POPULARITY
Advancing Exposure ManagementHear from Jorge Orchilles, Senior Director at Verizon, on the shift from traditional vulnerability management to modern exposure management and the critical role proactive security plays in staying ahead of threats.+ + +Find more episodes on YouTube or wherever you listen to podcasts, as well as at netspi.com/agentofinfluence.
SummaryIn this episode of the Blue Security Podcast, hosts Andy and Adam delve into Microsoft's new feature, Security Exposure Management (XSPM). They discuss the evolution of vulnerability management, the importance of understanding exposure management, and the five phases of continuous threat exposure management. The conversation also covers licensing requirements, the functionality of the exposure management portal, and the proactive approach to cybersecurity that this new feature embodies. The hosts emphasize the need for organizations to adopt a holistic view of their security posture and to continuously assess their vulnerabilities and risks.----------------------------------------------------YouTube Video Link: https://youtu.be/fuHMhE4gRrA----------------------------------------------------Documentation:https://learn.microsoft.com/en-us/security-exposure-management/microsoft-security-exposure-management----------------------------------------------------Contact Us:Website: https://bluesecuritypod.comBluesky: https://bsky.app/profile/bluesecuritypod.comLinkedIn: https://www.linkedin.com/company/bluesecpodYouTube: https://www.youtube.com/c/BlueSecurityPodcast-----------------------------------------------------------Andy JawBluesky: https://bsky.app/profile/ajawzero.comLinkedIn: https://www.linkedin.com/in/andyjaw/Email: andy@bluesecuritypod.com----------------------------------------------------Adam BrewerTwitter: https://twitter.com/ajbrewerLinkedIn: https://www.linkedin.com/in/adamjbrewer/Email: adam@bluesecuritypod.com
In this episode of Cyber Talks, we speak with Craig Peppard, CISO at Ivari Canada, about why people and processes - not just technology - are the real frontline in cybersecurity. The conversation unpacks the limitations of traditional security awareness training, explores how to move beyond blame to address systemic process failures, and highlights the growing importance of soft skills like empathy and storytelling in security leadership. They also dive into the evolving role of the CISO, the rise of embedded security roles like CISOs, and why mentoring and inclusive hiring practices are essential for building future-ready security teams.--Have a question for us? Reach out: hello@esentire.com---About Cyber TalksFrom ransomware attacks to supply chain compromises, eSentire's Cyber Talks podcast will delve into the world of the latest cyber threats that are impacting businesses globally. Join our team of security experts as we speak with C-level executives and security practitioners about the cyber risks affecting their business and how they're addressing these challenges.About eSentireeSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization's cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world's most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit www.esentire.com and follow @eSentire.
Charles Henderson, who leads the cybersecurity services division at Coalfire, shares how the company is reimagining offensive and defensive operations through a programmatic lens that prioritizes outcomes over checkboxes. His team, made up of practitioners with deep experience and creative drive, brings offensive testing and exposure management together with defensive services and managed offerings to address full-spectrum cybersecurity needs. The focus isn't on commoditized services—it's on what actually makes a difference.At the heart of the conversation is the idea that cybersecurity is a team sport. Henderson draws parallels between the improvisation of music and the tactics of both attackers and defenders. Both require rhythm, creativity, and cohesion. The myth of the lone hero doesn't hold up anymore—effective cybersecurity programs are driven by collaboration across specialties and by combining services in ways that amplify their value.Coalfire's evolution reflects this shift. It's not just about running a penetration test or red team operation in isolation. It's about integrating those efforts into a broader mission-focused program, tailored to real threats and measured against what matters most. Henderson emphasizes that CISOs are no longer content with piecemeal assessments; they're seeking simplified, strategic programs with measurable outcomes.The conversation also touches on the importance of storytelling in cybersecurity reporting. Henderson underscores the need for findings to be communicated in ways that resonate with technical teams, security leaders, and the board. It's about enabling CISOs to own the narrative, armed with context, clarity, and confidence.Henderson's reflections on the early days of hacker culture—when gatherings like HoCon and early Def Cons were more about curiosity and camaraderie than business—bring a human dimension to the discussion. That same passion still fuels many practitioners today, and Coalfire is committed to nurturing it through talent development and internships, helping the next generation find their voice, their challenge, and yes, even their hacker handle.This episode offers a look at how to build programs, teams, and mindsets that are ready to lead—not follow—on the cybersecurity front.Learn more about Coalfire: https://itspm.ag/coalfire-yj4wNote: This story contains promotional content. Learn more.Guest: Charles Henderson, Executive Vice President of Cyber Security Services, Coalfire | https://www.linkedin.com/in/angustx/ResourcesLearn more and catch more stories from Coalfire: https://www.itspmagazine.com/directory/coalfireLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:charles henderson, sean martin, coalfire, red teaming, penetration testing, cybersecurity services, exposure management, ciso, threat intelligence, hacker culture, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
In today's episode of the Cyber Culture Café series, Andy and John speak to Alexander Feick, VP of our eSentire Labs team. As the VP of Labs, Alex Feick leads a team responsible for fostering innovations from security professionals on our platform and integrating new technologies into the company's services. Over the past year, his efforts have centered on Generative AI security and enabling the company to leverage the technology more effectively internally. --Cybersecurity isn't just about platforms and processes—it's about people. If relationships matter in cybersecurity, this is where they begin. So, we're introducing a new, breakout series from the eSentire Cyber Talks Podcast – the Cyber Culture Café series! In this series, John Moretti and Andy Lalaguna will sit down for a candid conversation with one of the key players behind the eSentire customer experience. This series is all about pulling back the curtain and putting the spotlight on the people who power eSentire's world-class cybersecurity services.Join us for a relaxed and revealing discussion covering day-to-day challenges, personal motivation, industry observations, and the unique value each guest brings to the eSentire mission. Get to know the voices behind the protection—and why our people are at the core of everything we do.--Have a question for us? Reach out: hello@esentire.com---About Cyber TalksFrom ransomware attacks to supply chain compromises, eSentire's Cyber Talks podcast will delve into the world of the latest cyber threats that are impacting businesses globally. Join our team of security experts as we speak with C-level executives and security practitioners about the cyber risks affecting their business and how they're addressing these challenges.About eSentireeSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization's cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world's most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit www.esentire.com and follow @eSentire.
Cybersecurity isn't just about platforms and processes—it's about people. If relationships matter in cybersecurity, this is where they begin. So, we're introducing a new, breakout series from the eSentire Cyber Talks Podcast – the Cyber Culture Café series! In this series, John Moretti and Andy Lalaguna will sit down for a candid conversation with one of the key players behind the eSentire customer experience. This series is all about pulling back the curtain and putting the spotlight on the people who power eSentire's world-class cybersecurity services.Join us for a relaxed and revealing discussion covering day-to-day challenges, personal motivation, industry observations, and the unique value each guest brings to the eSentire mission. Get to know the voices behind the protection—and why our people are at the core of everything we do.--Have a question for us? Reach out: hello@esentire.com---About Cyber TalksFrom ransomware attacks to supply chain compromises, eSentire's Cyber Talks podcast will delve into the world of the latest cyber threats that are impacting businesses globally. Join our team of security experts as we speak with C-level executives and security practitioners about the cyber risks affecting their business and how they're addressing these challenges.About eSentireeSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization's cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world's most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit www.esentire.com and follow @eSentire.
KI hat eine neue Dimension in die IT-Sicherheitslandschaft gebracht. Cyberkriminelle nutzen KI längst für Angriffe. Verteidiger müssen mithalten – mit Plan und KI-basierten Security-Lösungen. In dieser Podcast-Folge spricht Moderatorin Henrike Tönnes mit Dr. Mohamad Sbeiti und Samet Gökbayrak über den Einsatz von KI in der Cybersicherheit. Die Gründer des Startups ENTRYZERO erklären, wie sie Unternehmen mit KI-gestützten Lösungen helfen, Bedrohungen frühzeitig zu erkennen und Risiken zu minimieren. Dabei geht es um die Automatisierung von Sicherheitsprozessen, proaktive Überwachung, Ethical Hacking und die aktuelle Bedrohungslage. Eine spannende Episode für alle, die sich für die Zukunft der IT-Security interessieren. Mehr zu ENTRYZERO: https://entryzero.ai/
In this episode of the mnemonic security podcast, Robby is joined by Bernard Montel, EMEA Technical Director & Security Strategist at Tenable, to break down the evolution of vulnerability management into exposure management. Bernard explains how security has shifted from traditional vulnerability scanning to a broader approach that considers misconfigurations, attack paths, and identity risks. They discuss why most breaches stem from a toxic combination of exposures, the growing complexity of cloud security, and how organisations can prioritise real risks instead of drowning in vulnerability lists. Plus, how AI is changing the game for both defenders and attackers.Send us a text
eSentire, a leading global Managed Detection and Response (MDR) cybersecurity services provider, has announced that it has awarded the annual "Sean Hennessy Bursary" to Munster Technological University (MTU)computer science student, James Spillane. This year, eSentire is also celebrating the 10-year anniversary of the opening of its international headquarters and Security Operations Centre (SOC) in Cork, Ireland. eSentire established the Sean Hennessy Bursary award in 2021, in collaboration with the Department of Computer Science at MTU, in response to Ireland's growing cybersecurity skills shortage. According to Cyber Ireland's 2024 Security Snapshot Report, the cybersecurity industry employs approximately 8,000 professionals in Ireland, an increase of 8% since 2022. The Sean Hennessy Bursary provides college financial aid, as well as the opportunity to participate in a nine-month internship with eSentire. The scholarship is named in honour of the late Sean Hennessy, a former eSentire team member who was instrumental in establishing and managing eSentire's Global SOC in Cork in 2015. Sean Hennessy passed away in 2016. This is the fourth year that the Sean Hennessy Bursary has been awarded to a MTU student. Impressively, the three previous recipients of the award are all currently employed with eSentire's Global SOC in Cork, Ireland. Each of them has reached various stages of eSentire's Career Development Program, which fosters and supports security analysts' growth through attainment of internal and external certifications, mentoring and progression. "I am delighted and honoured to have been selected as this year's recipient of the Sean Hennessy Bursary," said James Spillane, 2025 eSentire Sean Hennessy Bursary winner. "I would like to sincerely thank everyone at eSentire for this incredible opportunity to further explore the fascinating world of cybersecurity, which is a passion and interest of mine. I am also grateful to MTU for their support and guidance through my studies. Receiving this award is an honour and a fulfilling achievement, I want to thank everyone involved for this prestigious opportunity." eSentire has been protecting organisations from known and unknown cyber threats for 20+ years, providing complete attack surface coverage on premises and in the cloud. With 2000+ customers in 80+ countries, eSentire provides Exposure Management, Managed Detection and Response, and Digital Forensics and Incident Response services designed to build an organisation's cyber resilience and prevent business disruption. eSentire protects the world's most targeted organisations, with 65% of its global base recognised as critical infrastructure, vital to economic health and stability. eSentire operates the largest SOC in the Southwest region of Ireland, and as a global leader in providing award-winning cybersecurity solutions, eSentire has contributed to the broader development of the Cork region and its security analysts are highly trained experts on the frontlines of cybercrime. "The 10-year anniversary of the opening of our Global SOC and headquarters in Cork is an important milestone for us," said Ciaran Luttrell, Vice President of eSentire's Global Security Operations. "We have grown our operations and currently employ over 50 staff members, we have completed over 25 SOC analyst internships, and this is the fourth year of our special bursary program honouring the memory of Sean Hennessy." "Reflecting on our ten years in Cork, we are especially proud to have led the way in contributing to the growth of the cybersecurity community," continued Luttrell. "It is through programs such as the annual bursary, our work as Chapter Leads with Cyber Ireland, the sponsorship of CorkSec, a Cork-based Def Con meetup group; and most recently, our partnership with Cyber Innovate, an incubator program supporting cybersecurity start-up companies, which launched in 2024. We could not have accomplished all these achievements without our strong ...
I take a look at something many overlook when it comes to security in their Microsoft 365 environment - Exposure score. In essence it is like a targeted Secure Score for a particular threat like Business Email Compromise. There is also news and updates from the Microsoft Cloud so listen along and review the show notes for more information. Brought to you by www.ciaopspatron.com Resources @directorcia Join my shared channel CIAOPS merch store Become a CIAOPS Patron CIAOPS Blog CIAOPS Brief CIAOPSLabs Support CIAOPS The way to control EWS usage in Exchange Online is changing New Microsoft-managed policies to raise your identity security posture Storm-2372 conducts device code phishing campaign Block malicious command lines with Microsoft Defender for Endpoint Clipchamp: Elevating work communication with seamless video creation in Copilot Sharing with Microsoft Whiteboard AI agents at work: The new frontier in business automation Copilot learning hub New Certification for Microsoft information security administrators What is Security Exposure Managenet?
Ivanti's Chris Goettl and Robert Waters take on four big questions facing cybersecurity today, namely: Who gets the upper hand from AI, cyber adversaries or the legitimate organizations looking to stop them? What's going to win out, Everywhere Work or RTO? Exposure Management: sea change, or passing fad?And what's the bigger security risk, IoT devices or third-party vendors?Listen in for those questions and, if you're listening closely, a few answers too.Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)
In this episode of Cyber Talks, Tia Hopkins, Chief Cyber Resilience Officer & Field CTO at eSentire, and Roselle Safran, Founder & CEO at KeyCaliber, discuss the evolution of Continuous Threat Exposure Management (CTEM) and its role in modern cybersecurity. They explore the practical application of CTEM, its benefits for business context in security, and how it integrates with Managed Detection and Response (MDR) to enhance resilience. Key takeaways include: The difference between CTEM as a platform, tool, and technology and the 5 key stages of CTEM (per Gartner) Current challenges and limitations of CTEM adoption, such as gaining full visibility, prioritizing vulnerabilities, and cross-team alignment How MDR integrates with CTEM to provide real-time threat detection and response with the ultimate goal of building cyber resilience Emerging trends and technologies to look out for within CTEM -- Have a question for us? Reach out: hello@esentire.com --- About Cyber Talks From ransomware attacks to supply chain compromises, eSentire's Cyber Talks podcast will delve into the world of the latest cyber threats that are impacting businesses globally. Join our team of security experts as we speak with C-level executives and security practitioners about the cyber risks affecting their business and how they're addressing these challenges. About eSentire eSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization's cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world's most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit www.esentire.com and follow @eSentire.
Ivanti's Robert Waters welcomes Grand Bank CTO Robert Hanson for a wide-ranging conversation on the emerging field of exposure management and how you can proactively safeguard your organization, because every organization faces risk. What separates the vulnerable from the well-protected isn't whether you have exposure — it's how you manage it. Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)
Episode #484 Continuous Threat Exposure Management (CTEM) avec Ronan Mouchoux et François Moerman de la société XRATOR The post Continuous Threat Exposure Management (CTEM) appeared first on NoLimitSecu.
Join Ivanti's Chris Goettl and Robert Waters as they take a Christmas-Carol-themed trip through the emerging field of exposure management, taking a close (and possibly ghostly) look at the past, present, and future of the field. To learn more about Ivanti's exposure management offerings, visit: https://ivanti.com/exposure-managementJoin the conversation online on LinkedIn (linkedin.com/company/Ivanti)
In today's Episode we are getting to grips with all the key questions surrounding the hugely important issue of exposure management and modelling in our sector. Models are a core part of our business, but as we have come to rely more and more heavily on their output, many fundamental questions arise. For instance, how much of a worry should it be that the market is dominated by two very large players? Or do enough C-suite executives really understand how models work or know the right questions to ask of their exposure management teams? And are we any closer to finding efficient cross-industry ways of making sure that the exposure data upon which our modelling is based is accurate and easily transferable in digital form? To assist me in this task are three people with vast experience in attacking these questions from all angles. Emma Watkins is Head of Exposure Management & Aggregation at Lloyd's and as such has oversight of one of the largest combined books of business anywhere in the world. Rupert Atkin is an underwriting veteran who has had a long and illustrious career. The Former CEO of Lloyd's Underwriter Talbot is also a former Deputy Chair of Lloyd's and Chair of the Lloyd's Market Association. Rupert currently serves on multiple boards, including as Chairman of Lloyd's businesses Ark Managing Agency and Carbon Underwriting as well as a Director at brokers AmWins Group and Alwen Hough Johnson. Finally Dickie Whitaker is the founder and CEO of the not-for-profit open source modelling platform, the Oasis Loss Modelling Framework. Dickie can trace his long career back to the foundation of cat modelling firm Eqecat and also spent over a decade in senior roles at reinsurance broker Guy Carpenter. Most recently he founded the open peer-reviewed Journal of Catastrophe Risk and Resilience. It's clear our panel is well qualified for the job, but what I enjoyed most about this gathering was the ease and good humour with which my guests took on the subjects in hand. This could have been a dry and academic affair, but it was absolutely nothing like that. The conversation is lively and positively buzzes with energy. NOTES: Oasis LMF has produced a fascinating report Navigating the Storm that makes a great accompaniment to this podcast. Download it Here
The feds take down the PopeyeTools cybercrime market. Five alleged Scattered Spider members have been charged. CISA warns of critical vulnerabilities in VMware's vCenter Server. Global AI experts convene to discuss safety. MITRE updates its list of Top 25 Most Dangerous Software Weaknesses. US and Australian agencies warn critical infrastructure organizations about evolving tactics by the BianLian ransomware group. A new report looks at rising threats to the U.S. manufacturing industry. Researchers at ESET uncover the WolfsBane Linux backdoor. A pair of malicious Python packages impersonating ChatGPT went undetected for over a year. A data breach at a French hospital compromised the medical records of 750,000 patients. On our Industry Voices segment, guest Avihai Ben-Yossef, Cymulate's Co-Founder and CTO, joins us to discuss "The Evolution and Outlook of Exposure Management." AI Pimping is the scourge of Instagram. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, guest Avihai Ben-Yossef, Cymulate's Co-Founder and CTO, joins us to discuss "The Evolution and Outlook of Exposure Management." Resources: Security Validation Essentials Hertz Israel Reduced Cyber Risk by 81% within 4 Months with Cymulate SecOps Roundtable: Security Validation and the Path to Exposure Management Double Agent: Exploiting Pass-through Authentication Credential Validation in Azure AD Selected Reading US seizes PopeyeTools cybercrime marketplace, charges administrators (Bleeping Computer) Five Charged in Scattered Spider Case (Infosecurity Magazine) CISA Warns of VMware VCenter Vulnerabilities Actively Exploited in Attacks (Cyber Security News) US Gathers Allies to Talk AI Safety as Trump's Vow to Undo Biden's AI Policy Overshadows Their Work (SecurityWeek) MITRE Updates List of 25 Most Dangerous Software Vulnerabilities (SecurityWeek) BianLian Ransomware Group Adopts New Tactics, Posing Significant Risk (Infosecurity Magazine) Manufacturing Sector Under Siege: Industry Faces Wave of Advanced Email Attacks (Abnormal Security) Gelsemium APT Hackers Attacking Linux Servers With New WolfsBane Malware (Cyber Security News) Two PyPi Malicious Package Mimic ChatGPT & Claude Steals Developers Data (GB Hackers) Cyberattack at French hospital exposes health data of 750,000 patients (Bleeping Computer) Inside the Booming 'AI Pimping' Industry (404 Media) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
In this episode of Cyber Talks, Rich Raether, CIO of Quarles & Brady, and Andrew DeBratto, CISO of Hunton Andrews Kurth LLP, discuss their decades-long journey in IT and cybersecurity. They recount shared projects, including navigating early security challenges, and reflect on how the industry has transformed, focusing on threat management and resilience-building. Rich and Andrew also share their personal and professional insights on managing cyber risk and reflect on how best practices in the industry have evolved. They emphasize the importance of fostering a security-conscious culture not just during October but year-round, encouraging proactive education to mitigate risks from ransomware, phishing, and other persistent threats. Key takeaways include: Building and maintaining cybersecurity resilience through incremental improvements and a measured approach to adopting new technologies. How cybersecurity has shifted from traditional perimeter-based models to modern cloud and AI-driven systems, underlining the increased complexity in securing hybrid environments. Practical advice for maintaining security at home and in the workplace, emphasizing proactive user education and vigilance against phishing and impersonation threats. Building resilient security operations with trusted MDR partners to ensure consistent threat visibility and quick incident response. -- Have a question for us? Reach out: hello@esentire.com --- About Cyber Talks From ransomware attacks to supply chain compromises, eSentire's Cyber Talks podcast will delve into the world of the latest cyber threats that are impacting businesses globally. Join our team of security experts as we speak with C-level executives and security practitioners about the cyber risks affecting their business and how they're addressing these challenges. About eSentire eSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization's cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world's most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit www.esentire.com and follow @eSentire.
Ivanti's Chris Goettl (VP of Product, Patch Management) welcomes back Robert Waters (Lead PMM, Exposure Management) for a special episode for Cybersecurity Awareness Month, sourcing five tips from a range of Ivanti employees on how your organization and its users can stay secure. Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)
The way we use browsers has changed, so has the way we need to secure them. Using a secure enterprise browser to execute content away from the endpoint, inside a secure cloud browser is a dramatically more effective and cost-effective approach to protect users and secure access. This segment is sponsored by Menlo Security. Visit https://securityweekly.com/menloisw to learn more about them! Sevco is a cloud-native vulnerability and exposure management platform built atop asset intelligence to enable rapid risk prioritization, mitigation, validation, and metrics. Segment Resources: Customer Testimonials: https://www.sevcosecurity.com/testimonials/ Product Videos: https://www.sevcosecurity.com/sevcoshorts/ This segment is sponsored by Sevco Security. Visit https://securityweekly.com/sevcoisw to learn more about them! Show Notes: https://securityweekly.com/esw-378
The way we use browsers has changed, so has the way we need to secure them. Using a secure enterprise browser to execute content away from the endpoint, inside a secure cloud browser is a dramatically more effective and cost-effective approach to protect users and secure access. This segment is sponsored by Menlo Security. Visit https://securityweekly.com/menloisw to learn more about them! Sevco is a cloud-native vulnerability and exposure management platform built atop asset intelligence to enable rapid risk prioritization, mitigation, validation, and metrics. Segment Resources: Customer Testimonials: https://www.sevcosecurity.com/testimonials/ Product Videos: https://www.sevcosecurity.com/sevcoshorts/ This segment is sponsored by Sevco Security. Visit https://securityweekly.com/sevcoisw to learn more about them! Show Notes: https://securityweekly.com/esw-378
Michal Brenner is the Senior Director of Product Marketing at Pentera. In this episode, she joins host David Braue to discuss the Continuous Threat Exposure Management (CTEM) framework, including what it adds to the security industry, how it's being adopted by the market, and more. Cyber Strong is a Cybercrime Magazine podcast series brought to you by Pentera, the leader in automated security validation. Learn more about our sponsor at https://pentera.io
The cyber threat landscape is evolving at an unprecedented pace, with increasingly sophisticated attacks from both nation-state actors and cybercriminals. Organizations must not only stay informed about emerging threats but also act swiftly to operationalize threat intelligence. Effective cybersecurity requires collaboration, cutting-edge tools, and strategic partnerships to mitigate risks in this dynamic environment. In this episode, Erin McLean, CMO at eSentire, and Ryan Westman, Director of Threat Intelligence, discuss how eSentire's Threat Response Unit (TRU) operates, the importance of actionable threat intelligence, and the growing impact of AI on the cybersecurity landscape. Key Takeaways: How eSentire's TRU operationalizes threat intelligence to detect and mitigate cyber threats in real-time. The importance of collaboration across the cybersecurity community, from private companies to government agencies. Insights into the evolving global threat landscape, including the role of nation-state actors and cybercriminals. The challenges of law enforcement in combating cybercrime and the critical role of private sector cybersecurity firms. The double-edged impact of generative AI in enhancing productivity while also amplifying the sophistication of cyberattacks. -- Have a question for us? Reach out: hello@esentire.com --- About Cyber Talks From ransomware attacks to supply chain compromises, eSentire's Cyber Talks podcast will delve into the world of the latest cyber threats that are impacting businesses globally. Join our team of security experts as we speak with C-level executives and security practitioners about the cyber risks affecting their business and how they're addressing these challenges. About eSentire eSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization's cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world's most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit www.esentire.com and follow @eSentire.
Ivanti's Chris Goettl (VP of Product, Patch Management) welcomes back Robert Waters (Lead PMM, Exposure Management) to cover the dreaded costs of a cyberattack, and how organizations can work to proactively avoid them by addressing three strategic imperatives: attack surface, vulnerability prioritization, and data silos.Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)
In this episode, Erin McLean chats with Mark Benaquista, a seasoned cybersecurity leader and Managing Director at Thomas H. Lee Partners. Mark shares his career journey from starting as an associate at JPMorgan to leading cybersecurity portfolios across various industries. He offers valuable insights into the importance of aligning technology with business objectives and the critical role cybersecurity plays in supporting these goals. Mark also delves into his current role at Thomas H. Lee Partners, where he oversees technology and cybersecurity across the firm's diverse portfolio, highlighting the collaborative approach that drives success. Key discussion points include: Mark's shift from a finance-focused role at JPMorgan to a technology-driven career, illustrating the value of flexibility and seizing new opportunities. Insights from Mark's decade at Merck, where he learned the importance of aligning IT with business objectives and the value of mentorship in career growth. Challenges Mark faced while transitioning to Warner Music and how he first encountered the critical importance of cybersecurity in a rapidly changing industry. Mark's approach to managing technology and cybersecurity across a diverse portfolio, focusing on collaboration, risk management, and the importance of integrating cyber risk into broader business discussions. Mark's thoughts on managing cybersecurity stress, emphasizing transparency, collaboration, and business alignment to ensure that security leaders don't shoulder the burden alone. -- Have a question for us? Reach out: hello@esentire.com --- About Cyber Talks From ransomware attacks to supply chain compromises, eSentire's Cyber Talks podcast will delve into the world of the latest cyber threats that are impacting businesses globally. Join our team of security experts as we speak with C-level executives and security practitioners about the cyber risks affecting their business and how they're addressing these challenges. About eSentire eSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization's cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world's most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit www.esentire.com and follow @eSentire.
How did Greg Crowley, eSentire's CISO, go from a potential career in broadcast television to IT? In this episode of eSentire Cyber Talks, Greg shares what influenced his pivot into cybersecurity, how he transitioned from being a Systems Engineer to a leadership role at WWE (formerly WWF) to developing the company's first security program amidst its expansion to a global enterprise. Greg also discusses his approach to leadership in his role as CISO, focusing on understanding business dynamics, employee relationships, and the organizational security culture. How Greg's background in non-tech fields contributed uniquely to his roles and approach in cybersecurity. Greg's methodical approach over his first 90 days in leadership roles to understand the intrinsic details of the business and its employees. Why anticipating potential security incidents and preparing response mechanisms beforehand is critical. Why it's important to educate internal teams and the executive leadership about cybersecurity risks and frameworks. -- Have a question for us? Reach out: hello@esentire.com --- About Cyber Talks From ransomware attacks to supply chain compromises, eSentire's Cyber Talks podcast will delve into the world of the latest cyber threats that are impacting businesses globally. Join our team of security experts as we speak with C-level executives and security practitioners about the cyber risks affecting their business and how they're addressing these challenges. About eSentire eSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization's cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world's most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit www.esentire.com and follow @eSentire.
Ivanti's Robert Waters (Lead PMM, Exposure Management) is back with Chris Goettl (VP of Product, Patch Management) for the last of our three episodes covering Verizon's 2024 Data Breach Investigations Report, covering the third-most popular attack vector in breaches today: exploit vulnerabilities. And while they may be #3 in prevalence, they're #1 in Chris and Robert's hearts.To view Verizon's report, head to: https://www.verizon.com/business/resources/reports/dbir/Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)
Last month, Sevco unveiled new capabilities in the Sevco platform to help manage and remediate risks for a new asset class – software vulnerabilities (think CVEs) and environmental vulnerabilities (think missing security tools, EOL systems, and IT hygiene issues). Sevco's exposure management capabilities centralize known and surface previously unknown vulnerabilities in one place, prioritize the most critical issues across the environment (based on technical severity and nearly unlimited business context derived from Sevco's asset intelligence), automate the remediation to fix priority issues and validate that remediation efforts are completed. With the help of these new capabilities in the Sevco platform, CISOs gain quantifiable insights to manage remediation programs, highlighting where efforts are working and where they aren't.Why does this matter: The systems that typically track and report CVEs, don't report on vulnerabilities in categories such as cloud, identity, system misconfigurations, and more. Those have to be uncovered from data found within different (typically siloed) tools. This visibility issue has caused CISOs to drown in vulnerabilities without the ability to identify the ones that present the highest risk to an organization. With asset intelligence as the foundation, the Sevco platform's exposure management capabilities help CISOs and security teams solve this challenge by proactively prioritizing, automating, and validating the remediation of all types of exposures, including software and environmental vulnerabilities. Additionally, the Sevco platform validates the successful completion of vulnerability remediation when it's observed on the asset itself, not just when a ticket is closed. This enables Sevco to highlight actionable metrics that allow CISOs to see what's working and what's not working in their remediation programs and break down cross-department silos that can cause visibility issues in the first place.How does it work: Sevco's approach to vulnerability prioritization differs from existing tools because the Sevco platform integrates with existing security tools to aggregate, correlate, and deduplicate the data in those sources to surface important context and assess the risk and business impact for each asset. With this knowledge, Sevco can automatically detect and proactively alert an organization's security team to vulnerabilities in their environment, including software vulnerabilities (CVEs), missing or misconfigured security controls (security gaps), and IT hygiene issues (unpatched devices and shadow IT). Additionally, Sevco helps to prioritize the CVEs, missing endpoint agents, and other IT hygiene vulnerabilities so our customers are always working on the highest risk issues first based on their specific business needs. Sevco's remediation management workflow helps to reduce risk dramatically with automation, key integrations that allow for collaboration and visibility across IT and security teams, and validation that remediation happened -- no matter the ticket status. Additionally, Sevco provides reports on remediation metrics that arm CISOs with the knowledge needed to understand the utilization of specific IT and security teams.Learn more about Sevco: https://itspm.ag/sevco250d8eNote: This story contains promotional content. Learn more.Guest: J.J. Guy, CEO and Co-Founder, SevcoOn LinkedIn | https://www.linkedin.com/in/jjguy/On Twitter | https://x.com/jjguy?lang=enResourcesState of the Cybersecurity Attack Surface (June 2024 Report): https://itspm.ag/sevco-l9blLearn more and catch more stories from Sevco: https://www.itspmagazine.com/directory/sevcoView all of our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugalLearn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
Last month, Sevco unveiled new capabilities in the Sevco platform to help manage and remediate risks for a new asset class – software vulnerabilities (think CVEs) and environmental vulnerabilities (think missing security tools, EOL systems, and IT hygiene issues). Sevco's exposure management capabilities centralize known and surface previously unknown vulnerabilities in one place, prioritize the most critical issues across the environment (based on technical severity and nearly unlimited business context derived from Sevco's asset intelligence), automate the remediation to fix priority issues and validate that remediation efforts are completed. With the help of these new capabilities in the Sevco platform, CISOs gain quantifiable insights to manage remediation programs, highlighting where efforts are working and where they aren't.Why does this matter: The systems that typically track and report CVEs, don't report on vulnerabilities in categories such as cloud, identity, system misconfigurations, and more. Those have to be uncovered from data found within different (typically siloed) tools. This visibility issue has caused CISOs to drown in vulnerabilities without the ability to identify the ones that present the highest risk to an organization. With asset intelligence as the foundation, the Sevco platform's exposure management capabilities help CISOs and security teams solve this challenge by proactively prioritizing, automating, and validating the remediation of all types of exposures, including software and environmental vulnerabilities. Additionally, the Sevco platform validates the successful completion of vulnerability remediation when it's observed on the asset itself, not just when a ticket is closed. This enables Sevco to highlight actionable metrics that allow CISOs to see what's working and what's not working in their remediation programs and break down cross-department silos that can cause visibility issues in the first place.How does it work: Sevco's approach to vulnerability prioritization differs from existing tools because the Sevco platform integrates with existing security tools to aggregate, correlate, and deduplicate the data in those sources to surface important context and assess the risk and business impact for each asset. With this knowledge, Sevco can automatically detect and proactively alert an organization's security team to vulnerabilities in their environment, including software vulnerabilities (CVEs), missing or misconfigured security controls (security gaps), and IT hygiene issues (unpatched devices and shadow IT). Additionally, Sevco helps to prioritize the CVEs, missing endpoint agents, and other IT hygiene vulnerabilities so our customers are always working on the highest risk issues first based on their specific business needs. Sevco's remediation management workflow helps to reduce risk dramatically with automation, key integrations that allow for collaboration and visibility across IT and security teams, and validation that remediation happened -- no matter the ticket status. Additionally, Sevco provides reports on remediation metrics that arm CISOs with the knowledge needed to understand the utilization of specific IT and security teams.Learn more about Sevco: https://itspm.ag/sevco250d8eNote: This story contains promotional content. Learn more.Guest: J.J. Guy, CEO and Co-Founder, SevcoOn LinkedIn | https://www.linkedin.com/in/jjguy/On Twitter | https://x.com/jjguy?lang=enResourcesState of the Cybersecurity Attack Surface (June 2024 Report): https://itspm.ag/sevco-l9blLearn more and catch more stories from Sevco: https://www.itspmagazine.com/directory/sevcoView all of our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugalLearn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
The manufacturing threat landscape is evolving rapidly, with increased automation and remote access needs making Operational Technology (OT) environments more vulnerable to cyber threats. As attackers become more sophisticated, manufacturers must adapt to protect their critical infrastructure and maintain business continuity. Join Tia Hopkins, Field CTO & Chief Cyber Resilience Officer at eSentire, and Ray Texter, Chief of Information Security at Texas United Management, as they discuss the current state of cybersecurity in manufacturing. They delve into the complexities of securing OT environments, the impact of geopolitical tensions, and strategies to enhance cyber resilience. Key Takeaways: Importance of strong cybersecurity partnerships for midsize companies. The growing significance of OT security in manufacturing. Benefits of industry collaboration and cross-departmental cooperation in enhancing breach response. Managing overall exposure beyond traditional vulnerability management. Preparing for new CISA reporting requirements and their impact on cybersecurity budgets and strategies. -- Have a question for us? Reach out: hello@esentire.com --- About Cyber Talks From ransomware attacks to supply chain compromises, eSentire's Cyber Talks podcast will delve into the world of the latest cyber threats that are impacting businesses globally. Join our team of security experts as we speak with C-level executives and security practitioners about the cyber risks affecting their business and how they're addressing these challenges. About eSentire eSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization's cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world's most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit www.esentire.com and follow @eSentire.
The manufacturing industry is facing an increasingly complex threat landscape, characterized by expanding attack surfaces due to continuous IT transformation and interconnected OT environments. Key threats such as ransomware and sophisticated social engineering attacks are exploiting these vulnerabilities, making robust security measures and swift incident response crucial. Join Spence Hutchinson, Staff Threat Intelligence Researcher on the Threat Response Unit (TRU) at eSentire, as he delves into the current threat landscape for the manufacturing sector. Spence discusses the latest trends in cyber threats and provides actionable insights based on recent reports from eSentire's Threat Response Unit (TRU). Understanding the "threat surface scope creep" and its implications for manufacturing security. The critical role of visibility in preventing and detecting intrusions stemming from stolen credentials and unpatched vulnerabilities. The rising prevalence of browser-based attacks and USB worms, and how they are targeting manufacturing systems. Strategies for implementing phish-resistant multi-factor authentication and robust device management to mitigate risks. Insights into the underground market dynamics, including credential markets and access brokers, and their impact on the manufacturing sector. -- Have a question for us? Reach out: hello@esentire.com --- About Cyber Talks From ransomware attacks to supply chain compromises, eSentire's Cyber Talks podcast will delve into the world of the latest cyber threats that are impacting businesses globally. Join our team of security experts as we speak with C-level executives and security practitioners about the cyber risks affecting their business and how they're addressing these challenges. About eSentire eSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization's cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world's most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit www.esentire.com and follow @eSentire.
Ivanti's Chris Goettl (VP of Product, Patch Management) welcomes back Robert Waters (Lead PMM, Exposure Management) for a follow-up on Verizon's 2024 Data Breach Investigations Report, discussing the two main attack vectors used in most breaches -- phishing and credential attacks -- and how your organization should go about defending itself. To view Verizon's report, head to: https://www.verizon.com/business/resources/reports/dbir/Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)
In this episode of Cyber Talks, Erin McLean and Eldon Sprickerhoff, Founder & Advisor of eSentire, to discuss the latest trends and misconceptions in cybersecurity. Eldon shares his recent experience of being inducted into the Waterloo Entrepreneur Hall of Fame, reflecting on his journey and the importance of support from his family and colleagues. The conversation dives into debunking pervasive myths in the industry, such as "the bad guys only need to be right once" and "humans are the weakest link," offering a more nuanced view of the ongoing battle between threat actors and security practitioners. Eldon also provides insights into the role of AI in cybersecurity, stressing the need for scrutiny and understanding the practical outcomes of AI tools. He discusses the evolving concept of materiality in the context of SEC regulations and the importance of honest communication about cybersecurity incidents. -- Have a question for us? Reach out: hello@esentire.com --- About Cyber Talks From ransomware attacks to supply chain compromises, eSentire's Cyber Talks podcast will delve into the world of the latest cyber threats that are impacting businesses globally. Join our team of security experts as we speak with C-level executives and security practitioners about the cyber risks affecting their business and how they're addressing these challenges. About eSentire eSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization's cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world's most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit www.esentire.com and follow @eSentire.
In this episode of Cyber Talks, Erin McLean, Chief Marketing Officer at eSentire, sits down with Bob Layton, Chief Channel Officer, and Tommy Wald, CEO of RIATA Technologies, to discuss the evolution of MSSP services, the importance of building strong client relationships, and the necessity of robust vendor partnerships. Tommy and Bob also share their experiences and insights on transitioning from hardware reselling to managed services, developing industry best practices, and the challenges of commoditization in the MSP space. Key discussion points include: The importance of building a sustainable business model, and differentiating services to stand out in a crowded market. How MSSPs can understand client needs, by focusing on service quality and maintaining compliance in regulated industries. The role of security as a utility and the importance of delivering exceptional service rather than competing on brand power alone. Future trends that will impact the MSSP market (e.g., increasing role of automation, the need for standardized definitions, and practices in the MSP industry). -- Have a question for us? Reach out: hello@esentire.com --- About Cyber Talks From ransomware attacks to supply chain compromises, eSentire's Cyber Talks podcast will delve into the world of the latest cyber threats that are impacting businesses globally. Join our team of security experts as we speak with C-level executives and security practitioners about the cyber risks affecting their business and how they're addressing these challenges. About eSentire eSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization's cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world's most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit www.esentire.com and follow @eSentire.
Although mergers and acquisitions (M&As) are strategic moves that can propel companies toward greater market share, enhanced capabilities, and increased innovation, one critical aspect often overlooked is cybersecurity. Ensuring robust cybersecurity during the M&A process is paramount, as it safeguards the integrity of both companies involved, protects sensitive data, and mitigates potential risks that could derail the transaction or devalue the acquisition. In this podcast episode, Greg Crowley, Chief Information Security Officer at eSentire, discusses the role of cybersecurity in M&As with Ron Park, Operating Partner & Technology Advisor to PE firms, and Dwayne Smith, SVP, Security and Global CISO of PrismHR. Together, Ron, Dwayne, and Greg discuss the importance of incorporating cybersecurity considerations in the due diligence process, the practical aspects of evaluating a company's security posture, managing risks, and ensuring a smooth post-acquisition integration. Key discussion points include: The various stakeholders involved in M&A processes (e.g., buyers, sellers, and third-party consultants) and key areas to focus on during tech and product diligence, including cybersecurity, organizational structure, and technology processes. The importance of having a standardized playbook for M&A processes and the challenges of dealing with disparate cybersecurity practices across merged entities. The critical need for effective communication with non-technical stakeholders. -- Have a question for us? Reach out: hello@esentire.com --- About Cyber Talks From ransomware attacks to supply chain compromises, eSentire's Cyber Talks podcast will delve into the world of the latest cyber threats that are impacting businesses globally. Join our team of security experts as we speak with C-level executives and security practitioners about the cyber risks affecting their business and how they're addressing these challenges. About eSentire eSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization's cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world's most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit www.esentire.com and follow @eSentire.
Ivanti's Chris Goettl (VP of Product, Patch Management) welcomes Robert Waters (Lead PMM, Exposure Management) as they discuss the key takeaways from Verizon's latest annual Data Breach Investigations Report: persistent risk from credentials, more and more sophisticated phishing attacks, and the rising prevalence of vulnerability exploits. To view the report yourself, head to: https://www.verizon.com/business/resources/reports/dbir/Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)
For those who want to enter the cybersecurity field, especially if they come from a non-technical background, there is no shortage of opportunities. Just ask Kristin Kelly, our Growth Marketing Programs Specialist, who was recently recognized as a Young Professional to Watch by the International Legal Technology Association (ILTA). In this conversation with Erin McLean, Chief Marketing Officer at eSentire, Kristin shares her story of how she transitioned from a non-technical PR role to becoming a technical cybersecurity marketer and how her involvement with industry events like RSA and ILTACON have enabled her to build key relationships with cybersecurity leaders. Key topics of discussion include: How Kristin has worked to overcome imposter syndrome and become more proactive to share ideas and build networks at work The importance of self-education and networking to grow in the cybersecurity industry Why it's critical to empathize with your customers and partners and go beyond business transactions to build trusted relationships --- Have a question for us? Reach out: hello@esentire.com --- About Cyber Talks From ransomware attacks to supply chain compromises, eSentire's Cyber Talks podcast will delve into the world of the latest cyber threats that are impacting businesses globally. Join our team of security experts as we speak with C-level executives and security practitioners about the cyber risks affecting their business and how they're addressing these challenges. About eSentire eSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization's cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world's most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit www.esentire.com and follow @eSentire.
In this episode, Ciaran Luttrell, Sr. Director of SOC Operations, EMEA, is joined by Rob Watson, SVP Security Services, to discuss security operations. Specifically, they chat about how SOCs should be structured, how to build a high-performing team of SOC Analysts, helping your team tackle burnout, and what it really takes to build an in-house SOC. Key conversation topics include: How to structure your SOC Analysts teams, from Tier 0 to Tier 3 support Strategies for effectively managing a SOC The real value that a robust team of SOC Analysts can bring to the table and how they help organizations deal with coverage, visibility, and threat response How security operations may evolve in the future --- Have a question for us? Reach out: hello@esentire.com --- About Cyber Talks From ransomware attacks to supply chain compromises, eSentire's Cyber Talks podcast will delve into the world of the latest cyber threats that are impacting businesses globally. Join our team of security experts as we speak with C-level executives and security practitioners about the cyber risks affecting their business and how they're addressing these challenges. About eSentire eSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization's cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world's most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit www.esentire.com and follow @eSentire.
In this episode, we sit down with Spence Hutchinson, Sr. Staff Threat Intelligence Researcher with our Threat Response Unit (TRU), and chat about the ransomware landscape, the cybercriminal "gig" economy, and which industries and types of businesses are most at risk of ransomware attacks. Key takeaways from the conversation include: The evolution of ransomware attacks from simple smash-and-grab strategies to more sophisticated network-wide dominations How ransomware-as-a-service groups operate and how they infiltrate networks to gain initial access How the "outside in" approach helps to understand threats posed by the Dark Web The role that Initial Access Brokers (IABs) play in the ransomware economy and how they use the Dark Web to sell access to other cybercriminals Why Lockbit is one of the most impactful threats for SMBs and why it's so challenging to defend against --- Have a question for us? Reach out: hello@esentire.com --- About Cyber Talks From ransomware attacks to supply chain compromises, eSentire's Cyber Talks podcast will delve into the world of the latest cyber threats that are impacting businesses globally. Join our team of security experts as we speak with C-level executives and security practitioners about the cyber risks affecting their business and how they're addressing these challenges. About eSentire eSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization's cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world's most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit www.esentire.com and follow @eSentire.
In this episode, we sit down with Joe Panettieri, Founder of Channel Angels, Sustainable Tech Partner, and Mentore Ventures, to discuss how Joe got his start as a communications intern at IBM, his approach to making cybersecurity communications clear and digestible, and the dynamic nature of the cybersecurity industry. He also shares the lessons learned from supporting a wide array of cybersecurity stakeholders and his experience with ChannelE2E, focusing on business valuation maximization and provides an insider's view on the inception of the MSP 501 list, along with insights into the evolving relationship between service providers and CIOs/CISOs. Key takeaways from the conversation include: The importance of clarity and customer understanding in cybersecurity communications. Business valuation in the MSP and MSSP sector is heavily influenced by evolving market trends and re-emerging technologies. MDR's increasing significance in the cybersecurity landscape and the essential questions CISOs/CIOs must ask of their service providers. The impact of Generative AI on the cybersecurity industry and the strategic advice for navigating its implications. The convergence of green IT and cybersecurity, highlighting the urgency for service providers to adopt sustainable practices. --- Have a question for us? Reach out: hello@esentire.com --- About Cyber Talks From ransomware attacks to supply chain compromises, eSentire's Cyber Talks podcast will delve into the world of the latest cyber threats that are impacting businesses globally. Join our team of security experts as we speak with C-level executives and security practitioners about the cyber risks affecting their business and how they're addressing these challenges. About eSentire eSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization's cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world's most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit www.esentire.com and follow @eSentire.
The AlphV/BlackCat ransomware-as-a-service gang has been in the news lately thanks to the recent ransomware attack on Change Healthcare that resulted in widespread disruptions to healthcare services and allegedly resulted in the organization paying a $22 million ransom. Shortly thereafter, an affiliate claimed that BlackCat cheated them out of their share of the $22 million dollar ransom. So, what's going on? In this episode, Spence Hutchinson speaks with Joe Stewart, Principal Threat Researcher at eSentire, and Keegan Keplinger, Sr. Threat Intelligence Researcher at eSentire, all about AlphV/BlackCat's ransomware operations. Key topics discussed include: Who AlphV/BlackCat ransomware operators are and how they use malvertising to gain initial access The ransomware attack on Change Healthcare The validity of BlackCat claiming that the FBI has seized their Dark Web site and released a decryption tool Signs that a ransomware-as-a-service group is rebranding or preparing an exit scam --- Have a question for us? Reach out: hello@esentire.com --- About Cyber Talks From ransomware attacks to supply chain compromises, eSentire's Cyber Talks podcast will delve into the world of the latest cyber threats that are impacting businesses globally. Join our team of security experts as we speak with C-level executives and security practitioners about the cyber risks affecting their business and how they're addressing these challenges. About eSentire eSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization's cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world's most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit www.esentire.com and follow @eSentire.
Private Equity (PE) firms are increasingly targeted due to their comprehensive disclosure requirements, possession of sensitive data, and wide network of portfolio companies, making them lucrative targets for cybercriminals. What's more, threat actors exploit these characteristics to gain access to an extensive network by breaching just one entity. In this episode of Cyber Talks, Ryan Westman and Eldon Sprickerhoff dive into the intricate relationship between private equity firms and their portfolio companies concerning cybersecurity. Key takeaways of the episode include: Reasons PE firms are attractive targets for cybercriminals, including their access to sensitive data and extensive networks Unique challenges PE firms face, such as limited visibility and control over cybersecurity measures across their portfolio companies and the diverse range of cyber risks associated with investing across multiple industries Common misconceptions about cybersecurity postures among PE firms, the evolving tactics of cyberattackers, and the critical role of user awareness in preventing attacks Recommendations to defend against remote exploitation and the misuse of valid credentials --- Have a question for us? Reach out: hello@esentire.com --- About Cyber Talks From ransomware attacks to supply chain compromises, eSentire's Cyber Talks podcast will delve into the world of the latest cyber threats that are impacting businesses globally. Join our team of security experts as we speak with C-level executives and security practitioners about the cyber risks affecting their business and how they're addressing these challenges. About eSentire eSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization's cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world's most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit www.esentire.com and follow @eSentire.
Since its emergence in 1911, every year on March 8, we celebrate International Women's Day to recognize the inspiring contributions that women have made in the professional and personal lives of those around them. In this episode, Erin McLean talks to Tia Hopkins and Andrea Markstrom, the Chief Information Officer at Schulte Roth & Zabel LLP and Founder of i.WILL, about their career journeys in cybersecurity, how they empower and support women, and the foundations they've started. They discuss: Why there's no single, linear path into cybersecurity or leadership roles in technology The importance of mentorship and networking for growth Their commitment to lifting as they climb through their involvement with the i.WILL and Black Women in Cyber Collective foundations How to find your voice and make a mark in your field --- Have a question for us? Reach out: hello@esentire.com --- About Cyber Talks From ransomware attacks to supply chain compromises, eSentire's Cyber Talks podcast will delve into the world of the latest cyber threats that are impacting businesses globally. Join our team of security experts as we speak with C-level executives and security practitioners about the cyber risks affecting their business and how they're addressing these challenges. About eSentire eSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization's cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world's most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit www.esentire.com and follow @eSentire.
Since their emergence in 2019 under the moniker 'ABCD', the LockBit ransomware-as-a-service gang has carved out a notorious reputation as a leading purveyor of ransomware. Their notoriety was cemented by pioneering triple extortion techniques and causing unprecedented disruption across the globe. However, they suffered a significant blow with the orchestrated international law enforcement operation named 'Operation Cronos'. In this episode, Ciaran Luttrell, Keegan Keplinger, and Brandon Stencell, provide a gripping account of LockBit's operations, their innovative TTPs, and the collaborative law enforcement efforts that led to their partial dismantling. We also offer an insider's look into how the takedown was executed, the resurgence of LockBit and the new Dark Web leak sites, and the broader implications for cybersecurity professionals. Key discussion points include: The evolution and operational methods of LockBit since its inception. Insights into 'Operation Cronos' and its impact on LockBit's infrastructure. The tactical shutdown of LockBit's technical and financial frameworks by international law enforcement. The immediate response by LockBit, including setting up new operations and their public threats. Strategies and advice for cybersecurity professionals to safeguard against future iterations of LockBit and similar ransomware threats. --- Have a question for us? Reach out: hello@esentire.com --- About Cyber Talks From ransomware attacks to supply chain compromises, eSentire's Cyber Talks podcast will delve into the world of the latest cyber threats that are impacting businesses globally. Join our team of security experts as we speak with C-level executives and security practitioners about the cyber risks affecting their business and how they're addressing these challenges. About eSentire eSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization's cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world's most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit www.esentire.com and follow @eSentire.
In this episode, we explore Michael Smith's journey from an Air Force IT Manager to VP of Infrastructure and Operations at Trinity Industries, Inc., highlighting his pivotal roles and the cybersecurity landscape within the architecture, engineering, and construction sectors. Michael shares insights on outsourcing cybersecurity teams, the strategic decision-making behind these choices, the evolving role of the CISO, and the importance of strategic positioning within an organization. Michael emphasizes the strategic value of leadership positions and how the role that mentorship played in his transition from CISO to CIO while at Jacobs. The discussion also covers Michael's philosophy on leadership, focusing on extreme ownership and servant leadership, and how this influences his approach to new operational challenges. Key takeaways include: The importance of adaptability and strategic thinking in advancing from technical roles to executive leadership in cybersecurity. Why mentorship and leadership development are critical for building resilient cybersecurity teams and fostering innovation. Strategic outsourcing vs. in-house team development: considerations for effective cybersecurity management. The evolving role of the CISO in organizational structures and the importance of C-level accountability and board engagement in cybersecurity. --- Have a question for us? Reach out: hello@esentire.com --- About Cyber Talks From ransomware attacks to supply chain compromises, eSentire's Cyber Talks podcast will delve into the world of the latest cyber threats that are impacting businesses globally. Join our team of security experts as we speak with C-level executives and security practitioners about the cyber risks affecting their business and how they're addressing these challenges. About eSentire eSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization's cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world's most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit www.esentire.com and follow @eSentire.
Given the macroeconomic climate, security leaders are constantly tasked to do more with less – you're being asked to take on more responsibility and protect your organizations against increasing cyber threats while balancing evolving regulatory frameworks and third-party vendor risk management. In this episode, Tia Hopkins, Chief Cyber Resilience Officer at eSentire, and Greg Crowley, Chief Information Security Officer at eSentire, discuss the trends they are seeing from a budgetary perspective and how security leaders can build a more resilient security operation. Key topics of discussion include: Most common types of cyber threats impacting businesses (e.g., the ‘as-a-service' business model, nation-state cyberattacks, etc.) Why security leaders need to shift from a cyber risk reduction mindset to building cyber resilience mindset The two options that security leaders have to build a more resilient security operation (i.e., DIY approach vs. outsourcing 24/7 threat detection, investigation, and response capabilities) How to build alignment with finance leaders to get the cybersecurity investment you need --- Have a question for us? Reach out: hello@esentire.com --- About Cyber Talks From ransomware attacks to supply chain compromises, eSentire's Cyber Talks podcast will delve into the world of the latest cyber threats that are impacting businesses globally. Join our team of security experts as we speak with C-level executives and security practitioners about the cyber risks affecting their business and how they're addressing these challenges. About eSentire eSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization's cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world's most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit www.esentire.com and follow @eSentire.
Organizations can no longer rely on legacy vulnerability management solutions to protect against even basic attacks. Instead, vulnerability management is just one small component in a unified continuous threat exposure management (CTEM) approach to securing an enterprise from malicious intruders and ransomware. In addition to vulnerability management, security around misconfigurations, patching, identity, software, external attack surfaces, and more must be included. In this ISACA Podcast, Nanitor Chief Strategist Derek Melber explains that an organization can prevent breaches and ransomware by taking an asset-centric prioritized-security approach that includes all of these security areas. For more ISACA Podcasts, visit www.isaca.org/podcasts To learn more about Nanitor, please visit https://nanitor.com/ To view the Nanitor article, please click https://nanitor.com/resources/blog/cybersecurity/exploring-continuous-threat-exposure-management-ctem/
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our sponsored guest, Himaja Motheram, Censys. In this episode: How can one create a security program around unknown problems? Don't we know a lot of the things we lack visibility into that can cause security issues? But what about the things you don't even know about in the first place? Will that thing we don't even know to look at, ever cause a security issue? Thanks to our podcast sponsor, Censys Censys is the leading Internet Intelligence Platform for Threat Hunting and Exposure Management. We provide the most comprehensive, accurate, and up-to-date map of the internet, which scans 45x more services than the nearest competitor across the world's largest certificate database (>10B). Learn more at www.censys.com.
I explore the escalating challenges of cloud security and hacker trends with Nico Popp, Chief Product Officer of Tenable—the leading Exposure Management company. With public cloud spending estimated to soar to nearly $600B in 2023, organizations find themselves in a race against evolving cyber threats. Nico lends his expertise to decode the complexities around the pressing need for unified Cloud Security Posture Management and vulnerability solutions, as Tenable rolls out advancements in their Tenable One platform. The episode unpacks how simple misconfigurations and software vulnerabilities can serve as gateways for significant security breaches, making it essential for businesses to transition from reactive threat detection to preventative cloud security. Nico also highlights the concept of exposure management as a paradigm shift that consolidates various security vendors into a unified data platform. This forward-thinking strategy not only operationalizes vulnerability management but also transcends mere compliance to bolster real cybersecurity capabilities. Tune in to glean actionable insights on achieving a robust cloud security architecture and staying a step ahead of imminent hacker trends. A must-listen for anyone tasked with safeguarding complex cloud environments.
All links and images for this episode can be found on CISO Series. CISOs are common among the Fortune 500. But it remains rare to see them listed in executive leadership. Given that every company says security is of prime importance, why aren't CISOs named within the top company echelons? This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series, and Allan Cockriel, CISO of Shell. Joining us is our special guest, Mary Rose Martinez, CISO, Marathon Petroleum. Thanks to our podcast sponsor, Censys Censys is the leading Internet Intelligence Platform for Threat Hunting and Exposure Management. We provide the most comprehensive, accurate, and up-to-date map of the internet, which scans 45x more services than the nearest competitor across the world's largest certificate database (>10B). Learn more at www.censys.com. In this episode: Given that every company says security is of prime importance, why aren't CISOs named within the top company echelons? Can you think of a security action that did work at one organization that simply wouldn't work in another because of the culture? When it comes to communicating bad news to the board and c-suite, what techniques have worked the best?