identifies weaknesses using the same exploitation techniques as threat actors. It combines vulnerability management with pen testing and red team operations to “expose and close” vulnerabilities before they are exploited. This segment is sponsored by Fortra. Visit https://securityweekly.com/fortrabh to learn more about them!     Join us at Black Hat as we delve into the world of Managed Detection and Response (MDR) providers. In this podcast, we'll explore the critical factors to consider when selecting an MDR provider, uncover the common shortcomings in their services, and discuss the necessary evolution required to ensure ongoing effectiveness and enhanced value for customers. Get ready to unravel the complexities of MDR and gain insights into the future of this vital cybersecurity solution.     This segment is sponsored by Critical Start.  Visit https://securityweekly.com/criticalstartbh to learn more about them!     Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly  Like us on Facebook: https://www.facebook.com/secweekly   Visit https://www.securityweekly.com/esw for all the latest episodes!  Show Notes: https://securityweekly.com/esw-328

In the Enterprise Security News, 1. Check Point buys Perimeter 81 to augment its cybersecurity 2. 2023 Layoff Tracker: SecureWorks Cuts 300 Jobs 3. Hackers Rig Casino Card-Shuffling Machines for ‘Full Control' Cheating 4. ‘DoubleDrive' attack turns Microsoft OneDrive into ransomware 5. NYC bans TikTok on city-owned devices As more organizations explore edge computing, understanding the entire ecosystem is paramount for bolstering security and resiliency, especially within a critical industry like healthcare. In this segment, Theresa Lanowitz, Head of Cybersecurity Evangelism at AT&T Business, will provide a deep dive into the state of edge computing—specifically, how it is revolutionizing healthcare. She will discuss key findings from the “2023 AT&T Cybersecurity Insights™ Report: Focus on Healthcare” and provide insight into how to prepare for securing the healthcare edge ecosystem. With Active Directory (AD) exploited in 9 out of 10 cyberattacks, delaying AD modernization—especially after a merger or acquisition—can compound security risks. Security is the most compelling reason to migrate to a pristine AD forest or perform an AD forest or domain consolidation, but many organizations delay such projects due to the effort and planning they require. Security Weekly talks with Semperis CEO Mickey Bresman about the keys to a smooth and secure AD modernization strategy. Security organizations are increasingly adopting data lakes and cloud services as additions or alternatives to traditional SIEMs, but face challenges like scarcity of data engineering expertise and high data ingestion and cloud compute costs. To overcome these, a new security data stack is emerging, guided by models like SecDataOps and supported by solutions like Tenzir, purpose-built for security data use cases. In this segment, we will be talking about what is driving the heavy use of data in security operations, why that is stressing traditional security operations tools and processes, and what some early-adopter organizations are doing to meet these challenges.   The rapid growth of APIs used to build microservices in cloud-native architecture has left many enterprises in the dark when it comes to knowing where, how many, and what types of APIs they have. With multiple teams creating their own API endpoints without shared visibility or governance, exposed APIs can become a critical threat vector for hackers to exploit. Edgio's new advanced API security capabilities give customers integrated and unparalleled protection at the edge, protecting APIs that are critical to modern businesses. Edgio delivers these services as part of its fully integrated holistic Web Application and API protection solutions giving customers the ability to respond to threats quicker. An edge-enabled holistic security platform can effectively reduce the attack surface, and improve the effectiveness of the defense while reducing the latency of critical web applications via its multi-layered defense approach. Edgio's security platform “shrinks the haystacks” so that organizations can better focus on delivering key business outcomes. Offensive security is a proactive approach that identifies weaknesses using the same exploitation techniques as threat actors. It combines vulnerability management with pen testing and red team operations to “expose and close” vulnerabilities before they are exploited. Join us at Black Hat as we delve into the world of Managed Detection and Response (MDR) providers. In this podcast, we'll explore the critical factors to consider when selecting an MDR provider, uncover the common shortcomings in their services, and discuss the necessary evolution required to ensure ongoing effectiveness and enhanced value for customers. Get ready to unravel the complexities of MDR and gain insights into the future of this vital cybersecurity solution. This segment is sponsored by AT&T Cybersecurity. Visit https://securityweekly.com/attcybersecuritybh to learn more about them! This segment is sponsored by Semperis. Visit https://securityweekly.com/semperisbh to learn more about them! This segment is sponsored by Tenzir. Visit https://securityweekly.com/tenzirbh to learn more about them! This segment is sponsored by Critical Start.  Visit https://securityweekly.com/criticalstartbh to learn more about them! This segment is sponsored by Edgio. Visit https://securityweekly.com/edgiobh to learn more about them! This segment is sponsored by Fortra. Visit https://securityweekly.com/fortrabh to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly  Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/esw for all the latest episodes!  Show Notes: https://securityweekly.com/esw-328

While malware and ransomware tend to dominate cybersecurity headlines, Fortra's research shows that nearly 99% of email threats reaching corporate inboxes utilize impersonation rather than malware. Email impersonation is a key component of credential phishing, advance fee fraud, hybrid vishing, and business email compromise schemes. Because email impersonation scams rely on social engineering rather than technology, the barrier to entry for an aspiring cybercriminal is almost non-existent. In this segment, we'll explore strategies for defending against email impersonation. Segment Resources: [Fortra Cybersecurity Learning Resources](https://www.fortra.com/resources/cybersecurity-education?code=cmp-0000012210&ls=717710002&utm_source=cyberrisk-alliance&utm_medium=contsynd&utm_campaign=ft-brand-awareness) [2023 BEC Trends, Targets, and Changes in Techniques](https://static.fortra.com/agari/pdfs/report/fta-ag-2023-bec-trends-targets-changes-in-techniques-rp.pdf) This segment is sponsored by Fortra. Visit https://securityweekly.com/fortra to learn more about them! Fareedah Shaheed, aka CyberFareedah, has dedicated herself to educating the public on online safety. Today, we'll talk about the challenges she has faced in building a training company from scratch, targeting both consumers, and private business. Her journey is interesting from multiple perspectives: as a business owner, an immigrant, becoming an influencer, and establishing herself as a cybersecurity thought leader - all within less than half a decade! This week in the Enterprise Security News: we discuss securing open source, Cyberinsurance, Hackerone Layoffs, and whether or not Sharks have noses!  Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/esw-326

While malware and ransomware tend to dominate cybersecurity headlines, Fortra's research shows that nearly 99% of email threats reaching corporate inboxes utilize impersonation rather than malware. Email impersonation is a key component of credential phishing, advance fee fraud, hybrid vishing, and business email compromise schemes. Because email impersonation scams rely on social engineering rather than technology, the barrier to entry for an aspiring cybercriminal is almost non-existent. In this segment, we'll explore strategies for defending against email impersonation. Segment Resources: [Fortra Cybersecurity Learning Resources](https://www.fortra.com/resources/cybersecurity-education?code=cmp-0000012210&ls=717710002&utm_source=cyberrisk-alliance&utm_medium=contsynd&utm_campaign=ft-brand-awareness) [2023 BEC Trends, Targets, and Changes in Techniques](https://static.fortra.com/agari/pdfs/report/fta-ag-2023-bec-trends-targets-changes-in-techniques-rp.pdf) This segment is sponsored by Fortra. Visit https://securityweekly.com/fortra to learn more about them! Fareedah Shaheed, aka CyberFareedah, has dedicated herself to educating the public on online safety. Today, we'll talk about the challenges she has faced in building a training company from scratch, targeting both consumers, and private business. Her journey is interesting from multiple perspectives: as a business owner, an immigrant, becoming an influencer, and establishing herself as a cybersecurity thought leader - all within less than half a decade! This week in the Enterprise Security News: we discuss securing open source, Cyberinsurance, Hackerone Layoffs, and whether or not Sharks have noses!  Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/esw-326

This week in the Enterprise Security News: we discuss securing open source, Cyberinsurance, Hackerone Layoffs, and whether or not Sharks have noses!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-326 

This week in the Enterprise Security News: we discuss securing open source, Cyberinsurance, Hackerone Layoffs, and whether or not Sharks have noses!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-326 

Discuss observations and trends across the venture capital ecosystem as it pertains to cybersecurity. This will include a re-cap in how 2022 ended, what we saw in Q12023, and what we expect from an investing standpoint. Segment Resources: https://forgepointcap.com/   With over 1 billion records exposed in just the top 35 breaches, over $2.6 billion stolen in the top nine cryptocurrency breaches, and over $2.7 billion in fines levied to the top 35 violators, lessons abound for security teams. We will walk through some of the biggest trends in last year's data breaches and privacy violations, and we'll talk about what security leaders can learn from these events. Segment Resources: https://www.forrester.com/blogs/2022-breaches-and-fines-offer-lessons-to-security-leaders   In the Enterprise Security News, Lots of funding announcements and new companies, Private Equity acquires Maltego, Cinven acquires RSA Archer Comcast launches a security product, Zscaler has beef with Gartner, CISA releases updated Zero Trust Model, Amazon jumps into the AI LLM fray, AutoGPT stretches the imagination and potential use cases, The Ever Changing API security market, New security books just released, Zombie birds!    Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/esw314 

Discuss observations and trends across the venture capital ecosystem as it pertains to cybersecurity. This will include a re-cap in how 2022 ended, what we saw in Q12023, and what we expect from an investing standpoint. Segment Resources: https://forgepointcap.com/   With over 1 billion records exposed in just the top 35 breaches, over $2.6 billion stolen in the top nine cryptocurrency breaches, and over $2.7 billion in fines levied to the top 35 violators, lessons abound for security teams. We will walk through some of the biggest trends in last year's data breaches and privacy violations, and we'll talk about what security leaders can learn from these events. Segment Resources: https://www.forrester.com/blogs/2022-breaches-and-fines-offer-lessons-to-security-leaders   In the Enterprise Security News, Lots of funding announcements and new companies, Private Equity acquires Maltego, Cinven acquires RSA Archer Comcast launches a security product, Zscaler has beef with Gartner, CISA releases updated Zero Trust Model, Amazon jumps into the AI LLM fray, AutoGPT stretches the imagination and potential use cases, The Ever Changing API security market, New security books just released, Zombie birds!    Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/esw314 

In the Enterprise Security News, Lots of funding announcements and new companies, Private Equity acquires Maltego, Cinven acquires RSA Archer Comcast launches a security product, Zscaler has beef with Gartner, CISA releases updated Zero Trust Model, Amazon jumps into the AI LLM fray, AutoGPT stretches the imagination and potential use cases, The Ever Changing API security market, New security books just released, Zombie birds!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw314 

In the Enterprise Security News, Lots of funding announcements and new companies, Private Equity acquires Maltego, Cinven acquires RSA Archer Comcast launches a security product, Zscaler has beef with Gartner, CISA releases updated Zero Trust Model, Amazon jumps into the AI LLM fray, AutoGPT stretches the imagination and potential use cases, The Ever Changing API security market, New security books just released, Zombie birds!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw314 

Security teams struggle with managing cyber risk across cloud workloads, services, resources, users, and applications. Parag will discuss the issues this presents and how Qualys' new TotalCloud solution allows organizations to see all their cloud resources, relationships between resources, the external attack surface, and attack path mapping all delivered via one platform. Segment Resources: Qualys TotalCloud free trial: https://www.qualys.com/forms/totalcloud/ TotalCloud Video: https://vimeo.com/765771406 Blogs: https://blog.qualys.com/product-tech/2022/11/01/introducing-totalcloud-cloud-security-simplified https://blog.qualys.com/product-tech/2022/11/01/why-is-snapshot-scanning-not-enough   This segment is sponsored by Qualys. Visit https://securityweekly.com/qualys to learn more about them!   A brief roundup of our favorite news, trends, and interviews in 2022! See what Adrian, Katherine, and Sean have to say about 2022's best interviews and news stories!   Finally, in the last Enterprise Security News of 2022, We see our first Security Unicorn with a down round, A few new fundings and new companies emerging, Ninjas emerge from stealth, Proofpoint acquires deception detection vendor Illusive, Veracode picks up Crashtest Security, Apple encrypts more consumer data, Passkeys introduced in Chrome, Texas bans TikTok, A great post-mortem of the Joe Sullivan case, Infragard gets hacked, KringleCon 2022.   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/esw300

Security teams struggle with managing cyber risk across cloud workloads, services, resources, users, and applications. Parag will discuss the issues this presents and how Qualys' new TotalCloud solution allows organizations to see all their cloud resources, relationships between resources, the external attack surface, and attack path mapping all delivered via one platform. Segment Resources: Qualys TotalCloud free trial: https://www.qualys.com/forms/totalcloud/ TotalCloud Video: https://vimeo.com/765771406 Blogs: https://blog.qualys.com/product-tech/2022/11/01/introducing-totalcloud-cloud-security-simplified https://blog.qualys.com/product-tech/2022/11/01/why-is-snapshot-scanning-not-enough   This segment is sponsored by Qualys. Visit https://securityweekly.com/qualys to learn more about them!   A brief roundup of our favorite news, trends, and interviews in 2022! See what Adrian, Katherine, and Sean have to say about 2022's best interviews and news stories!   Finally, in the last Enterprise Security News of 2022, We see our first Security Unicorn with a down round, A few new fundings and new companies emerging, Ninjas emerge from stealth, Proofpoint acquires deception detection vendor Illusive, Veracode picks up Crashtest Security, Apple encrypts more consumer data, Passkeys introduced in Chrome, Texas bans TikTok, A great post-mortem of the Joe Sullivan case, Infragard gets hacked, KringleCon 2022.   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/esw300

Finally, in the last Enterprise Security News of 2022, We see our first Security Unicorn with a down round, A few new fundings and new companies emerging, Ninjas emerge from stealth, Proofpoint acquires deception detection vendor Illusive, Veracode picks up Crashtest Security, Apple encrypts more consumer data, Passkeys introduced in Chrome, Texas bans TikTok, A great post-mortem of the Joe Sullivan case, Infragard gets hacked, KringleCon 2022.   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw300

In the Enterprise Security News, Fortanix raises a $90 series C for data security, Cyrebro raises a $40M series C for MSSP SOC solutions, Dig Security raises a $34M series A (yes, this is a repeat from last week, but we didn't get a chance to talk about it), Internet 2.0 gets funded??? (probably not what you think), How to hire and build your cybersecurity team, The NSA gives some bad advice on securing software, Courtroom Drama, & Oracle makes a really bad whoopsie! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw289

This week, Jonathan Roizin from Flow Security joins to discuss what this new security category is all about and how it differs from the OG, false positive heavy DLP we'd all rather forget! Data Security Posture Management (DSPM) is not your dad's DLP. This new category has emerged to tackle one of the toughest areas of security: protecting data. Then, Based on what we know so far (which is limited and could change), the Uber breach appears to be a classic example of how penetration testers and criminals alike break into large organizations. In this segment, we'll discuss how the attack happened. We'll go over the controls that failed, why they failed, and what Uber could have done to prevent or detect this attack. Then, in the Enterprise Security News, Fortanix raises a $90 series C for data security, Cyrebro raises a $40M series C for MSSP SOC solutions, Dig Security raises a $34M series A (yes, this is a repeat from last week, but we didn't get a chance to talk about it), Internet 2.0 gets funded??? (probably not what you think), How to hire and build your cybersecurity team, The NSA gives some bad advice on securing software, Courtroom Drama, & Oracle makes a really bad whoopsie! Segment Resources: Flow's blog post - "5 Key Takeaways About DSPM From the Gartner® Hype Cycle™ For Data Security, 2022": https://www.flowsecurity.com/gartner-dspm/  Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/esw289

This week, Jonathan Roizin from Flow Security joins to discuss what this new security category is all about and how it differs from the OG, false positive heavy DLP we'd all rather forget! Data Security Posture Management (DSPM) is not your dad's DLP. This new category has emerged to tackle one of the toughest areas of security: protecting data. Then, Based on what we know so far (which is limited and could change), the Uber breach appears to be a classic example of how penetration testers and criminals alike break into large organizations. In this segment, we'll discuss how the attack happened. We'll go over the controls that failed, why they failed, and what Uber could have done to prevent or detect this attack. Then, in the Enterprise Security News, Fortanix raises a $90 series C for data security, Cyrebro raises a $40M series C for MSSP SOC solutions, Dig Security raises a $34M series A (yes, this is a repeat from last week, but we didn't get a chance to talk about it), Internet 2.0 gets funded??? (probably not what you think), How to hire and build your cybersecurity team, The NSA gives some bad advice on securing software, Courtroom Drama, & Oracle makes a really bad whoopsie! Segment Resources: Flow's blog post - "5 Key Takeaways About DSPM From the Gartner® Hype Cycle™ For Data Security, 2022": https://www.flowsecurity.com/gartner-dspm/   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/esw289

In the Enterprise Security News for this week: Funding rounds are back!, Bitwarden rasies $100M for password management Cymulate raises $70M, and a ton more Series A, Series B, and Seed announcements from vendors just coming out of stealth, Ethereum's merge completes and moves to proof of stake, Some updates on the Twitterpocalypse, The latest in annoying buzzword innovation, and some Cyber Insurance trends that I promise are interesting!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw288

Enterprise browsers are a new addition into the endpoint security market. Combining enhanced features not in the existing browsers, with centralized reporting and controls, they're promising to bring a better experience to the users and a more secure delivery of applications to the companies who use them. What's real, what's "vision", and what makes them different than all the other solutions that promise to "secure the browsing experience".   In the Enterprise Security News for this week: Funding rounds are back!, Bitwarden rasies $100M for password management Cymulate raises $70M, and a ton more Series A, Series B, and Seed announcements from vendors just coming out of stealth, Ethereum's merge completes and moves to proof of stake, Some updates on the Twitterpocalypse, The latest in annoying buzzword innovation, and some Cyber Insurance trends that I promise are interesting!   Attackers have been targeting Active Directory for years and more recently set their sights on Azure AD & Microsoft Office 365. There are ways to tighten up these platforms beyond the default configuration and greatly improve the security posture. Segment Resources: Trimarc Webcast on how to quickly level up Active Directory security: https://www.hub.trimarcsecurity.com/post/webcast-top-10-ways-to-improve-active-directory-security-quickly Performing your own Active Directory Security Review - article and PowerShell tool: https://www.hub.trimarcsecurity.com/post/securing-active-directory-performing-an-active-directory-security-review Trimarc Content Hub: https://hub.trimarcsecurity.com   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/esw288

Enterprise browsers are a new addition into the endpoint security market. Combining enhanced features not in the existing browsers, with centralized reporting and controls, they're promising to bring a better experience to the users and a more secure delivery of applications to the companies who use them. What's real, what's "vision", and what makes them different than all the other solutions that promise to "secure the browsing experience".   In the Enterprise Security News for this week: Funding rounds are back!, Bitwarden rasies $100M for password management Cymulate raises $70M, and a ton more Series A, Series B, and Seed announcements from vendors just coming out of stealth, Ethereum's merge completes and moves to proof of stake, Some updates on the Twitterpocalypse, The latest in annoying buzzword innovation, and some Cyber Insurance trends that I promise are interesting!   Attackers have been targeting Active Directory for years and more recently set their sights on Azure AD & Microsoft Office 365. There are ways to tighten up these platforms beyond the default configuration and greatly improve the security posture. Segment Resources: Trimarc Webcast on how to quickly level up Active Directory security: https://www.hub.trimarcsecurity.com/post/webcast-top-10-ways-to-improve-active-directory-security-quickly Performing your own Active Directory Security Review - article and PowerShell tool: https://www.hub.trimarcsecurity.com/post/securing-active-directory-performing-an-active-directory-security-review Trimarc Content Hub: https://hub.trimarcsecurity.com   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/esw288

This week, we start off the show by welcoming Ryan Fried to discuss how Security analysts can move past traditional Indicators of Compromise from threat intel like domains, hashes, URLs, and IP addresses. These indicators typically aren't valid shortly after the incidents happen. Modern threat hunting by doing things like reading recent and relevant security articles, pull out behaviors that attackers are doing like commands such as net group "domain admins" or RDPing from workstation to workstation and translating those to threat hunting queries. Then, Joeseph Carson joins to discuss following in the footsteps of an attacker and uncovering their digital footprints, this episode will uncover an attacker's techniques used and how they went from zero to full domain admin compromise, which resulted in a nasty ransomware incident. It will also cover general lessons learned from Ransomware Incident Response. Finally, in the Enterprise Security News, Normalyze and Flow Security raise money to protect data, Axio and Lumu raise money to assess risk, Bitsight intends to acquire ThirdPartyTrust, Flashpoint acquires Echosec Systems, ZeroFox goes public, Rumble rebrands as runZero, Trusting Amazon with medical records, Taking cryptocurrency off the (payment) menu, AWS's CISO tells us why AWS is so much better than their competitors, and an ancient dial-up Internet service returns! Visit https://www.securityweekly.com/esw for all the latest episodes! Segment Resources: https://www.scythe.io/library/operationalizing-red-canarys-2022-threat-detection-report https://www.itbrew.com/stories/2022/05/09/quantum-ransomware-can-now-move-from-entry-to-encryption-in-under-four-hours?utm_campaign=itb&utm_medium=newsletter&utm_source=morning_brew&mid=1e3360a49c0b72a4c0e4550356ffee54 https://www.cisa.gov/uscert/ncas/alerts/aa22-181a Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw287

This week, we start off the show by welcoming Ryan Fried to discuss how Security analysts can move past traditional Indicators of Compromise from threat intel like domains, hashes, URLs, and IP addresses. These indicators typically aren't valid shortly after the incidents happen. Modern threat hunting by doing things like reading recent and relevant security articles, pull out behaviors that attackers are doing like commands such as net group "domain admins" or RDPing from workstation to workstation and translating those to threat hunting queries. Then, Joeseph Carson joins to discuss following in the footsteps of an attacker and uncovering their digital footprints, this episode will uncover an attacker's techniques used and how they went from zero to full domain admin compromise, which resulted in a nasty ransomware incident. It will also cover general lessons learned from Ransomware Incident Response. Finally, in the Enterprise Security News, Normalyze and Flow Security raise money to protect data, Axio and Lumu raise money to assess risk, Bitsight intends to acquire ThirdPartyTrust, Flashpoint acquires Echosec Systems, ZeroFox goes public, Rumble rebrands as runZero, Trusting Amazon with medical records, Taking cryptocurrency off the (payment) menu, AWS's CISO tells us why AWS is so much better than their competitors, and an ancient dial-up Internet service returns! Visit https://www.securityweekly.com/esw for all the latest episodes! Segment Resources: https://www.scythe.io/library/operationalizing-red-canarys-2022-threat-detection-report https://www.itbrew.com/stories/2022/05/09/quantum-ransomware-can-now-move-from-entry-to-encryption-in-under-four-hours?utm_campaign=itb&utm_medium=newsletter&utm_source=morning_brew&mid=1e3360a49c0b72a4c0e4550356ffee54 https://www.cisa.gov/uscert/ncas/alerts/aa22-181a Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw287

In the Enterprise Security News, Cyber insurance joins the Unicorn club, Bishop Fox raises a $75M Series B, A dozen more funding rounds, XM Cyber acquires Cyber Observer, Zendesk gets bought by private equity, 5 more rounds of cybersecurity layoffs, Some very interesting new products - both open source and commercial, Survival of the Quickest, And a ransom victim earning money from its payment??   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw280

In the Enterprise Security News, Cyber insurance joins the Unicorn club, Bishop Fox raises a $75M Series B, A dozen more funding rounds, XM Cyber acquires Cyber Observer, Zendesk gets bought by private equity, 5 more rounds of cybersecurity layoffs, Some very interesting new products - both open source and commercial, Survival of the Quickest, And a ransom victim earning money from its payment?? How surreal it is for the industry to return to RSA event in person... what changed or transformed fundamentally ... etc. Specific impacts around the areas of ZTNA, SOC, and OT security. This segment is sponsored by Barracuda Networks. Visit https://securityweekly.com/barracuda to learn more about them!   Merritt Maxim discusses the latest trends on identity access and how organizations should tackle the ever expanding user security challenges.   Connected devices outnumber us humans two to one, a ratio that is on an accelerating growth curve. Risks associated with device counterfeiting and cyberattacks is also growing rapidly and now represent very real real risks to economies, national security, our critical infrastructure, and our very lives. One necessary component for addressing this threat is establishing a verifiable and immutable device identification and lifecycle reporting system. Segment Resources: Number of mobile devices worldwide 2020-2025: https://www.statista.com/statistics/245501/multiple-mobile-device-ownership-worldwide/ UCID Website - https://www.ucidentifier.io/   Visit https://www.securityweekly.com/esw for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/esw280

In the Enterprise Security News, Cyber insurance joins the Unicorn club, Bishop Fox raises a $75M Series B, A dozen more funding rounds, XM Cyber acquires Cyber Observer, Zendesk gets bought by private equity, 5 more rounds of cybersecurity layoffs, Some very interesting new products - both open source and commercial, Survival of the Quickest, And a ransom victim earning money from its payment?? How surreal it is for the industry to return to RSA event in person... what changed or transformed fundamentally ... etc. Specific impacts around the areas of ZTNA, SOC, and OT security. This segment is sponsored by Barracuda Networks. Visit https://securityweekly.com/barracuda to learn more about them!   Merritt Maxim discusses the latest trends on identity access and how organizations should tackle the ever expanding user security challenges.   Connected devices outnumber us humans two to one, a ratio that is on an accelerating growth curve. Risks associated with device counterfeiting and cyberattacks is also growing rapidly and now represent very real real risks to economies, national security, our critical infrastructure, and our very lives. One necessary component for addressing this threat is establishing a verifiable and immutable device identification and lifecycle reporting system. Segment Resources: Number of mobile devices worldwide 2020-2025: https://www.statista.com/statistics/245501/multiple-mobile-device-ownership-worldwide/ UCID Website - https://www.ucidentifier.io/   Visit https://www.securityweekly.com/esw for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/esw280

This episode, in the first segment Matt McGuirk, Solution Architect at Source Defense, joins to discuss Understanding Web Application Client-Side Risk! Then, we are joined by Ian Glazer, the SVP of Product Management, Identity at Salesforce, to talk about Salesforce's Journey Towards Complete Customer MFA! Finally, in the Enterprise Security News, Funding is back, in preparation for RSA! Devo raises $100M and becomes our 56th unicorn, JupiterOne raises $70M and becomes our 57th unicorn! Open source projects get some security funding, 10 more funding announcements, Mimecast has been taken private and is now delisted from the NASDAQ, ReliaQuest acquires Digital Shadows, We talk about public and private market performance, The cybersecurity skills crisis gets worse, Expired certs + IoT devices = PAIN, & more! Segment Resources: "Magecart 101" - a courseware-style overview of the problem for security practioners: https://www.youtube.com/watch?v=T4al8idAE_M A quick five minute explainer on the problem and Source Defense's solution: https://www.youtube.com/watch?v=f8MO45EQcKY Source Defense's brand new (as of 5/25/22) "State of the Industry" report for client-side security: https://info.sourcedefense.com/third-party-digital-supply-chain-report-white-paper This segment is sponsored by Source Defense. Visit https://securityweekly.com/sourcedefense to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/esw276

This episode, in the first segment Matt McGuirk, Solution Architect at Source Defense, joins to discuss Understanding Web Application Client-Side Risk! Then, we are joined by Ian Glazer, the SVP of Product Management, Identity at Salesforce, to talk about Salesforce's Journey Towards Complete Customer MFA! Finally, in the Enterprise Security News, Funding is back, in preparation for RSA! Devo raises $100M and becomes our 56th unicorn, JupiterOne raises $70M and becomes our 57th unicorn! Open source projects get some security funding, 10 more funding announcements, Mimecast has been taken private and is now delisted from the NASDAQ, ReliaQuest acquires Digital Shadows, We talk about public and private market performance, The cybersecurity skills crisis gets worse, Expired certs + IoT devices = PAIN, & more! Segment Resources: "Magecart 101" - a courseware-style overview of the problem for security practioners: https://www.youtube.com/watch?v=T4al8idAE_M A quick five minute explainer on the problem and Source Defense's solution: https://www.youtube.com/watch?v=f8MO45EQcKY Source Defense's brand new (as of 5/25/22) "State of the Industry" report for client-side security: https://info.sourcedefense.com/third-party-digital-supply-chain-report-white-paper This segment is sponsored by Source Defense. Visit https://securityweekly.com/sourcedefense to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/esw276

Finally, in the Enterprise Security News, Funding is back, in preparation for RSA! Devo raises $100M and becomes our 56th unicorn, JupiterOne raises $70M and becomes our 57th unicorn! Open source projects get some security funding, 10 more funding announcements, Mimecast has been taken private and is now delisted from the NASDAQ, ReliaQuest acquires Digital Shadows, We talk about public and private market performance, The cybersecurity skills crisis gets worse, Expired certs + IoT devices = PAIN! All that and more, on this episode of Enterprise Security Weekly.   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw276

In the Enterprise Security News, Veza raises $110M for Data Security, Traceable raises $60M for API Security, 10 other security startups get funded, Synopsis buys Whitehat for $330M, HackerOne approves a PullRequest, Bright Security acquires WeHackPurple, LexusNexis acquires BehaviorSec, JupiterOne continues to release some compelling books, the DevSecOps evolution, the future of Product-Led Growth, & more!    Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw272

This week, in our first segment, we welcome Prashasth Baliga, Senior Security Consultant at Palo Alto Networks to talk about Security Orchestration and Automation Simplified! Then, Ryan Fried, Senior Security Engineer at Brooks Running, joins for an interview about Getting Value from SOAR beyond Phishing Workflows! Finally, in the Enterprise Security News, Veza raises $110M for Data Security, Traceable raises $60M for API Security, 10 other security startups get funded, Synopsis buys Whitehat for $330M, HackerOne approves a PullRequest, Bright Security acquires WeHackPurple, LexusNexis acquires BehaviorSec, JupiterOne continues to release some compelling books, the DevSecOps evolution, the future of Product-Led Growth, & more! Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/esw272

This week, in our first segment, we welcome Prashasth Baliga, Senior Security Consultant at Palo Alto Networks to talk about Security Orchestration and Automation Simplified! Then, Ryan Fried, Senior Security Engineer at Brooks Running, joins for an interview about Getting Value from SOAR beyond Phishing Workflows! Finally, in the Enterprise Security News, Veza raises $110M for Data Security, Traceable raises $60M for API Security, 10 other security startups get funded, Synopsis buys Whitehat for $330M, HackerOne approves a PullRequest, Bright Security acquires WeHackPurple, LexusNexis acquires BehaviorSec, JupiterOne continues to release some compelling books, the DevSecOps evolution, the future of Product-Led Growth, & more! Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/esw272

Finally, in the Enterprise Security News for this week: NordVPN raises $100M and becomes the first Lithuanian Unicorn?, Coro lands a $60M Series C for small business-focused security, Airgap Networks closes a funding gap with a $13.4M Series A, Corsha lands a $12M Series A to bring MFA to machine-to-machine API traffic. What? Tru.id lands a $9M seed round to take a stab at using SIM cards for MFA, ex-Alienvault employees raise funding from Ballistic Ventures with Nudge Security, SeeMetrics scores a $6M seed round to provide better KPIs to CISOs, an essay on trust: the two sides of “Say” and “Do”, Ubiquiti continues to alienate the security community with its attacks against Brian Krebs, Why an option to edit tweets is a terrible idea, & more!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw268

In our first segment, we welcome Josh Snow, Principal Sales Engineer at ExtraHop to discuss Common Sense Steps for Implementing Shields Up! Then, Catherine Ullman, Sr. Information Security Forensic Analyst at the University at Buffalo, joins for an interview on Why Learning Offensive Security Makes You A Better Defender! Finally, in the Enterprise Security News for this week: NordVPN raises $100M and becomes the first Lithuanian Unicorn?, Coro lands a $60M Series C for small business-focused security, Airgap Networks closes a funding gap with a $13.4M Series A, Corsha lands a $12M Series A to bring MFA to machine-to-machine API traffic. What? Tru.id lands a $9M seed round to take a stab at using SIM cards for MFA, ex-Alienvault employees raise funding from Ballistic Ventures with Nudge Security, SeeMetrics scores a $6M seed round to provide better KPIs to CISOs, an essay on trust: the two sides of “Say” and “Do”, Ubiquiti continues to alienate the security community with its attacks against Brian Krebs, Why an option to edit tweets is a terrible idea, & more! Segment Resources: A Practical Guide for Shields Up: https://www.extrahop.com/resources/papers/shields-up-guidance-for-organizations/ Free Shields Up Assessment: https://www.extrahop.com/lp/free-shields-up-assessment/ This segment is sponsored by ExtraHop Networks. Visit https://securityweekly.com/extrahop to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw268

In our first segment, we welcome Josh Snow, Principal Sales Engineer at ExtraHop to discuss Common Sense Steps for Implementing Shields Up! Then, Catherine Ullman, Sr. Information Security Forensic Analyst at the University at Buffalo, joins for an interview on Why Learning Offensive Security Makes You A Better Defender! Finally, in the Enterprise Security News for this week: NordVPN raises $100M and becomes the first Lithuanian Unicorn?, Coro lands a $60M Series C for small business-focused security, Airgap Networks closes a funding gap with a $13.4M Series A, Corsha lands a $12M Series A to bring MFA to machine-to-machine API traffic. What? Tru.id lands a $9M seed round to take a stab at using SIM cards for MFA, ex-Alienvault employees raise funding from Ballistic Ventures with Nudge Security, SeeMetrics scores a $6M seed round to provide better KPIs to CISOs, an essay on trust: the two sides of “Say” and “Do”, Ubiquiti continues to alienate the security community with its attacks against Brian Krebs, Why an option to edit tweets is a terrible idea, & more! Segment Resources: A Practical Guide for Shields Up: https://www.extrahop.com/resources/papers/shields-up-guidance-for-organizations/ Free Shields Up Assessment: https://www.extrahop.com/lp/free-shields-up-assessment/ This segment is sponsored by ExtraHop Networks. Visit https://securityweekly.com/extrahop to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw268

In the Enterprise Security News for this week: 14 cybersecurity startups have raised funding! Massive late stage market corrections underway and talks of self-repricing valuations, A private equity firm acquires Zimperium, Even more massive amounts of cryptocurrency are stolen, The NPM package library is under active, constant attack, Microsoft Azure Defender IoT has trivial critical vulnerabilities, White house earmarks $11B for cybersecurity, Death to SPACs, as well as Several new security vendors and products!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw267

This week, Tim Cathcart from Knox County Schools is with us to discuss breaking into cyber from a high school perspective! Then, Steven Turner from Microsoft joins us to sweep away the noise and level set on Zero Trust! Finally, in the Enterprise Security News for this week: 14 cybersecurity startups have raised funding! Massive late stage market corrections underway and talks of self-repricing valuations, A private equity firm acquires Zimperium, Even more massive amounts of cryptocurrency are stolen, The NPM package library is under active, constant attack, Microsoft Azure Defender IoT has trivial critical vulnerabilities, White house earmarks $11B for cybersecurity, Death to SPACs, as well as Several new security vendors and products! Segment Resources: - NIST SP 800-207 - https://csrc.nist.gov/publications/detail/sp/800-207/final - UK NCSC ZT Guidance - https://github.com/ukncsc/zero-trust-architecture - USA CISA/OMB ZT Guidance - https://zerotrust.cyber.gov/ - DOD ZT Reference Architecture -https://dodcio.defense.gov/Portals/0/Documents/Library/(U)ZT_RA_v1.1(U)_Mar21.pdf- Microsoft ZT Guidance - https://docs.microsoft.com/en-us/security/zero-trust/ Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/esw for all the latest episodes!  Show Notes: https://securityweekly.com/esw267

This week, Tim Cathcart from Knox County Schools is with us to discuss breaking into cyber from a high school perspective! Then, Steven Turner from Microsoft joins us to sweep away the noise and level set on Zero Trust! Finally, in the Enterprise Security News for this week: 14 cybersecurity startups have raised funding! Massive late stage market corrections underway and talks of self-repricing valuations, A private equity firm acquires Zimperium, Even more massive amounts of cryptocurrency are stolen, The NPM package library is under active, constant attack, Microsoft Azure Defender IoT has trivial critical vulnerabilities, White house earmarks $11B for cybersecurity, Death to SPACs, as well as Several new security vendors and products! Segment Resources: - NIST SP 800-207 - https://csrc.nist.gov/publications/detail/sp/800-207/final - UK NCSC ZT Guidance - https://github.com/ukncsc/zero-trust-architecture - USA CISA/OMB ZT Guidance - https://zerotrust.cyber.gov/ - DOD ZT Reference Architecture -https://dodcio.defense.gov/Portals/0/Documents/Library/(U)ZT_RA_v1.1(U)_Mar21.pdf- Microsoft ZT Guidance - https://docs.microsoft.com/en-us/security/zero-trust/ Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/esw for all the latest episodes!  Show Notes: https://securityweekly.com/esw267

This week, in our first segment, we welcome Zane Bond, Director of Product Management at Keeper Security, for an interview on How to Secure Your Secrets! We discuss how, Since IT network secrets unlock access to highly privileged systems and data, securing secrets is just as critical to preventing cyberattacks as securing end-user passwords! Then, Erin Kenneally, Senior Director, Cyber Risk Strategy at Guidewire to discuss Cyber Risk, & how past ransomware incidents could lead to a call for cyber insurance industry adaptation! Finally, we dive straight into the Enterprise News for this week! In the Enterprise Security News for this week: Island raises another $115M to build a secure web browser, less than 2 months after raising $100M, Bionic raises $65M for application intelligence, Israeli startup HUB Security merges with a SPAC to go public on the NASDAQ at a $1.28B valuation, Cybersecurity now has 53 unicorns, which are the most interesting to follow? New data shows VCs pulling back on Series A, B, and C, but is this data any good? Over 90% of orgs had an incident tied to a third party last year, the SEC might require public companies to report hacks and hand over details, & more! Segment Resources: - https://www.linkedin.com/posts/ekenneally_cybersecurity-cyberinsurance-cyberrisk-activity-6831288006494814208-PVtE?utm_source=linkedin_share&utm_medium=member_desktop_web - https://www.linkedin.com/posts/ekenneally_ransomware-a-darwinian-opportunity-for-cyber-activity-6763127736304201728-RriU?utm_source=linkedin_share&utm_medium=member_desktop_web - https://www.linkedin.com/posts/ekenneally_ai-artificialintelligence-cyberrisk-activity-6857351155295514624-Sp2j?utm_source=linkedin_share&utm_medium=member_desktop_web -https://www.dhs.gov/sites/default/files/publications/3950_CYRIE_Report_FINAL508.pdf Segment Resources: https://www.keepersecurity.com/en_GB/secrets-manager.html This segment is sponsored by Keeper Security. Visit https:// Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/esw266

This week, in our first segment, we welcome Zane Bond, Director of Product Management at Keeper Security, for an interview on How to Secure Your Secrets! We discuss how, Since IT network secrets unlock access to highly privileged systems and data, securing secrets is just as critical to preventing cyberattacks as securing end-user passwords! Then, Erin Kenneally, Senior Director, Cyber Risk Strategy at Guidewire to discuss Cyber Risk, & how past ransomware incidents could lead to a call for cyber insurance industry adaptation! Finally, we dive straight into the Enterprise News for this week! In the Enterprise Security News for this week: Island raises another $115M to build a secure web browser, less than 2 months after raising $100M, Bionic raises $65M for application intelligence, Israeli startup HUB Security merges with a SPAC to go public on the NASDAQ at a $1.28B valuation, Cybersecurity now has 53 unicorns, which are the most interesting to follow? New data shows VCs pulling back on Series A, B, and C, but is this data any good? Over 90% of orgs had an incident tied to a third party last year, the SEC might require public companies to report hacks and hand over details, & more! Segment Resources: - https://www.linkedin.com/posts/ekenneally_cybersecurity-cyberinsurance-cyberrisk-activity-6831288006494814208-PVtE?utm_source=linkedin_share&utm_medium=member_desktop_web - https://www.linkedin.com/posts/ekenneally_ransomware-a-darwinian-opportunity-for-cyber-activity-6763127736304201728-RriU?utm_source=linkedin_share&utm_medium=member_desktop_web - https://www.linkedin.com/posts/ekenneally_ai-artificialintelligence-cyberrisk-activity-6857351155295514624-Sp2j?utm_source=linkedin_share&utm_medium=member_desktop_web -https://www.dhs.gov/sites/default/files/publications/3950_CYRIE_Report_FINAL508.pdf Segment Resources: https://www.keepersecurity.com/en_GB/secrets-manager.html This segment is sponsored by Keeper Security Visit https://securityweekly.com/keepersecurity to learn more about them! Visit https:// Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/esw266

In the Enterprise Security News for this week: Island raises another $115M to build a secure web browser, less than 2 months after raising $100M, Bionic raises $65M for application intelligence, Israeli startup HUB Security merges with a SPAC to go public on the NASDAQ at a $1.28B valuation, Cybersecurity now has 53 unicorns, which are the most interesting to follow? New data shows VCs pulling back on Series A, B, and C, but is this data any good? Over 90% of orgs had an incident tied to a third party last year, the SEC might require public companies to report hacks and hand over details, & more!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw266

Managing firewall rule reviews, especially for PCI-DSS, can be complex but it doesn't have to be. Hear from Jeff Styles as he talks about how you can automate this process to keep you compliant and secure. There's a LOT of noise in the security industry. We've catalogued over 10,000 cybersecurity products and each of the companies behind these products has a marketing team, a twitter account, a blog, and a ton of content to blast at enterprise security buyers. There's an interesting connection between GreyNoise's product, founder, and principles. While building a product that filtered out the noise that wastes most security operations teams' time, Andrew was dead set against building a startup that resembled the typical security startup. We'll discuss Andrew's unique path to market, the latest features of GreyNoise, and where the lines are drawn between malicious and benign scanning. In the Enterprise Security News for this week: Google intends to acquire Mandiant HelpSystems to pick up Alert Logic - at least their 11th security acquisition in the past 3 years, Rumor that Abnormal Security could be our next security unicorn, Axonius raises a $200M Series E, A number of AppSec and cloud security startups raise their first big rounds, SEC requires public companies to report breaches within 4 days,Did we mention Google is buying Mandiant? All that and more, on this episode of Enterprise Security Weekly.   Show Notes: https://securityweekly.com/esw264 Segment Resources: GreyNoise Visualizer (free web tool for researching scanner IPs): https://www.greynoise.io/viz/query/?gnql=last_seen%3A1d GreyNoise Trends for Apache Log4j Exploit Attempts: https://www.greynoise.io/viz/tag/apache-log4j-rce-attempt Visit https://securityweekly.com/firemon to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Managing firewall rule reviews, especially for PCI-DSS, can be complex but it doesn't have to be. Hear from Jeff Styles as he talks about how you can automate this process to keep you compliant and secure. There's a LOT of noise in the security industry. We've catalogued over 10,000 cybersecurity products and each of the companies behind these products has a marketing team, a twitter account, a blog, and a ton of content to blast at enterprise security buyers. There's an interesting connection between GreyNoise's product, founder, and principles. While building a product that filtered out the noise that wastes most security operations teams' time, Andrew was dead set against building a startup that resembled the typical security startup. We'll discuss Andrew's unique path to market, the latest features of GreyNoise, and where the lines are drawn between malicious and benign scanning. In the Enterprise Security News for this week: Google intends to acquire Mandiant HelpSystems to pick up Alert Logic - at least their 11th security acquisition in the past 3 years, Rumor that Abnormal Security could be our next security unicorn, Axonius raises a $200M Series E, A number of AppSec and cloud security startups raise their first big rounds, SEC requires public companies to report breaches within 4 days,Did we mention Google is buying Mandiant? All that and more, on this episode of Enterprise Security Weekly.   Show Notes: https://securityweekly.com/esw264 Segment Resources: GreyNoise Visualizer (free web tool for researching scanner IPs): https://www.greynoise.io/viz/query/?gnql=last_seen%3A1d GreyNoise Trends for Apache Log4j Exploit Attempts: https://www.greynoise.io/viz/tag/apache-log4j-rce-attempt Visit https://securityweekly.com/firemon to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

In the Enterprise Security News for this week: Google intends to acquire Mandiant HelpSystems to pick up Alert Logic - at least their 11th security acquisition in the past 3 years, Rumor that Abnormal Security could be our next security unicorn, Axonius raises a $200M Series E, A number of AppSec and cloud security startups raise their first big rounds, SEC requires public companies to report breaches within 4 days,Did we mention Google is buying Mandiant? All that and more, on this episode of Enterprise Security Weekly.   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw264

Finally, in the Enterprise Security News, BlueVoyant raises a $250M Series D to become security's newest unicorn (baby unicorn, awww), Balbix raises a $70M Series C, Scope Security announces a $20M Series A to specifically focus on monitoring and defense for healthcare, Palo Alto introduces a new product aiming to disrupt the SIEM market, Third Party Risk Management vendors come together to forge the one ring of standards to rule all of cyber (less forge, more rubber stamp though), Signal Science founder, former Etsy CISO, and honorary level 80 DevOps wizard Zane Lackey is now a general partner at Andreesen Horowitz (A16Z), All that and more, on this episode of Enterprise Security Weekly!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw263

This week, in our first segment, we welcome Chad Skipper, Global Security Technologist at VMware, & Karen Worstell, Sr. Cybersecurity Strategist at VMWare, for an interview on Exposing Malware in Linux-Based Multi-Cloud Environments! Then, Sharon Goldberg, the CEO and Co-Founder at BastionZero Inc, joins us to discuss Putting the Zero Back Into Zero-Trust! Finally, in the Enterprise Security News, BlueVoyant raises a $250M Series D to become security's newest unicorn (baby unicorn, awww), Balbix raises a $70M Series C, Scope Security announces a $20M Series A to specifically focus on monitoring and defense for healthcare, Palo Alto introduces a new product aiming to disrupt the SIEM market, Third Party Risk Management vendors come together to forge the one ring of standards to rule all of cyber (less forge, more rubber stamp though), Signal Science founder, former Etsy CISO, and honorary level 80 DevOps wizard Zane Lackey is now a general partner at Andreesen Horowitz (A16Z), All that and more, on this episode of Enterprise Security Weekly!   Segment Resources: https://via.vmw.com/exposingmalware This segment is sponsored by VMware. Visit https://securityweekly.com/vmware to learn more about them! Analysis of the federal government's zero trust memo: https://www.bastionzero.com/blog/i-read-the-federal-governments-zero-trust-memo-so-you-dont-have-to https://www.bastionzero.com/blog/bashing-vpns-for-fun-and-profit Zero trust security models https://docs.bastionzero.com/product-docs/home/security-model Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Visit https://www.securityweekly.com/esw for all the latest episodes! Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/esw263

This week, in our first segment, we welcome Chad Skipper, Global Security Technologist at VMware, & Karen Worstell, Sr. Cybersecurity Strategist at VMWare, for an interview on Exposing Malware in Linux-Based Multi-Cloud Environments! Then, Sharon Goldberg, the CEO and Co-Founder at BastionZero Inc, joins us to discuss Putting the Zero Back Into Zero-Trust! Finally, in the Enterprise Security News, BlueVoyant raises a $250M Series D to become security's newest unicorn (baby unicorn, awww), Balbix raises a $70M Series C, Scope Security announces a $20M Series A to specifically focus on monitoring and defense for healthcare, Palo Alto introduces a new product aiming to disrupt the SIEM market, Third Party Risk Management vendors come together to forge the one ring of standards to rule all of cyber (less forge, more rubber stamp though), Signal Science founder, former Etsy CISO, and honorary level 80 DevOps wizard Zane Lackey is now a general partner at Andreesen Horowitz (A16Z), All that and more, on this episode of Enterprise Security Weekly!   Segment Resources: https://via.vmw.com/exposingmalware This segment is sponsored by VMware. Visit https://securityweekly.com/vmware to learn more about them! Analysis of the federal government's zero trust memo: https://www.bastionzero.com/blog/i-read-the-federal-governments-zero-trust-memo-so-you-dont-have-to https://www.bastionzero.com/blog/bashing-vpns-for-fun-and-profit Zero trust security models https://docs.bastionzero.com/product-docs/home/security-model Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Visit https://www.securityweekly.com/esw for all the latest episodes! Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/esw263