POPULARITY
36 episodes with exposure management
30 episodes with exposure management
9 episodes with exposure management
5 episodes with exposure management
2 episodes with exposure management
3 episodes with exposure management
2 episodes with exposure management
3 episodes with exposure management
2 episodes with exposure management
At Infosecurity Europe 2026, Matt Middleton-Leal, Regional Vice President for Qualys across Northern Europe, joins Sean Martin inside the Risk Operations Center built into the Qualys booth. The premise is blunt: cybersecurity has spent years getting good at measuring risk and almost no time getting good at fixing it. The Risk Operations Center, or ROC, is the Qualys answer to that imbalance. So what is a ROC? It is not a product. Middleton-Leal describes it as an operating model that pulls scattered risk signals together, ranks them by business context and financial impact, and drives them toward remediation. If a SOC looks in the rearview mirror at what already happened, the ROC looks through the windshield at the risk ahead. Why now? Because risk moves at machine speed. In an AI-driven world of frontier models and autonomous agents, Middleton-Leal argues that remediation tied to service desk tickets is already too slow. He shares what happens when a client prepares to deploy tens of thousands of new agents before anyone knows what those agents touch or where their data goes. The example that lands hardest is a number: 62 million risk findings across one client's combined tooling. Middleton-Leal walks through how threat intelligence, business context, and safe exploitability testing collapse that figure to under one percent of fixes that genuinely reduce loss. It is a concrete look at how to prioritize remediation instead of drowning in dashboards. There is a quieter shift underneath it all: financial risk quantification, long reserved for the largest banks, reaching companies that never had the analysts to build it. Working with Richard Seiersen, Chief Risk Technology Officer at Qualys, the company is building ways to answer questions like what a ransomware event would likely cost a business in your sector and region. Middleton-Leal closes with the one place every organization should start, whether they use Qualys or not. This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight GUESTMatt Middleton-Leal, Regional Vice President, Northern Europe, Qualys LinkedIn: https://www.linkedin.com/in/matt-middleton-leal-a56557/ RESOURCES Qualys: https://www.qualys.com ITSPmagazine Infosecurity Europe 2026 coverage: https://www.itspmagazine.com/infosecurity-europe-2026-infosec-london-cybersecurity-event-coverage Richard Seiersen, Chief Risk Technology Officer at Qualys, co-author of "How to Measure Anything in Cybersecurity Risk" Connect with Matt Middleton-Leal on LinkedIn: https://www.linkedin.com/in/matt-middleton-leal-a56557/ Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight ▶︎ Get your own Brand Briefing at an upcoming event: https://www.studioc60.com/buy-brand-briefings KEYWORDS Matt Middleton-Leal, Qualys, Sean Martin, brand story, brand marketing, marketing podcast, brand spotlight, Risk Operations Center, ROC, risk remediation, cyber risk quantification, exposure management, vulnerability management, Richard Seiersen, AI security risk, Infosecurity Europe 2026, machine speed remediation, security operations Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
Is your vulnerability management program ready for something like Claude Mythos? The old days of treating vulnerabilities as temporal events (like Heartbleed or Log4J) and patching them on a leisurely 30, 60, or 90-day cycle are officially over.In this episode, Ashish sits down with Brad Hibbert, COO and Chief Strategy Officer at Brinqa. Brad explains how the release of Anthropic's Claude Mythos, an AI model capable of discovering vulnerabilities at machine speed without human intervention has compressed the time-to-exploit from months down to mere seconds.We discuss why the traditional assumption that "sophisticated attacks require sophisticated attackers" is no longer relevant, and why leaning solely on CVSS scores will drown your remediation teams in noise. We speak about how defenders must pivot from generic patching to focusing on true exploitability within their specific environments. Learn how AI can chain multiple "low severity" vulnerabilities (which were previously ignored 90% of the time) to gain root access, and why siloed AI security tools will lead to an expensive and ineffective game of "Whac-A-Mole".Guest Socials - Brad's LinkedinPodcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter If you are interested in AI Security, you can check out our sister podcast - AI Security PodcastQuestions asked:(00:00) Introduction(02:30) Brad Hibbert's Background and Role at Brinqa(03:40) Heartbleed vs. Claude Mythos: Temporal vs. Persistent Threats(05:30) AI Weaponization: From Months to Seconds(06:50) Elevating the Threat Model Beyond CVSS(09:30) The Tsunami of Vulnerabilities and the Need for Exploitability(12:10) Bridging the Blind Spots in Exposure Management(15:10) Resolving Friction Between Security and Remediation Teams(21:00) Automating Remediation Without Losing Oversight(28:30) The Problem with Treating Every Vulnerability Individually(30:20) Why We Ignored 90% of Low Severity Vulnerabilities(32:30) Siloed AI and the Costly Game of "Whac-A-Mole"(35:30) Defining "Reasonable Security" in the AI Era(41:10) Quick Wins: Where to Start Uplifting Your ProgramResources spoken about during the episode:Mythos Changes the Offense.5 Things Every CISO Should Do Before the Next MythosThank you to Brinqa for sponsoring this episode
In episode one of our 2026 CDW Canadian Cybersecurity Study series, Ivo Wiens and Ben Boi‑Doku explore how cybersecurity has become a board‑level priority and why increased funding now comes with higher expectations. As budgets grow, leaders are demanding measurable proof of risk reduction, not just security activity. This episode breaks down practical ways to quantify cyber risk, from KRIs and vulnerability management to financial risk frameworks, helping security teams connect technical efforts to real business outcomes. To learn more, visit cdw.ca Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
Security teams have more data than ever -- and less confidence in it. Angelos Kottas, VP of Product and Corporate Marketing at Axonius, opens by sharing a striking finding from the Axonius Actionability Report: 55% of CISOs still run their environments off spreadsheets, and fewer than 20% have daily updates to their asset data. The result is a gap between what organizations think they know and what is actually happening across their digital real estate. Axonius was founded in 2017 after its co-founders witnessed a Fortune 100 retailer go into crisis during a live security incident -- unable to identify which assets were impacted or who owned them. That founding story still frames the company's mission: give security teams a comprehensive, enriched, and current view of every asset so they can stop flying blind. But Kottas argues that visibility alone is no longer the goal. Axonius launched its exposure management product at RSAC Conference 2025 -- its most successful product launch to date -- and the message from customers is consistent: what used to take weeks now takes hours or minutes. The platform now enables teams to move from discovery to coverage gap analysis to prioritized remediation, all in one place. The business case is real. Texas A&M University used Axonius to gamify risk reduction across its decentralized schools and divisions, turning remediation into a leaderboard and dramatically accelerating time to closure. An entertainment company customer used Axonius during the 2024 CrowdStrike Blue Screen of Death incident to scope its impact and build a remediation plan in minutes -- delaying operations by just five minutes, while others faced days of disruption. Kottas also addresses the AI question head-on. He frames it as AI squared: the foundation for artificial intelligence is asset intelligence. Agentic AI and autonomous SOC workflows are only as reliable as the data underneath them. Conflicting endpoint counts across EDR, CMDB, and other tools produce dirty data that undermines AI trust. Axonius solves this by delivering a deduplicated, enriched asset graph with business context layered in -- so AI systems can make recommendations organizations can actually act on. This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight GUEST Angelos Kottas, VP of Product and Corporate Marketing, Axonius LinkedIn: https://www.linkedin.com/in/amkottas/ RESOURCES Axonius website: https://www.axonius.com Axonius Actionability Report: https://www.axonius.com (available on the Axonius website) Adapt 2026 (annual customer conference, April 15, New York City): https://www.axonius.com Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Angelos Kottas, Axonius, Sean Martin, asset intelligence, exposure management, cyber asset attack surface management, CAASM, vulnerability management, actionability, CISO visibility, AI in cybersecurity, agentic AI, asset discovery, coverage gap analysis, incident response, RSAC Conference 2026, brand spotlight, brand story, brand marketing, marketing podcast Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
Roi Karo, chief strategy officer at Check Point Check Point Software has been on an acquisition tear. Under new CEO Nadav Zafrir, the company has picked up five startups since early 2025, with three announced simultaneously in February: Cyclops, Cyata, and Rotate. But these aren’t opportunistic bolt-ons. They map directly to a four-pillar strategy that Check Point says defines the future of its security platform: Hybrid Mesh Network Security, Workspace Security, Exposure Management, and AI Security. In this episode, we sit down with Roi Karo, Check Point’s Chief Strategy Officer, and Angelo Valentini, head of channel sales for Canada, to dig into the thinking behind the acquisitions and what they mean for the channel. Roi brings an unusual perspective to the table, shaped by 25 years in Israeli defense intelligence and a stint as Chief Risk and Strategy Officer at blockchain infrastructure company Fireblocks before joining Check Point. Angelo Valentini, head of channel sales for Canada at Check Point The conversation covers how each acquisition fits into the broader strategy: Rotate brings MSP-native expertise to the Workspace Security pillar, where Check Point is consolidating endpoint, email, browser, and mobile security under a single management layer. Cyclops completes a full Continuous Threat Exposure Management cycle by adding internal asset scanning alongside CyberInt’s external scanning and Veriti’s automated remediation. And Cyata addresses the emerging challenge of governing autonomous AI agents operating on user endpoints, a category that barely existed a year ago but is evolving fast. We also explore what Check Point means by an “open garden” platform, including how its tools integrate with and remediate across competitors’ products, and how that philosophy plays out in practice for MSPs managing multi-vendor security stacks. Angelo adds a Canadian lens, touching on the opportunity in Canada’s SMB-dominant market and the compliance implications of Bill C-26. Check Point’s MSSP Partner Program offers consumption-based pricing and multi-tenant management for solution providers looking to explore the opportunity. Roi closes with a pointed message for partners: the assumption that there’s still time to learn and prepare is “terribly wrong.” The threat landscape is accelerating, and the window to adapt is narrower than most people think. Read Full Transcript Robert Dutt: Hello and welcome to In The Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel for the last 16 years. I’m Robert Dutt, editor of ChannelBuzz.ca, and as always your host for the show. Check Point Software has been making some big moves. Under new CEO Nadav Zafrir, the company has acquired five companies since early 2025, including three announced simultaneously in February: Cyclops, Cyata, and Rotate. And these aren’t random bolt-ons. They map to a deliberate four-pillar strategy that Check Point says defines the future of the platform. Those four pillars are: Hybrid Mesh Network Security, covering data centers, cloud, SASE, and SD-WAN. Workspace Security, protecting endpoints, email, browsers, and SaaS applications. Exposure Management, giving organizations visibility into their full attack surface. And AI Security, governing the new wave of autonomous AI agents operating inside enterprise environments. For solution providers, the most interesting piece here might be the Rotate acquisition. It’s an acqui-hire that brings in a team with deep roots in the MSP ecosystem, including veterans of Datto and Kaseya. Cyclops adds a data lake with over 150 integrations for attack surface management. And Cyata tackles a category that barely existed a year ago: identity management for AI agents. To unpack the strategy and what it means for the channel, I sat down with Roi Karo, Check Point’s chief strategy officer, and Angelo Valentini, who leads Check Point’s Canadian partner business. Roi brings an unusual perspective – 25 years in Israeli defense intelligence and a stint as chief risk and strategy officer at blockchain infrastructure company Fireblocks before joining Check Point. Here’s our conversation. Gentlemen, thank you for taking the time. I appreciate it. Roi Karo: Thank you very much. Angelo Valentini: Thanks for having us. Robert Dutt: Roi, before we dive into strategy itself, you come to Check Point from Fireblocks, and before that, 25 years in the IDF and on that side of the world. Pretty unique lens. I’m just curious, how does that shape how you think about security strategy versus someone who’s grown up and spent that kind of time inside the cybersecurity vendor world? Roi Karo: Yeah, that’s interesting. I think it gives a unique perspective, being part of the Israeli intelligence security, and it gives, I think, a wide view of how things are shaping. And it’s part of what we’re trying to answer today. The biggest hurdle I’m trying to uncover is what is going on. What’s going on in the world, what is going on in the market, and of course, how should we react as a security company. And I think my background gives an interesting perspective for that. And stating what is obvious, in Israel, many people in the cybersecurity industry are veterans of the Israeli defense forces. So it’s an interesting background and a very useful background to be part of the security ecosystem in Israel. Robert Dutt: You guys announced three acquisitions simultaneously, and that’s following last year, which saw Lakera and Veriti. That’s an aggressive pace. I guess, what do you see as the strategic urgency driving the acquisitions? Is it about AI creating new categories of risk, or is it about the competitive landscape forcing your hand? Is it a little bit of both? What’s driving this? Roi Karo: Yeah, I think both and maybe some more. Stating the obvious, things are changing faster than before. Everybody’s talking about how AI is changing the world. Something that everybody says in their first sentence: everything is faster. Things that before took years now take weeks and even days. So we can’t just wait. We need to move fast, faster than we moved before. So acquisition is a great way to move faster. When we find a very strong team that has a very good product that can help our portfolio and give us good products that we can suggest or offer to our customers, this is something that we’re very interested in. And I think, as you mentioned, the competitive landscape – competitors are also moving faster. So we need to keep pace. And the last thing I would add, Check Point as a large company offers a wide variety of solutions. We’re very known for our firewalls and network security, but if we’ll have more time, we can talk about the other pillars. And actually all three new acquisitions are supporting and accelerating our other product pillars. So offering a consolidated solution to our customers is one of our biggest strategic moves, and all of those acquisitions are helping us to get faster through this target. Robert Dutt: You kind of presage where I was going next, which is, in your blog post, you frame four pillars of where Check Point is going, what you want to be locking down. And as you rightly point out, Check Point has that history, that strength in network security. The newer bets, especially both exposure management and AI security, which is obviously nascent – it seems like they require different muscles, different skill sets, different approaches from Check Point and from partners alike. Where are the real capability gaps that needed filling? Roi Karo: Yeah, so I think when talking about gaps, there are different types of gaps. One type of gap is mostly on the AI front. Everything is new. So to be very honest, I think that the security industry is still learning how to secure AI. So we have gaps. Everybody has gaps because it’s so new. We’re inventing new things. We’re building new kinds of security solutions. And that’s one type of a gap. A different type of a gap is that we have products for many years and we want to have better solutions, acquiring features or products that can help us accelerate closing those types of gaps. But I think the first type is more interesting because those are purpose-built solutions that did not exist before. This is where the true innovation is happening. And without that, nobody will be able to secure the new types of attacks that we’re seeing in the wild. Angelo Valentini: Robert, if I could just add – on the partner side, I think some of the gaps and concerns are really about visibility, governance, and also about operational efficiency. I think that’s one of the things that we’re trying to help partners with in terms of what their concerns are relative to AI, relative to exposure management, all these areas. Robert Dutt: You describe this whole scenario as an open garden platform, which is a nice framing versus the walled garden approach. For MSPs who are running multi-vendor security stacks and representing multiple security vendors, which, let’s be honest, is the vast majority – what does that open garden mean in practice for them? Roi Karo: Yeah, so I think a couple of things. Our philosophy is openness. We’re not trying to create any kind of vendor lock. We play with all vendors. You mentioned the acquisition from last year of Veriti. That’s a great example because what Veriti offers is the ability to patch or virtually patch all of your security vendors. If you have a threat that you discovered, now you want to make sure that you’re actually being defended against it. So what Veriti does is go over all of those exposures and close them. And when they say close them, they close it using a Check Point security product, but also all other vendors. So we have integration even with our competitors, other types of vendors. So that’s one example of how we try to build our solutions in a way that supports all the other players, because we acknowledge what you said. Most vendors and even most companies, they don’t want vendor lock. They want to use several vendors. They want all of them to play together. So we design our solutions in an open way. It can be used with APIs, it can call to other types of solutions and help MSPs or customers, other types of customers, to build their full stack of solutions. Robert Dutt: That kind of maps, I think, with things that I’ve been hearing more and more from partners. Back in the day, you’d hear a lot of, “I want to work with fewer security vendors.” Still, no one’s saying, “Hey, I want to sign up 400 security vendors and try to understand the nuance of what all of them are doing.” That’s operationally impossible. What I hear more, I think, is the idea of, “I want to have a few strategic security vendors and I want them, where possible, to play nicely together in my environment.” Roi Karo: Absolutely, I can’t agree more. I think consolidation is important. Nobody wants 400. Nobody wants even 40 vendors. It’s hard. But nobody wants one vendor. I think that in a way, we’re trying to figure out this balancing, this sweet spot between having hundreds of vendors and having one vendor. And what we do is – the reason we picked those four pillars is because we truly believe that we’re leaders in each one of them and we have the best solution in each one of them. And anywhere that we don’t have a solution, we partner. So a good example is CNAPP. We have a strategic partnership with and other CNAPP vendors. So we don’t have our own CNAPP solution. We integrate it with another vendor. And everywhere we don’t have the best solution, we’ll integrate with the best vendors that are out there. Robert Dutt: Okay, let’s talk a little bit about the acquisitions that were made that start to build out this platform, or continue to build out this platform. And I wanted to start with Rotate specifically, because I think it’s really interesting for this audience. You acquired them, it seems, primarily for the team. And that team includes key people who come from a background in Datto, in Kaseya – companies that really built up the foundations of the MSP ecosystem of today. What does that signal about how you guys are looking at the MSP market and the MSP opportunity for Check Point? Roi Karo: Yeah, so I will zoom out a bit and then focus specifically. When we announced the workspace pillar, we realized among other things that companies want to manage the whole end user security through one vendor, through one unified management, and not point solutions. So we took our endpoint solution, our email solution, browser, mobile – all the solutions we have around the end user – bundled them together, and are offering a way to manage all of them from a unified management. That is something that is unique and I think is very compelling to all types of customers and mostly MSPs, for obvious reasons. They want to manage all of this end user security from one vendor, from one management. And doubling down on MSPs, we understand their needs. We have many MSPs as customers and we want to provide an easy way to manage all their tenants, all their end users in one single pane of glass. And that’s what we’re building, and this is what we want to accelerate with the team of experts coming from Rotate. Angelo Valentini: So Robert, in Canada, as you know, 90% of the businesses are SMB. So this is a huge opportunity for partners as we go and develop this and enhance that solution for our partners. It’s a huge opportunity. Robert Dutt: And speaking of huge opportunity, the email security business that’s already – I think I saw 160 million is the figure for Check Point’s revenue line there – as well as being one of the most foundational tools that MSPs bring to market and have fueled that business. I’m curious to get your thoughts on how you build from that beachhead that you’ve got established in email security and into that broader workspace security story that Rotate is facilitating. Roi Karo: I think email security, as you said, it’s so fundamental. And when we try to explain to people how AI is changing the hackers, this is the easiest example because it’s most common and easy to explain and imagine. Phishing attacks look different now with AI-based attacks. We all did this training that you need to find spelling mistakes and grammar mistakes to identify phishing. As you can imagine, there are no spelling and grammar mistakes anymore when phishing emails are being built or crafted with AI. So email security is being changed and being reinvented. And we are building new types of email security to make sure that we’re securing also for the most advanced AI-based phishing attacks. Our email security is something that we take a lot of pride in and we can prove that it is better than many others. So that’s, as you said, a great beach entry through many of what we’re doing with our customers. And adding the other capabilities on top of the email is super important. Because again, using a very simple example: someone got a link, they pressed it because it wasn’t blocked. And now they have malware on their computer. You want that endpoint security to be connected to the email security and have one platform that can see everything and can actually prevent attacks before they happen. So we integrated our endpoint solution, our browser extension, our mobile solution, and the email together into one threat intelligence layer that provides data to all of those solutions. Robert Dutt: Cyata is about governing AI agents, which as well as being the buzzword of the day is also a category that didn’t exist a few years ago, because AI agents themselves did not exist a few years ago. For an MSP today, is security around AI agents something that their customers are asking about? Or is this one of those things that’s in a “be ready for this now so you can sell it tomorrow” kind of space? Roi Karo: Yeah, I think that this will grow very fast because, as I’ve mentioned, AI is moving faster than we imagined. When we say agents, I think there are two separate use cases, and one of them is very relevant to the MSP. One that is less relevant is building AI applications that use agents. This is for bigger organizations and more sophisticated organizations that have engineers and are building their own software. But all of us are using agents. ChatGPT and Claude today, you just press a button and you’re running an agent from your endpoint. That is something that is happening. It’s the more advanced user today, but tomorrow it will be all of us using agents running on their endpoints. And one of the things that Cyata built, and we’re now adding to our products, is a capability running on the laptop of the end user, identifying agents that are running there on behalf of the users. It can identify and, first of all, give visibility into all the agents that are running from the end user’s computer, but also provide governance and policy that make sure that they’re doing only things that they’re allowed, that they’re using the right identities, that they have access only to things that they are supposed to have access to. And this is something that I believe will be very relevant to MSPs in the near future, sooner rather than later, because it’s related to all the end users, all the people that are using AI. Angelo Valentini: Robert, this also plays nicely with some of the government compliance developments with the Canadian government. So Bill C-26, for example, is all about governance and compliance. This is a great way in which this acquisition plays right into the government legislation. Insurance is another big thing where we’re seeing a lot of compliance requirements, and also financial institutions. So this is just another way that this plays into that compliance as well. Robert Dutt: Last but not least on the acquisitions, can you give me a bit of a feel for how Cyclops fits in, what they bring to the table, and the opportunity you see there for your partners? Roi Karo: Yeah, absolutely. And again, zooming out and zooming back into Cyclops. We just announced our Exposure Management pillar. We acquired, I think almost two years ago, CyberInt. They’re doing external risk management – they’re scanning the organization from the outside and providing all the data you can achieve from looking at the organization, the company, from the outside. Dark web and the organization itself. Six months ago, we acquired Veriti, that takes all of the data, all of the exposures, all of the threats, and mitigates them automatically. So you have automatic remediation. And now with Cyclops, we completed the full cycle, because they are scanning the organization internally. This is an asset management capability that actually connects to hundreds of vendors that provide data. And then you have the full picture of what’s going on inside your organization. So CyberInt’s capabilities are scanning from the outside, Cyclops’ capabilities are scanning from the inside, and Veriti’s capabilities take all of this intelligence – and all the intelligence we acquired in decades of building our capabilities – and make sure that all of this is being remediated. In this way, we accomplished the full cycle of what Gartner calls CTEM, Continuous Threat Exposure Management, and provide a very unique value proposition to our customers of having the full cycle of understanding what is happening across your attack surface, identifying the threats, and remediating the threats. Cyclops provided a very important piece of the puzzle that we were missing, and we’ll integrate them very quickly into our value proposition and offer a full cycle of CTEM. Robert Dutt: How quickly do these acquisitions – you mentioned the plan for Cyclops there – but how quickly do these become native Check Point experiences rather than adjacent tools that are also on the Check Point line card? Roi Karo: Very quickly in those three cases, because they’re part of a wider value proposition. It’s not a standalone – all of them started as a startup with a standalone capability, but the real magic and the real value will come when we integrate them. That will happen very quickly because all of those solutions are very modern in design, which makes it easier. And part of the due diligence we did around all of them is how quickly we can integrate. So this will be integrated very quickly. And of course, now – as I say, everything is happening faster – we are using AI to build products and integrate products. So that will happen very fast, and this will be offered to our customers immediately. Robert Dutt: Zooming back out to the strategy level, if I’m a Canadian MSP with managed seats numbered in the hundreds – typical SMB-focused MSP – today I’m running Check Point email security, maybe firewalls. When I look at this strategy, what is this going to change about what I sell and how I operate over the next 12 months? Roi Karo: I think CTEM and exposure management becomes even more important than before. Maybe we need to take one step back with your permission. I think that the threat landscape is changing, and that’s something that we all need to acknowledge. Just imagining how the attackers are using AI in order to accelerate their attacks – things that before took attackers months or years to build, to find new vulnerabilities, we’re seeing right now happening much faster. The scale, the sophistication of attacks is changing. And we all need to prepare. Vendors, MSPs, and other types of organizations need to make sure that they are prepared for a new wave of attacks. And for that, you need to have everything that can help you understand. We talked about my background – intelligence is super important to understand what is going on. And exposure management is exactly that: understanding what is going on. Are you attacked? Where are you exposed? Who is attacking you? You can’t fly blind. So the first thing I would add to my portfolio if I’m an MSP is offering threat intelligence, offering exposure management, scanning all of my customers and making sure that they’re not exposed, finding servers they have that are exposed, finding PII that is related to them on the dark web, and making sure that I’m warning them. Many kinds of solutions we have as part of our exposure management value proposition I think will be very interesting for MSPs. So that’s one thing I would explore with Check Point. The second thing is AI, of course. We talked about agents, but even the basic LLM use of end users, that’s something that needs to be governed. Angelo mentioned compliance, it will become part of it. Even if you’re a small law firm and you want to make sure that your lawyers are obeying the rules that you decided – can they use ChatGPT in order to write a legal document? If it’s a small medical company, can they consult ChatGPT on medical issues? What is the PII guidance you give them? Can they put PII in ChatGPT or not? All of this needs to be governed, and our products enable that. They run on the endpoints, they make sure that you’re aware of what all of your employees, all of the people in the company are doing with AI, and they can enforce governance on what you want to allow and what you want to block. Do you allow DeepSeek in your organization? Do you allow other types of LLMs or GPTs? All of this, as part of AI security, is something that MSPs will need to adopt and educate themselves on, and educate their end users very quickly. And what we’re building is a full suite of AI security. We’ll have offerings for small companies, offerings for large enterprises, and everything in between. Angelo Valentini: You touch on AI governance, we talked about exposure management. These are ideas that sound consultative and complex, which is great because channel 101: where there’s mystery, there’s margin, and there is ample mystery here. But again, through the lens of that SMB-focused MSP, how do I get to it? So I guess what I’m getting at is, how are you helping partners productize those conversations they need to have without requiring them to go super deep themselves as AI specialists? I think that’s the bread and butter of partners today, is the service offering. When they see acquisitions like this, we play in all their wheelhouse in terms of all the areas: visibility, governance, and also operational efficiency. So that’s the number one thing. It’s our job to enable our partners as well as part of it. Me in the partner community, we go and enable our partners to understand the technology and understand the opportunity. And there are consulting opportunities here, there’s increased revenue opportunity here. That’s one of the things that we focus on, is really to get awareness to the partners so they understand: hey, there’s an opportunity here for incremental revenue, for increased opportunity in consulting and implementation. And then from there, there’s ancillary AI solution revenue that follows. So it’s up to the partner to decide, but it’s really something that they should consider. Robert Dutt: Just to wrap things up before we go, do you have time to do two quick lightning round questions, quick answers? First of all, what’s one assumption about cybersecurity that you think partners need to stop making right now, or at least over the course of this year? Roi Karo: I think that the basic assumption is that we have time, that sophisticated attacks are not here yet, and we have time to learn, we have time to adjust, and everything will be okay. I think that’s terribly wrong. I think that the attackers, they don’t have the governance and legal obligations that we have as companies. So they’re running very fast. It’s happening now. So I think a wrong assumption that many people have, MSPs included, is: okay, it’s still early, we can learn, we can take our time. I think we need to move fast and we need to move faster than we’re moving. Robert Dutt: And taking that similar lens but turning it inside this time, what’s the hardest internal debate that you’re having at Check Point right now about AI and security, and why isn’t it settled yet? Roi Karo: We understand that we need to offer AI as a part of – we talked about many angles of AI, one that we did not mention, and I will use your question to address it – is using AI for security. We talked about AI for the attackers, we talked about AI that everybody’s using and we need to secure. Part of what we’re building in a very innovative way is autonomous security – AI agents that are running security. And this of course is the biggest promise. And many people feel that we need to move much faster on this front. It’s not easy. And we’re building it in many parallel lanes, because it’s hard to predict what will win. But we understand that the future of security – you need to fight AI with AI, you need to adopt AI. And this is maybe the biggest promise of our industry, when the industry will be able to adopt AI and leverage the power of AI in order to provide better security. And in many ways, in bigger organizations, the department that needs to adopt AI the fastest is the security department. Because for all the other departments, this is a force multiplier, it changes everything, but in a way it’s a nice to have. For security, because the attackers are using AI, if security people won’t adopt AI for themselves and use AI to secure their organization, they will lose. So we’re trying to do our best in offering our customers AI-based security. We have today in all of our pillars co-pilots and MCP servers and agentic capabilities. But we aspire much higher. We want to build real autonomous security, real AI employees – AI security employees that will be part of the team. We have very exciting, innovative teams that are building those kinds of things. And answering your question, the debate is: can we, or how can we, move faster on this front, offering our customers fully autonomous, fully AI-based security. Robert Dutt: That’s a pretty good overview and view of the strategy and of where you think things are at. Good luck with the acquisitions and rolling them in and continuing to broaden out the strategy. And thank you very much for taking the time for this conversation. Roi Karo: Thank you for hosting us. It was a pleasure. We’ll be in touch. Angelo Valentini: Great to be here. Robert Dutt: There you have it, a look at Check Point’s push to reshape its platform around AI security, exposure management, and the MSP workspace, with Roi Karo and Angelo Valentini. The takeaway I keep coming back to: Check Point isn’t just buying technology here. They’re making a deliberate bet on the MSP market, and hiring a team from Datto and Kaseya to build it out is the strongest signal of that intent. Whether you’re already in the Check Point ecosystem or not, the open garden approach they’re describing is worth paying attention to. And Roi’s point about urgency is one that I’d take seriously. The window to learn and prepare is shorter than a lot of people think. Thanks to Roi and Angelo for a great conversation. And thank you as always for listening. Also this week on ChannelBuzz.ca: on Wednesday, ESET’s Tony Anscombe joins me to walk through the security trends and threats solution providers should be watching this year. On Thursday, I sit down with Nutanix SVP Lee Caswell to dig into their latest Enterprise Cloud Index research, including what the data says about shadow AI, data sovereignty, and where infrastructure decisions are heading. And on Friday, a bonus episode – AWS Canada’s Eric Gales joins me for a look back at 20 years of AWS and what it means for partners going forward. If you’re enjoying the show, please take a moment to subscribe or follow in your podcast app of choice. And if you’re feeling generous, a rating or review goes a long way to helping other solution providers find us. Until next time, I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.
The CISA Known Exploited Vulnerabilities (KEV) catalog is one of the most referenced resources in vulnerability management, but how well do security teams actually understand what it tells them? In this Brand Highlight, Tod Beardsley, Vice President of Security Research at runZero and former CISA section chief who helped manage the KEV on a daily basis, breaks down what the catalog is designed to do and, just as importantly, what it is not.What is the KEV catalog and who is it really for? The KEV is mandated by Binding Operational Directive 22-01 (BOD 22-01), which tasks CISA with identifying vulnerabilities that are known to be exploited and have an available fix. Its primary audience is federal civilian executive branch agencies, but because the catalog is public, organizations everywhere use it as a prioritization signal. Beardsley notes that inclusion on the KEV requires a CVE ID, evidence of active exploitation, a patch or mitigation, and relevance to federal interests, meaning zero-day vulnerabilities and end-of-life systems without CVEs never appear.How should organizations think about KEV entries that are not equally dangerous? Beardsley explains that only about a third of KEV-listed vulnerabilities represent straight-shot remote code execution with no user interaction and no authentication required. The rest span a wide spectrum of severity. EPSS data reveals an inverse bell curve: many KEV entries have extremely low probabilities of exploitation in the next 30 days, while others cluster at the high end with commodity exploits widely available. This means treating every KEV entry as equally critical leads to wasted effort and alert fatigue.That gap between the catalog and real-world decision-making is exactly what KEVology addresses. The research, produced by Beardsley at runZero, enriches KEV data with CVSS metrics, EPSS scores, exploit tooling indicators, and ATT&CK mappings to help security teams filter and prioritize vulnerabilities based on what actually matters to their environment. Rather than prescribing a single priority list, KEVology treats the KEV as data to be analyzed, not doctrine to be followed blindly.To make this analysis accessible and interactive, runZero built KEV Collider, a free, daily-updated web application at runzero.com/kev-collider. The tool lets defenders sort, filter, and layer multiple risk signals across the entire KEV catalog. Because every filter combination is encoded in URL parameters, teams can bookmark and share custom views with colleagues instantly. Beardsley describes KEV Collider as an evergreen companion to the research, updating automatically as new vulnerabilities are added to the catalog each week.This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlightGUESTTod Beardsley, Vice President of Security Research at runZeroOn LinkedIn: https://www.linkedin.com/in/todb/RESOURCESLearn more about runZero: https://www.runzero.comKEVology research report: https://www.runzero.com/resources/kevology/KEV Collider: https://www.runzero.com/kev-collider/Are you interested in telling your story?▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlightKEYWORDSTod Beardsley, runZero, Sean Martin, brand story, brand marketing, marketing podcast, brand highlight, KEVology, KEV Collider, CISA KEV, vulnerability management, exploit scoring, EPSS, CVSS, vulnerability prioritization, exposure management, BOD 22-01, known exploited vulnerabilities, cybersecurity risk, patch management Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
The CISA Known Exploited Vulnerabilities (KEV) catalog is one of the most referenced resources in vulnerability management, but how well do security teams actually understand what it tells them? In this Brand Highlight, Tod Beardsley, Vice President of Security Research at runZero and former CISA section chief who helped manage the KEV on a daily basis, breaks down what the catalog is designed to do and, just as importantly, what it is not.What is the KEV catalog and who is it really for? The KEV is mandated by Binding Operational Directive 22-01 (BOD 22-01), which tasks CISA with identifying vulnerabilities that are known to be exploited and have an available fix. Its primary audience is federal civilian executive branch agencies, but because the catalog is public, organizations everywhere use it as a prioritization signal. Beardsley notes that inclusion on the KEV requires a CVE ID, evidence of active exploitation, a patch or mitigation, and relevance to federal interests, meaning zero-day vulnerabilities and end-of-life systems without CVEs never appear.How should organizations think about KEV entries that are not equally dangerous? Beardsley explains that only about a third of KEV-listed vulnerabilities represent straight-shot remote code execution with no user interaction and no authentication required. The rest span a wide spectrum of severity. EPSS data reveals an inverse bell curve: many KEV entries have extremely low probabilities of exploitation in the next 30 days, while others cluster at the high end with commodity exploits widely available. This means treating every KEV entry as equally critical leads to wasted effort and alert fatigue.That gap between the catalog and real-world decision-making is exactly what KEVology addresses. The research, produced by Beardsley at runZero, enriches KEV data with CVSS metrics, EPSS scores, exploit tooling indicators, and ATT&CK mappings to help security teams filter and prioritize vulnerabilities based on what actually matters to their environment. Rather than prescribing a single priority list, KEVology treats the KEV as data to be analyzed, not doctrine to be followed blindly.To make this analysis accessible and interactive, runZero built KEV Collider, a free, daily-updated web application at runzero.com/kev-collider. The tool lets defenders sort, filter, and layer multiple risk signals across the entire KEV catalog. Because every filter combination is encoded in URL parameters, teams can bookmark and share custom views with colleagues instantly. Beardsley describes KEV Collider as an evergreen companion to the research, updating automatically as new vulnerabilities are added to the catalog each week.This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlightGUESTTod Beardsley, Vice President of Security Research at runZeroOn LinkedIn: https://www.linkedin.com/in/todb/RESOURCESLearn more about runZero: https://www.runzero.comKEVology research report: https://www.runzero.com/resources/kevology/KEV Collider: https://www.runzero.com/kev-collider/Are you interested in telling your story?▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlightKEYWORDSTod Beardsley, runZero, Sean Martin, brand story, brand marketing, marketing podcast, brand highlight, KEVology, KEV Collider, CISA KEV, vulnerability management, exploit scoring, EPSS, CVSS, vulnerability prioritization, exposure management, BOD 22-01, known exploited vulnerabilities, cybersecurity risk, patch management Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
In this episode, Brad Hibbert (COO & Chief Strategy Officer at Brinqa) joins Ashish to explain why traditional risk-based vulnerability management (RBVM) is no longer enough in a cloud-first world .We explore the evolution from simple patch management to Exposure Management a holistic approach that sits above your security tools to connect infrastructure, code, and cloud risks to actual business impact . Brad breaks down the critical difference between a "Risk Owner" (the service owner) and a "Remediation Owner" (the team fixing the bug) and why this distinction solves the "who fixes this?" problem .This conversation covers practical steps to uplift your VM program, how AI is helping prioritize the noise , and why compliance often just "proves activity" rather than reducing real risk . Whether you're drowning in Jira tickets or trying to automate remediation, this episode provides a roadmap for modernizing your security postureGuest Socials - Brad's LinkedinPodcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter If you are interested in AI Security, you can check out our sister podcast - AI Security PodcastQuestions asked:(00:00) Introduction(02:50) Who is Brad Hibbert? (Brinqa)(04:55) The Evolution: From Scanning Servers to Cloud Complexity (06:50) What is Risk-Based Vulnerability Management? (08:50) Risk Owners vs. Remediation Owners: Who Fixes What? (12:00) How AI is Changing Vulnerability Management (15:20) Defining Exposure Management: Moving Beyond the Tools (18:30) The Challenge of "Data Inconsistency" Between Tools (22:30) Readiness Check: Are You Ready for Exposure Management? (25:10) Automated Remediation: Is "Zero Tickets" Possible? (28:40) Compliance vs. Risk: Why "Activity" isn't "Impact" (31:30) Maturity Milestones for Exposure Management (36:50) Fun Questions: Golf, Turkish Kebabs & Friendships
Send us a textIn this powerhouse episode, Joey Pinz sits down with one of cybersecurity's most influential builders—a serial market maker who has helped shape some of the industry's most iconic companies. From Sourcefire and Fortinet to Cylance, Javelin, and now Sevco Security, Fitz brings unmatched perspective on what separates successful cyber companies from the rest—and what MSPs must do now to stay relevant.Fitz breaks down why visibility is the core of modern security, why most organizations still don't actually know what assets they have, and how exposure management has become the foundation of cyber resilience. He also explains where the real money is flowing in the MSP/MSSP space, the biggest mistakes founders still make, and what MSPs must do to move confidently into security services.On the personal side, Fitz shares insights from a life built around curiosity, communication, and impact—shaped by early roles at Coca-Cola during the Olympics, BMC, Compaq, and decades of startup leadership. His mission today? Protect the planet through better security, better intelligence, and smarter business decisions.
Your business is constantly evolving. But how do you know where the weak spots are or which ones actually matter? In a fast-moving environment, understanding your vulnerabilities before attackers do is critical.In this episode, Anh Pham, Director of Penetration Testing and Security at Trava, breaks down why more businesses are moving toward Continuous Threat Exposure Management (CTEM). Anh explains the five key components of CTEM, how to tell if your business is ready to implement it, and what's pushing organizations to take a more active, ongoing approach to cybersecurity.Key takeaways:Why CTEM outperforms traditional point-in-time testingThe five components of CTEM and how they work togetherHow evolving threats and expanding attack surfaces demand continuous validationReady to dive deeper into the continuous process? Get more info on CTEM and why it's important here: https://travasecurity.com/ctem-explainedEpisode highlights:(00:00) CTEM explained simply(02:38) How CTEM differs from point-in-time testing(04:29) The five components of a CTEM approach(09:25) When to adopt CTEMConnect with the host:Jara Rowe's LinkedIn - @jararoweConnect with the guest:Anh Pham's LinkedIn - https://www.linkedin.com/in/anhpham11/Connect with Trava:Website - www.travasecurity.comBlog - www.travasecurity.com/learn-with-trava/blogLinkedIn - @travasecurityYouTube - @travasecurity
Every vendor in exposure management now says they do CTEM. Nick Lanta's response: "You don't even know what you're talking about." This episode with Nick Lantuh (CyberProof) and Amy Chaney (Citibank) breaks down how a methodology became a meaningless marketing term and how buyers can fight back. The reality check: CTEM requires connecting vuln scanning, endpoint, SIEM, cloud, email, network—not just one of them Adding CAASM or external attack surface management doesn't make you a CTEM vendor Most organizations doing "CTEM" are actually using spreadsheets and manual threat intel fusion Why services-led beats platform-first (60x revenue growth proved it) The disingenuity problem: vendors spray the term, buyers have to unpack it Amy's evaluated these claims at the world's largest banks. Nick built the solution that actually connects the pieces. Together, they arm you with the filter.
What would happen if the next hurricane wasn't just stronger but completely off the scale? Are we prepared for a Category 6 event, and would it even show up in our models? In this panel discussion from InsTech's July evening event The future of catastrophe risk: where science meets reality, supported by Inigo, Ruth Petrie leads a conversation on how insurers are responding to more extreme, uncertain and fast-changing catastrophe risks. Featuring: Emma Watkins, Catastrophe Risk Leader Chris Weller, Head of Exposure Management, Inigo Tom Philp, CEO, Maximum Information Together, they challenge the assumptions behind traditional catastrophe modelling, explore the limits of the Saffir-Simpson scale and ask whether imagination, not just data, will define the future of risk management. In this conversation, the panel explores: Whether the industry should move beyond Cat 5 and how we define “extreme” risk Why flood, surge and rainfall are often more damaging than wind alone How climate change is altering where and how storms form — and what we can predict What insurers can (and can't) do in the face of rapid intensification Why demand surge, rebuild costs and politics are now central to loss estimation What kind of event would truly “shake” the insurance market — and why This is essential listening for exposure managers, underwriters, brokers and risk leaders looking to challenge conventional thinking and prepare for what's next. If you like what you're hearing, please leave us a review on whichever platform you use or contact Matthew Grant on LinkedIn. Sign up to the InsTech newsletter for a fresh view on the world every Wednesday morning. Continuing Professional Development This InsTech Podcast Episode is accredited by the Chartered Insurance Institute (CII). By listening, you can claim up to 0.5 hours towards your CPD scheme. By the end of this podcast, you should be able to meet the following Learning Objectives: Identify where insurers remain unprepared for rapid intensification and other emerging storm behaviours. Produce a more complete view of catastrophe exposure by integrating hazard, vulnerability and socio-economic factors. Summarise the panel's recommendations for improving risk communication, preparedness and resilience across the industry. If your organisation is a member of InsTech and you would like to receive a quarterly summary of the CPD hours you have earned, visit the Episode 375 page of the InsTech website or email cpd@instech.co to let us know you have listened to this podcast. To help us measure the impact of the learning, we would be grateful if you would take a minute to complete a quick feedback survey.
Our feature guest this week is Jason Hayes, President of Colorado CSA, interviewed by Frank Victory. News from Elitch Gardens, Xcel, EchoStar, Palantir, DaVita, Swimlane and a lot more! Come join us on the Colorado = Security Slack channel to meet old and new friends. Sign up for our mailing list on the main site to receive weekly updates - https://www.colorado-security.com/. If you have any questions or comments, or any organizations or events we should highlight, contact Alex and Robb at info@colorado-security.com This week's news: New Colorado area code rolls out for dozens of counties After years of doubt, Elitch Gardens may stick around for a while Space Case: Donald Trump's Rocky Relationship With Colorado Xcel says it needs to spend $22 billion to keep up with potential demand from Colorado data centers by 2040 Englewood-based EchoStar gives up wireless network independence for enough cash to survive Palantir is Colorado's highest-valued company — and at center of controversy — five years after move to Denver How They Got In — DaVita Inc. Colorado Adds AI-Generated Deepfakes to Revenge Porn, Child Exploitation Laws Colorado Delays AI Act Compliance: What Lawyers and Business Leaders Need to Know When the Government Can See Everything: How Palantir Is Mapping the Nation's Data Swimlane Announces Strategic Leadership Appointments to Accelerate Push to Agentic AI Security Operations Upcoming Events: Check out the full calendar Denver CSA - CCZT - Study Group - Session 2 (Virtual) - 9/10 ISSA Denver - September Chapter Meeting - 9/10 Denver CSA - Beyond Patching - Prioritizing Cloud Workload Risk with Exposure Management - 9/16 Denver OWASP - Why you should hack your own APIs - 9/17 ISACA Denver - Full Day! September Chapter Meeting - 9/18 ISSA Pikes Peak - Chapter Meeting - 9/24 Deciphering human behavior to Get Security Done (GSD): Understanding yourself and others to win at security - 9/25 ISACA Denver - ISACA CommunITy Day 2025 - 10/4 ISSA Denver - Denver ISSA Chapter Meeting at Secure World: How I Got Caught: A Deep Dive Into a 800K Fraud - 10/9 View our events page for a full list of upcoming events * Thanks to CJ Adams for our intro and exit! If you need any voiceover work, you can contact him here at carrrladams@gmail.com. Check out his other voice work here. * Intro and exit song: "The Language of Blame" by The Agrarians is licensed under CC BY 2.0
Agentic AI is moving from hype to reality, reshaping how enterprises operate, and how cyber defenders must adapt. In this CyberTalks episode, Mark Gillett (Chief Product Officer, eSentire) is joined by Ben Wilde (Head of Innovation, Georgian) to break down the risks, reliability challenges, and opportunities presented by autonomous AI agents.In this episode, we explore:How AI agents expand the enterprise attack surfaceWhy “agent security” may soon be its own disciplineGuardrails security leaders need before adoptionThe balance between automation and human oversight in the SOCA practical crawl–walk–run model for implementing agentic AIIf you're a CISO, SOC architect, or IT leader, this episode will help you cut through the hype and prepare your team for the next frontier of AI-driven cybersecurity.--Have a question for us? Reach out: hello@esentire.com---About Cyber TalksFrom ransomware attacks to supply chain compromises, eSentire's Cyber Talks podcast will delve into the world of the latest cyber threats that are impacting businesses globally. Join our team of security experts as we speak with C-level executives and security practitioners about the cyber risks affecting their business and how they're addressing these challenges.About eSentireeSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization's cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world's most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit www.esentire.com and follow @eSentire.
In this episode of Cyber Talks, Greg Crowley and Dwayne Smith delve into the critical role of cybersecurity in mergers and acquisitions (M&A). They discuss how cyber risks can significantly affect company valuations and the challenges that arise during these transactions. Dwayne shares his experiences, highlighting the importance of educating stakeholders about potential security issues that could derail deals. The conversation emphasizes the need for robust security measures, including identity management and threat intelligence, to mitigate risks and ensure successful integrations. Topics discussed include:The impact of security breaches and incidents on M&A valuation and deal termsWhat red flags can derail a merger or acquisition (privacy incidents, regulatory violations, unresolved breaches)The most useful cybersecurity metrics and reports for due diligenceReal-world examples of integrating security tools and policies post-acquisition—and lessons learnedThe role of threat intelligence and dark web monitoring in uncovering hidden riskHow to avoid post-acquisition surprises related to legacy code or unsupported infrastructureTop security investments sellers should make to maximize future valuation--Have a question for us? Reach out: hello@esentire.com---About Cyber TalksFrom ransomware attacks to supply chain compromises, eSentire's Cyber Talks podcast will delve into the world of the latest cyber threats that are impacting businesses globally. Join our team of security experts as we speak with C-level executives and security practitioners about the cyber risks affecting their business and how they're addressing these challenges.About eSentireeSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization's cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world's most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit www.esentire.com and follow @eSentire.
Exposure management is fundamentally changing the way we view cybersecurity. Ivanti's Chris Goettl and Robert Waters introduce five paradigm shifts brought on by this emerging technology and how your organization's security strategy might shift as a result. For more, check out our Exposure Management Strategy Guide: (https://ivanti.com/resources/exposure-management-strategy-guide)Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)
In today's episode of the Cyber Culture Café series, Andy and John speak to Tia Hopkins, Chief Cyber Resilience Officer & Field CTO. As Chief Cyber Resilience Officer & Field CTO, Tia Hopkins is focused on engaging with the cybersecurity community, providing thought leadership, supporting strategic customer and partner engagements, and working closely with the sales, marketing, product, engineering, and customer success teams to drive security outcome-focused initiatives.She has spent the past 20+ years of her career in various IT and IT Security roles and has over a decade of experience in the managed services space. Outside of her role at eSentire, Tia is also an adjunct professor of Cybersecurity at Yeshiva University and is currently pursuing her PhD in Cybersecurity Leadership.--Cybersecurity isn't just about platforms and processes—it's about people. If relationships matter in cybersecurity, this is where they begin. So, we're introducing a new, breakout series from the eSentire Cyber Talks Podcast – the Cyber Culture Café series! In this series, John Moretti and Andy Lalaguna will sit down for a candid conversation with one of the key players behind the eSentire customer experience. This series is all about pulling back the curtain and putting the spotlight on the people who power eSentire's world-class cybersecurity services.Join us for a relaxed and revealing discussion covering day-to-day challenges, personal motivation, industry observations, and the unique value each guest brings to the eSentire mission. Get to know the voices behind the protection—and why our people are at the core of everything we do.--Have a question for us? Reach out: hello@esentire.com---About Cyber TalksFrom ransomware attacks to supply chain compromises, eSentire's Cyber Talks podcast will delve into the world of the latest cyber threats that are impacting businesses globally. Join our team of security experts as we speak with C-level executives and security practitioners about the cyber risks affecting their business and how they're addressing these challenges.About eSentireeSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization's cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world's most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit www.esentire.com and follow @eSentire.
Send us a textToday's episode offers a comprehensive overview of Cyber Threat Exposure Management (CTEM), defining it as a proactive framework for continuously evaluating digital and physical asset accessibility, exposure, and exploitability. It clarifies foundational cybersecurity concepts such as vulnerabilities, attack surface, threats, and impact, explaining how their interplay creates exposure. The speaker categorizes various types of exposure, from internet-facing systems to data leakage and phishing susceptibility, emphasizing the expanding attack surface due to interconnected IT infrastructure. Furthermore, the discussion elaborates on exposure management processes and related technologies, including vulnerability scanning, patch management, penetration testing, breach and attack simulation, and external attack surface management, alongside an explanation of how these tools are evolving to support a more unified CTEM approach. Finally, the transcript explores how Artificial Intelligence (AI) is enhancing CTEM through automated discovery, smarter prioritization, intelligent remediation, and enhanced automation.Support the showGoogle Drive link for Podcast content:https://drive.google.com/drive/folders/10vmcQ-oqqFDPojywrfYousPcqhvisnkoMy Profile on LinkedIn: https://www.linkedin.com/in/prashantmishra11/Youtube Channnel : https://www.youtube.com/@TheCybermanShow Twitter handle https://twitter.com/prashant_cyber PS: The views are my own and dont reflect any views from my employer.
Security teams often rely on scoring systems like Common Vulnerability Scoring System (CVSS), Exploit Prediction Scoring System (EPSS), and Stakeholder-Specific Vulnerability Categorization (SSVC) to make sense of vulnerability data—but these frameworks don't always deliver the clarity needed to act. In this episode, Tod Beardsley, Vice President of Security Research at runZero, joins host Sean Martin at InfoSec Europe 2025 to challenge how organizations use these scoring systems and to explain why context is everything when it comes to exposure management.Beardsley shares his experience navigating the limitations of vulnerability scoring. He explains why common outputs—like a CVSS score of 7.8—often leave teams with too many “priorities,” forcing them into ineffective, binary patch-or-don't-patch decisions. By contrast, he highlights the real value in understanding factors like access vectors and environmental fit, which help security teams focus on what's relevant to their specific networks and business-critical systems.The conversation also explores SSVC's ability to drive action through decision-tree logic rather than abstract scores, enabling defenders to justify priorities to leadership based on mission impact. This context-centric approach requires a deep understanding of both the asset and its role in the business—something Beardsley notes can be hard to achieve without support.That's where runZero steps in. Beardsley outlines how the platform identifies unmanaged or forgotten devices—including IoT, legacy systems, and third-party gear—without needing credentials or agents. From uncovering multi-homed light bulbs that straddle segmented networks to scanning for default passwords and misconfigurations, RunZero shines a light into the forgotten corners of corporate infrastructure.The episode closes with a look at merger and acquisition use cases, where runZero helps acquiring companies understand the actual tech debt and exposure risk in the environments they're buying. As Beardsley puts it, the goal is simple: give defenders the visibility and context they need to act now—not after something breaks.Whether you're tracking vulnerabilities, uncovering shadow assets, or preparing for your next acquisition, this episode invites you to rethink what visibility really means—and how you can stop chasing scores and start reducing risk.Learn more about runZero: https://itspm.ag/runzero-5733Note: This story contains promotional content. Learn more.Guest: Tod Beardsley, Vice President of Security Research at runZero | On Linkedin: https://www.linkedin.com/in/todb/ResourcesLearn more and catch more stories from runZero: https://www.itspmagazine.com/directory/runzeroAre you interested in telling your story?https://www.itspmagazine.com/telling-your-storyKeywords: sean martin, tod beardsley, runzero, exposure, vulnerability, asset, risk, ssdc, cvss, iot, brand story, brand marketing, marketing podcast, brand story podcast
Advancing Exposure ManagementHear from Jorge Orchilles, Senior Director at Verizon, on the shift from traditional vulnerability management to modern exposure management and the critical role proactive security plays in staying ahead of threats.+ + +Find more episodes on YouTube or wherever you listen to podcasts, as well as at netspi.com/agentofinfluence.
In today's episode of the Cyber Culture Café series, Andy and John speak to Ciaran Luttrell, VP of Global Security Operations. As the VP, Global Security Operations, Ciaran began our European HQ and Security Operations Centre in Cork, Ireland in 2015, and led its initial setup and continued growth to form part of a best-of-breed 24/7/365 Global SOC function with 150 team members. He is responsible for all of eSentire's SOC teams with a focus on strategic direction and execution of continuous improvement initiatives across people, processes and technology. --Cybersecurity isn't just about platforms and processes—it's about people. If relationships matter in cybersecurity, this is where they begin. So, we're introducing a new, breakout series from the eSentire Cyber Talks Podcast – the Cyber Culture Café series! In this series, John Moretti and Andy Lalaguna will sit down for a candid conversation with one of the key players behind the eSentire customer experience. This series is all about pulling back the curtain and putting the spotlight on the people who power eSentire's world-class cybersecurity services.Join us for a relaxed and revealing discussion covering day-to-day challenges, personal motivation, industry observations, and the unique value each guest brings to the eSentire mission. Get to know the voices behind the protection—and why our people are at the core of everything we do.--Have a question for us? Reach out: hello@esentire.com---About Cyber TalksFrom ransomware attacks to supply chain compromises, eSentire's Cyber Talks podcast will delve into the world of the latest cyber threats that are impacting businesses globally. Join our team of security experts as we speak with C-level executives and security practitioners about the cyber risks affecting their business and how they're addressing these challenges.About eSentireeSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization's cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world's most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit www.esentire.com and follow @eSentire.
SummaryIn this episode of the Blue Security Podcast, hosts Andy and Adam delve into Microsoft's new feature, Security Exposure Management (XSPM). They discuss the evolution of vulnerability management, the importance of understanding exposure management, and the five phases of continuous threat exposure management. The conversation also covers licensing requirements, the functionality of the exposure management portal, and the proactive approach to cybersecurity that this new feature embodies. The hosts emphasize the need for organizations to adopt a holistic view of their security posture and to continuously assess their vulnerabilities and risks.----------------------------------------------------YouTube Video Link: https://youtu.be/fuHMhE4gRrA----------------------------------------------------Documentation:https://learn.microsoft.com/en-us/security-exposure-management/microsoft-security-exposure-management----------------------------------------------------Contact Us:Website: https://bluesecuritypod.comBluesky: https://bsky.app/profile/bluesecuritypod.comLinkedIn: https://www.linkedin.com/company/bluesecpodYouTube: https://www.youtube.com/c/BlueSecurityPodcast-----------------------------------------------------------Andy JawBluesky: https://bsky.app/profile/ajawzero.comLinkedIn: https://www.linkedin.com/in/andyjaw/Email: andy@bluesecuritypod.com----------------------------------------------------Adam BrewerTwitter: https://twitter.com/ajbrewerLinkedIn: https://www.linkedin.com/in/adamjbrewer/Email: adam@bluesecuritypod.com
In this episode of Cyber Talks, we speak with Craig Peppard, CISO at Ivari Canada, about why people and processes - not just technology - are the real frontline in cybersecurity. The conversation unpacks the limitations of traditional security awareness training, explores how to move beyond blame to address systemic process failures, and highlights the growing importance of soft skills like empathy and storytelling in security leadership. They also dive into the evolving role of the CISO, the rise of embedded security roles like CISOs, and why mentoring and inclusive hiring practices are essential for building future-ready security teams.--Have a question for us? Reach out: hello@esentire.com---About Cyber TalksFrom ransomware attacks to supply chain compromises, eSentire's Cyber Talks podcast will delve into the world of the latest cyber threats that are impacting businesses globally. Join our team of security experts as we speak with C-level executives and security practitioners about the cyber risks affecting their business and how they're addressing these challenges.About eSentireeSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization's cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world's most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit www.esentire.com and follow @eSentire.
Charles Henderson, who leads the cybersecurity services division at Coalfire, shares how the company is reimagining offensive and defensive operations through a programmatic lens that prioritizes outcomes over checkboxes. His team, made up of practitioners with deep experience and creative drive, brings offensive testing and exposure management together with defensive services and managed offerings to address full-spectrum cybersecurity needs. The focus isn't on commoditized services—it's on what actually makes a difference.At the heart of the conversation is the idea that cybersecurity is a team sport. Henderson draws parallels between the improvisation of music and the tactics of both attackers and defenders. Both require rhythm, creativity, and cohesion. The myth of the lone hero doesn't hold up anymore—effective cybersecurity programs are driven by collaboration across specialties and by combining services in ways that amplify their value.Coalfire's evolution reflects this shift. It's not just about running a penetration test or red team operation in isolation. It's about integrating those efforts into a broader mission-focused program, tailored to real threats and measured against what matters most. Henderson emphasizes that CISOs are no longer content with piecemeal assessments; they're seeking simplified, strategic programs with measurable outcomes.The conversation also touches on the importance of storytelling in cybersecurity reporting. Henderson underscores the need for findings to be communicated in ways that resonate with technical teams, security leaders, and the board. It's about enabling CISOs to own the narrative, armed with context, clarity, and confidence.Henderson's reflections on the early days of hacker culture—when gatherings like HoCon and early Def Cons were more about curiosity and camaraderie than business—bring a human dimension to the discussion. That same passion still fuels many practitioners today, and Coalfire is committed to nurturing it through talent development and internships, helping the next generation find their voice, their challenge, and yes, even their hacker handle.This episode offers a look at how to build programs, teams, and mindsets that are ready to lead—not follow—on the cybersecurity front.Learn more about Coalfire: https://itspm.ag/coalfire-yj4wNote: This story contains promotional content. Learn more.Guest: Charles Henderson, Executive Vice President of Cyber Security Services, Coalfire | https://www.linkedin.com/in/angustx/ResourcesLearn more and catch more stories from Coalfire: https://www.itspmagazine.com/directory/coalfireLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:charles henderson, sean martin, coalfire, red teaming, penetration testing, cybersecurity services, exposure management, ciso, threat intelligence, hacker culture, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
In today's episode of the Cyber Culture Café series, Andy and John speak to Alexander Feick, VP of our eSentire Labs team. As the VP of Labs, Alex Feick leads a team responsible for fostering innovations from security professionals on our platform and integrating new technologies into the company's services. Over the past year, his efforts have centered on Generative AI security and enabling the company to leverage the technology more effectively internally. --Cybersecurity isn't just about platforms and processes—it's about people. If relationships matter in cybersecurity, this is where they begin. So, we're introducing a new, breakout series from the eSentire Cyber Talks Podcast – the Cyber Culture Café series! In this series, John Moretti and Andy Lalaguna will sit down for a candid conversation with one of the key players behind the eSentire customer experience. This series is all about pulling back the curtain and putting the spotlight on the people who power eSentire's world-class cybersecurity services.Join us for a relaxed and revealing discussion covering day-to-day challenges, personal motivation, industry observations, and the unique value each guest brings to the eSentire mission. Get to know the voices behind the protection—and why our people are at the core of everything we do.--Have a question for us? Reach out: hello@esentire.com---About Cyber TalksFrom ransomware attacks to supply chain compromises, eSentire's Cyber Talks podcast will delve into the world of the latest cyber threats that are impacting businesses globally. Join our team of security experts as we speak with C-level executives and security practitioners about the cyber risks affecting their business and how they're addressing these challenges.About eSentireeSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization's cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world's most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit www.esentire.com and follow @eSentire.
Cybersecurity isn't just about platforms and processes—it's about people. If relationships matter in cybersecurity, this is where they begin. So, we're introducing a new, breakout series from the eSentire Cyber Talks Podcast – the Cyber Culture Café series! In this series, John Moretti and Andy Lalaguna will sit down for a candid conversation with one of the key players behind the eSentire customer experience. This series is all about pulling back the curtain and putting the spotlight on the people who power eSentire's world-class cybersecurity services.Join us for a relaxed and revealing discussion covering day-to-day challenges, personal motivation, industry observations, and the unique value each guest brings to the eSentire mission. Get to know the voices behind the protection—and why our people are at the core of everything we do.--Have a question for us? Reach out: hello@esentire.com---About Cyber TalksFrom ransomware attacks to supply chain compromises, eSentire's Cyber Talks podcast will delve into the world of the latest cyber threats that are impacting businesses globally. Join our team of security experts as we speak with C-level executives and security practitioners about the cyber risks affecting their business and how they're addressing these challenges.About eSentireeSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization's cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world's most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit www.esentire.com and follow @eSentire.
In this episode of the mnemonic security podcast, Robby is joined by Bernard Montel, EMEA Technical Director & Security Strategist at Tenable, to break down the evolution of vulnerability management into exposure management. Bernard explains how security has shifted from traditional vulnerability scanning to a broader approach that considers misconfigurations, attack paths, and identity risks. They discuss why most breaches stem from a toxic combination of exposures, the growing complexity of cloud security, and how organisations can prioritise real risks instead of drowning in vulnerability lists. Plus, how AI is changing the game for both defenders and attackers.Send us a text
eSentire, a leading global Managed Detection and Response (MDR) cybersecurity services provider, has announced that it has awarded the annual "Sean Hennessy Bursary" to Munster Technological University (MTU)computer science student, James Spillane. This year, eSentire is also celebrating the 10-year anniversary of the opening of its international headquarters and Security Operations Centre (SOC) in Cork, Ireland. eSentire established the Sean Hennessy Bursary award in 2021, in collaboration with the Department of Computer Science at MTU, in response to Ireland's growing cybersecurity skills shortage. According to Cyber Ireland's 2024 Security Snapshot Report, the cybersecurity industry employs approximately 8,000 professionals in Ireland, an increase of 8% since 2022. The Sean Hennessy Bursary provides college financial aid, as well as the opportunity to participate in a nine-month internship with eSentire. The scholarship is named in honour of the late Sean Hennessy, a former eSentire team member who was instrumental in establishing and managing eSentire's Global SOC in Cork in 2015. Sean Hennessy passed away in 2016. This is the fourth year that the Sean Hennessy Bursary has been awarded to a MTU student. Impressively, the three previous recipients of the award are all currently employed with eSentire's Global SOC in Cork, Ireland. Each of them has reached various stages of eSentire's Career Development Program, which fosters and supports security analysts' growth through attainment of internal and external certifications, mentoring and progression. "I am delighted and honoured to have been selected as this year's recipient of the Sean Hennessy Bursary," said James Spillane, 2025 eSentire Sean Hennessy Bursary winner. "I would like to sincerely thank everyone at eSentire for this incredible opportunity to further explore the fascinating world of cybersecurity, which is a passion and interest of mine. I am also grateful to MTU for their support and guidance through my studies. Receiving this award is an honour and a fulfilling achievement, I want to thank everyone involved for this prestigious opportunity." eSentire has been protecting organisations from known and unknown cyber threats for 20+ years, providing complete attack surface coverage on premises and in the cloud. With 2000+ customers in 80+ countries, eSentire provides Exposure Management, Managed Detection and Response, and Digital Forensics and Incident Response services designed to build an organisation's cyber resilience and prevent business disruption. eSentire protects the world's most targeted organisations, with 65% of its global base recognised as critical infrastructure, vital to economic health and stability. eSentire operates the largest SOC in the Southwest region of Ireland, and as a global leader in providing award-winning cybersecurity solutions, eSentire has contributed to the broader development of the Cork region and its security analysts are highly trained experts on the frontlines of cybercrime. "The 10-year anniversary of the opening of our Global SOC and headquarters in Cork is an important milestone for us," said Ciaran Luttrell, Vice President of eSentire's Global Security Operations. "We have grown our operations and currently employ over 50 staff members, we have completed over 25 SOC analyst internships, and this is the fourth year of our special bursary program honouring the memory of Sean Hennessy." "Reflecting on our ten years in Cork, we are especially proud to have led the way in contributing to the growth of the cybersecurity community," continued Luttrell. "It is through programs such as the annual bursary, our work as Chapter Leads with Cyber Ireland, the sponsorship of CorkSec, a Cork-based Def Con meetup group; and most recently, our partnership with Cyber Innovate, an incubator program supporting cybersecurity start-up companies, which launched in 2024. We could not have accomplished all these achievements without our strong ...
I take a look at something many overlook when it comes to security in their Microsoft 365 environment - Exposure score. In essence it is like a targeted Secure Score for a particular threat like Business Email Compromise. There is also news and updates from the Microsoft Cloud so listen along and review the show notes for more information. Brought to you by www.ciaopspatron.com Resources @directorcia Join my shared channel CIAOPS merch store Become a CIAOPS Patron CIAOPS Blog CIAOPS Brief CIAOPSLabs Support CIAOPS The way to control EWS usage in Exchange Online is changing New Microsoft-managed policies to raise your identity security posture Storm-2372 conducts device code phishing campaign Block malicious command lines with Microsoft Defender for Endpoint Clipchamp: Elevating work communication with seamless video creation in Copilot Sharing with Microsoft Whiteboard AI agents at work: The new frontier in business automation Copilot learning hub New Certification for Microsoft information security administrators What is Security Exposure Managenet?
Ivanti's Chris Goettl and Robert Waters take on four big questions facing cybersecurity today, namely: Who gets the upper hand from AI, cyber adversaries or the legitimate organizations looking to stop them? What's going to win out, Everywhere Work or RTO? Exposure Management: sea change, or passing fad?And what's the bigger security risk, IoT devices or third-party vendors?Listen in for those questions and, if you're listening closely, a few answers too.Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)
In this episode of Cyber Talks, Tia Hopkins, Chief Cyber Resilience Officer & Field CTO at eSentire, and Roselle Safran, Founder & CEO at KeyCaliber, discuss the evolution of Continuous Threat Exposure Management (CTEM) and its role in modern cybersecurity. They explore the practical application of CTEM, its benefits for business context in security, and how it integrates with Managed Detection and Response (MDR) to enhance resilience. Key takeaways include: The difference between CTEM as a platform, tool, and technology and the 5 key stages of CTEM (per Gartner) Current challenges and limitations of CTEM adoption, such as gaining full visibility, prioritizing vulnerabilities, and cross-team alignment How MDR integrates with CTEM to provide real-time threat detection and response with the ultimate goal of building cyber resilience Emerging trends and technologies to look out for within CTEM -- Have a question for us? Reach out: hello@esentire.com --- About Cyber Talks From ransomware attacks to supply chain compromises, eSentire's Cyber Talks podcast will delve into the world of the latest cyber threats that are impacting businesses globally. Join our team of security experts as we speak with C-level executives and security practitioners about the cyber risks affecting their business and how they're addressing these challenges. About eSentire eSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization's cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world's most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit www.esentire.com and follow @eSentire.
Ivanti's Robert Waters welcomes Grand Bank CTO Robert Hanson for a wide-ranging conversation on the emerging field of exposure management and how you can proactively safeguard your organization, because every organization faces risk. What separates the vulnerable from the well-protected isn't whether you have exposure — it's how you manage it. Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)
Episode #484 Continuous Threat Exposure Management (CTEM) avec Ronan Mouchoux et François Moerman de la société XRATOR The post Continuous Threat Exposure Management (CTEM) appeared first on NoLimitSecu.
Join Ivanti's Chris Goettl and Robert Waters as they take a Christmas-Carol-themed trip through the emerging field of exposure management, taking a close (and possibly ghostly) look at the past, present, and future of the field. To learn more about Ivanti's exposure management offerings, visit: https://ivanti.com/exposure-managementJoin the conversation online on LinkedIn (linkedin.com/company/Ivanti)
In today's Episode we are getting to grips with all the key questions surrounding the hugely important issue of exposure management and modelling in our sector. Models are a core part of our business, but as we have come to rely more and more heavily on their output, many fundamental questions arise. For instance, how much of a worry should it be that the market is dominated by two very large players? Or do enough C-suite executives really understand how models work or know the right questions to ask of their exposure management teams? And are we any closer to finding efficient cross-industry ways of making sure that the exposure data upon which our modelling is based is accurate and easily transferable in digital form? To assist me in this task are three people with vast experience in attacking these questions from all angles. Emma Watkins is Head of Exposure Management & Aggregation at Lloyd's and as such has oversight of one of the largest combined books of business anywhere in the world. Rupert Atkin is an underwriting veteran who has had a long and illustrious career. The Former CEO of Lloyd's Underwriter Talbot is also a former Deputy Chair of Lloyd's and Chair of the Lloyd's Market Association. Rupert currently serves on multiple boards, including as Chairman of Lloyd's businesses Ark Managing Agency and Carbon Underwriting as well as a Director at brokers AmWins Group and Alwen Hough Johnson. Finally Dickie Whitaker is the founder and CEO of the not-for-profit open source modelling platform, the Oasis Loss Modelling Framework. Dickie can trace his long career back to the foundation of cat modelling firm Eqecat and also spent over a decade in senior roles at reinsurance broker Guy Carpenter. Most recently he founded the open peer-reviewed Journal of Catastrophe Risk and Resilience. It's clear our panel is well qualified for the job, but what I enjoyed most about this gathering was the ease and good humour with which my guests took on the subjects in hand. This could have been a dry and academic affair, but it was absolutely nothing like that. The conversation is lively and positively buzzes with energy. NOTES: Oasis LMF has produced a fascinating report Navigating the Storm that makes a great accompaniment to this podcast. Download it Here
The feds take down the PopeyeTools cybercrime market. Five alleged Scattered Spider members have been charged. CISA warns of critical vulnerabilities in VMware's vCenter Server. Global AI experts convene to discuss safety. MITRE updates its list of Top 25 Most Dangerous Software Weaknesses. US and Australian agencies warn critical infrastructure organizations about evolving tactics by the BianLian ransomware group. A new report looks at rising threats to the U.S. manufacturing industry. Researchers at ESET uncover the WolfsBane Linux backdoor. A pair of malicious Python packages impersonating ChatGPT went undetected for over a year. A data breach at a French hospital compromised the medical records of 750,000 patients. On our Industry Voices segment, guest Avihai Ben-Yossef, Cymulate's Co-Founder and CTO, joins us to discuss "The Evolution and Outlook of Exposure Management." AI Pimping is the scourge of Instagram. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, guest Avihai Ben-Yossef, Cymulate's Co-Founder and CTO, joins us to discuss "The Evolution and Outlook of Exposure Management." Resources: Security Validation Essentials Hertz Israel Reduced Cyber Risk by 81% within 4 Months with Cymulate SecOps Roundtable: Security Validation and the Path to Exposure Management Double Agent: Exploiting Pass-through Authentication Credential Validation in Azure AD Selected Reading US seizes PopeyeTools cybercrime marketplace, charges administrators (Bleeping Computer) Five Charged in Scattered Spider Case (Infosecurity Magazine) CISA Warns of VMware VCenter Vulnerabilities Actively Exploited in Attacks (Cyber Security News) US Gathers Allies to Talk AI Safety as Trump's Vow to Undo Biden's AI Policy Overshadows Their Work (SecurityWeek) MITRE Updates List of 25 Most Dangerous Software Vulnerabilities (SecurityWeek) BianLian Ransomware Group Adopts New Tactics, Posing Significant Risk (Infosecurity Magazine) Manufacturing Sector Under Siege: Industry Faces Wave of Advanced Email Attacks (Abnormal Security) Gelsemium APT Hackers Attacking Linux Servers With New WolfsBane Malware (Cyber Security News) Two PyPi Malicious Package Mimic ChatGPT & Claude Steals Developers Data (GB Hackers) Cyberattack at French hospital exposes health data of 750,000 patients (Bleeping Computer) Inside the Booming 'AI Pimping' Industry (404 Media) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
In this episode of Cyber Talks, Rich Raether, CIO of Quarles & Brady, and Andrew DeBratto, CISO of Hunton Andrews Kurth LLP, discuss their decades-long journey in IT and cybersecurity. They recount shared projects, including navigating early security challenges, and reflect on how the industry has transformed, focusing on threat management and resilience-building. Rich and Andrew also share their personal and professional insights on managing cyber risk and reflect on how best practices in the industry have evolved. They emphasize the importance of fostering a security-conscious culture not just during October but year-round, encouraging proactive education to mitigate risks from ransomware, phishing, and other persistent threats. Key takeaways include: Building and maintaining cybersecurity resilience through incremental improvements and a measured approach to adopting new technologies. How cybersecurity has shifted from traditional perimeter-based models to modern cloud and AI-driven systems, underlining the increased complexity in securing hybrid environments. Practical advice for maintaining security at home and in the workplace, emphasizing proactive user education and vigilance against phishing and impersonation threats. Building resilient security operations with trusted MDR partners to ensure consistent threat visibility and quick incident response. -- Have a question for us? Reach out: hello@esentire.com --- About Cyber Talks From ransomware attacks to supply chain compromises, eSentire's Cyber Talks podcast will delve into the world of the latest cyber threats that are impacting businesses globally. Join our team of security experts as we speak with C-level executives and security practitioners about the cyber risks affecting their business and how they're addressing these challenges. About eSentire eSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization's cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world's most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit www.esentire.com and follow @eSentire.
Ivanti's Chris Goettl (VP of Product, Patch Management) welcomes back Robert Waters (Lead PMM, Exposure Management) for a special episode for Cybersecurity Awareness Month, sourcing five tips from a range of Ivanti employees on how your organization and its users can stay secure. Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)
The way we use browsers has changed, so has the way we need to secure them. Using a secure enterprise browser to execute content away from the endpoint, inside a secure cloud browser is a dramatically more effective and cost-effective approach to protect users and secure access. This segment is sponsored by Menlo Security. Visit https://securityweekly.com/menloisw to learn more about them! Sevco is a cloud-native vulnerability and exposure management platform built atop asset intelligence to enable rapid risk prioritization, mitigation, validation, and metrics. Segment Resources: Customer Testimonials: https://www.sevcosecurity.com/testimonials/ Product Videos: https://www.sevcosecurity.com/sevcoshorts/ This segment is sponsored by Sevco Security. Visit https://securityweekly.com/sevcoisw to learn more about them! Show Notes: https://securityweekly.com/esw-378
Michal Brenner is the Senior Director of Product Marketing at Pentera. In this episode, she joins host David Braue to discuss the Continuous Threat Exposure Management (CTEM) framework, including what it adds to the security industry, how it's being adopted by the market, and more. Cyber Strong is a Cybercrime Magazine podcast series brought to you by Pentera, the leader in automated security validation. Learn more about our sponsor at https://pentera.io
The cyber threat landscape is evolving at an unprecedented pace, with increasingly sophisticated attacks from both nation-state actors and cybercriminals. Organizations must not only stay informed about emerging threats but also act swiftly to operationalize threat intelligence. Effective cybersecurity requires collaboration, cutting-edge tools, and strategic partnerships to mitigate risks in this dynamic environment. In this episode, Erin McLean, CMO at eSentire, and Ryan Westman, Director of Threat Intelligence, discuss how eSentire's Threat Response Unit (TRU) operates, the importance of actionable threat intelligence, and the growing impact of AI on the cybersecurity landscape. Key Takeaways: How eSentire's TRU operationalizes threat intelligence to detect and mitigate cyber threats in real-time. The importance of collaboration across the cybersecurity community, from private companies to government agencies. Insights into the evolving global threat landscape, including the role of nation-state actors and cybercriminals. The challenges of law enforcement in combating cybercrime and the critical role of private sector cybersecurity firms. The double-edged impact of generative AI in enhancing productivity while also amplifying the sophistication of cyberattacks. -- Have a question for us? Reach out: hello@esentire.com --- About Cyber Talks From ransomware attacks to supply chain compromises, eSentire's Cyber Talks podcast will delve into the world of the latest cyber threats that are impacting businesses globally. Join our team of security experts as we speak with C-level executives and security practitioners about the cyber risks affecting their business and how they're addressing these challenges. About eSentire eSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization's cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world's most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit www.esentire.com and follow @eSentire.
Ivanti's Chris Goettl (VP of Product, Patch Management) welcomes back Robert Waters (Lead PMM, Exposure Management) to cover the dreaded costs of a cyberattack, and how organizations can work to proactively avoid them by addressing three strategic imperatives: attack surface, vulnerability prioritization, and data silos.Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)
In this episode, Erin McLean chats with Mark Benaquista, a seasoned cybersecurity leader and Managing Director at Thomas H. Lee Partners. Mark shares his career journey from starting as an associate at JPMorgan to leading cybersecurity portfolios across various industries. He offers valuable insights into the importance of aligning technology with business objectives and the critical role cybersecurity plays in supporting these goals. Mark also delves into his current role at Thomas H. Lee Partners, where he oversees technology and cybersecurity across the firm's diverse portfolio, highlighting the collaborative approach that drives success. Key discussion points include: Mark's shift from a finance-focused role at JPMorgan to a technology-driven career, illustrating the value of flexibility and seizing new opportunities. Insights from Mark's decade at Merck, where he learned the importance of aligning IT with business objectives and the value of mentorship in career growth. Challenges Mark faced while transitioning to Warner Music and how he first encountered the critical importance of cybersecurity in a rapidly changing industry. Mark's approach to managing technology and cybersecurity across a diverse portfolio, focusing on collaboration, risk management, and the importance of integrating cyber risk into broader business discussions. Mark's thoughts on managing cybersecurity stress, emphasizing transparency, collaboration, and business alignment to ensure that security leaders don't shoulder the burden alone. -- Have a question for us? Reach out: hello@esentire.com --- About Cyber Talks From ransomware attacks to supply chain compromises, eSentire's Cyber Talks podcast will delve into the world of the latest cyber threats that are impacting businesses globally. Join our team of security experts as we speak with C-level executives and security practitioners about the cyber risks affecting their business and how they're addressing these challenges. About eSentire eSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization's cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world's most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit www.esentire.com and follow @eSentire.
How did Greg Crowley, eSentire's CISO, go from a potential career in broadcast television to IT? In this episode of eSentire Cyber Talks, Greg shares what influenced his pivot into cybersecurity, how he transitioned from being a Systems Engineer to a leadership role at WWE (formerly WWF) to developing the company's first security program amidst its expansion to a global enterprise. Greg also discusses his approach to leadership in his role as CISO, focusing on understanding business dynamics, employee relationships, and the organizational security culture. How Greg's background in non-tech fields contributed uniquely to his roles and approach in cybersecurity. Greg's methodical approach over his first 90 days in leadership roles to understand the intrinsic details of the business and its employees. Why anticipating potential security incidents and preparing response mechanisms beforehand is critical. Why it's important to educate internal teams and the executive leadership about cybersecurity risks and frameworks. -- Have a question for us? Reach out: hello@esentire.com --- About Cyber Talks From ransomware attacks to supply chain compromises, eSentire's Cyber Talks podcast will delve into the world of the latest cyber threats that are impacting businesses globally. Join our team of security experts as we speak with C-level executives and security practitioners about the cyber risks affecting their business and how they're addressing these challenges. About eSentire eSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization's cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world's most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit www.esentire.com and follow @eSentire.
Ivanti's Robert Waters (Lead PMM, Exposure Management) is back with Chris Goettl (VP of Product, Patch Management) for the last of our three episodes covering Verizon's 2024 Data Breach Investigations Report, covering the third-most popular attack vector in breaches today: exploit vulnerabilities. And while they may be #3 in prevalence, they're #1 in Chris and Robert's hearts.To view Verizon's report, head to: https://www.verizon.com/business/resources/reports/dbir/Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)
Last month, Sevco unveiled new capabilities in the Sevco platform to help manage and remediate risks for a new asset class – software vulnerabilities (think CVEs) and environmental vulnerabilities (think missing security tools, EOL systems, and IT hygiene issues). Sevco's exposure management capabilities centralize known and surface previously unknown vulnerabilities in one place, prioritize the most critical issues across the environment (based on technical severity and nearly unlimited business context derived from Sevco's asset intelligence), automate the remediation to fix priority issues and validate that remediation efforts are completed. With the help of these new capabilities in the Sevco platform, CISOs gain quantifiable insights to manage remediation programs, highlighting where efforts are working and where they aren't.Why does this matter: The systems that typically track and report CVEs, don't report on vulnerabilities in categories such as cloud, identity, system misconfigurations, and more. Those have to be uncovered from data found within different (typically siloed) tools. This visibility issue has caused CISOs to drown in vulnerabilities without the ability to identify the ones that present the highest risk to an organization. With asset intelligence as the foundation, the Sevco platform's exposure management capabilities help CISOs and security teams solve this challenge by proactively prioritizing, automating, and validating the remediation of all types of exposures, including software and environmental vulnerabilities. Additionally, the Sevco platform validates the successful completion of vulnerability remediation when it's observed on the asset itself, not just when a ticket is closed. This enables Sevco to highlight actionable metrics that allow CISOs to see what's working and what's not working in their remediation programs and break down cross-department silos that can cause visibility issues in the first place.How does it work: Sevco's approach to vulnerability prioritization differs from existing tools because the Sevco platform integrates with existing security tools to aggregate, correlate, and deduplicate the data in those sources to surface important context and assess the risk and business impact for each asset. With this knowledge, Sevco can automatically detect and proactively alert an organization's security team to vulnerabilities in their environment, including software vulnerabilities (CVEs), missing or misconfigured security controls (security gaps), and IT hygiene issues (unpatched devices and shadow IT). Additionally, Sevco helps to prioritize the CVEs, missing endpoint agents, and other IT hygiene vulnerabilities so our customers are always working on the highest risk issues first based on their specific business needs. Sevco's remediation management workflow helps to reduce risk dramatically with automation, key integrations that allow for collaboration and visibility across IT and security teams, and validation that remediation happened -- no matter the ticket status. Additionally, Sevco provides reports on remediation metrics that arm CISOs with the knowledge needed to understand the utilization of specific IT and security teams.Learn more about Sevco: https://itspm.ag/sevco250d8eNote: This story contains promotional content. Learn more.Guest: J.J. Guy, CEO and Co-Founder, SevcoOn LinkedIn | https://www.linkedin.com/in/jjguy/On Twitter | https://x.com/jjguy?lang=enResourcesState of the Cybersecurity Attack Surface (June 2024 Report): https://itspm.ag/sevco-l9blLearn more and catch more stories from Sevco: https://www.itspmagazine.com/directory/sevcoView all of our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugalLearn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
The manufacturing threat landscape is evolving rapidly, with increased automation and remote access needs making Operational Technology (OT) environments more vulnerable to cyber threats. As attackers become more sophisticated, manufacturers must adapt to protect their critical infrastructure and maintain business continuity. Join Tia Hopkins, Field CTO & Chief Cyber Resilience Officer at eSentire, and Ray Texter, Chief of Information Security at Texas United Management, as they discuss the current state of cybersecurity in manufacturing. They delve into the complexities of securing OT environments, the impact of geopolitical tensions, and strategies to enhance cyber resilience. Key Takeaways: Importance of strong cybersecurity partnerships for midsize companies. The growing significance of OT security in manufacturing. Benefits of industry collaboration and cross-departmental cooperation in enhancing breach response. Managing overall exposure beyond traditional vulnerability management. Preparing for new CISA reporting requirements and their impact on cybersecurity budgets and strategies. -- Have a question for us? Reach out: hello@esentire.com --- About Cyber Talks From ransomware attacks to supply chain compromises, eSentire's Cyber Talks podcast will delve into the world of the latest cyber threats that are impacting businesses globally. Join our team of security experts as we speak with C-level executives and security practitioners about the cyber risks affecting their business and how they're addressing these challenges. About eSentire eSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization's cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world's most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit www.esentire.com and follow @eSentire.
The manufacturing industry is facing an increasingly complex threat landscape, characterized by expanding attack surfaces due to continuous IT transformation and interconnected OT environments. Key threats such as ransomware and sophisticated social engineering attacks are exploiting these vulnerabilities, making robust security measures and swift incident response crucial. Join Spence Hutchinson, Staff Threat Intelligence Researcher on the Threat Response Unit (TRU) at eSentire, as he delves into the current threat landscape for the manufacturing sector. Spence discusses the latest trends in cyber threats and provides actionable insights based on recent reports from eSentire's Threat Response Unit (TRU). Understanding the "threat surface scope creep" and its implications for manufacturing security. The critical role of visibility in preventing and detecting intrusions stemming from stolen credentials and unpatched vulnerabilities. The rising prevalence of browser-based attacks and USB worms, and how they are targeting manufacturing systems. Strategies for implementing phish-resistant multi-factor authentication and robust device management to mitigate risks. Insights into the underground market dynamics, including credential markets and access brokers, and their impact on the manufacturing sector. -- Have a question for us? Reach out: hello@esentire.com --- About Cyber Talks From ransomware attacks to supply chain compromises, eSentire's Cyber Talks podcast will delve into the world of the latest cyber threats that are impacting businesses globally. Join our team of security experts as we speak with C-level executives and security practitioners about the cyber risks affecting their business and how they're addressing these challenges. About eSentire eSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization's cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world's most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit www.esentire.com and follow @eSentire.
Ivanti's Chris Goettl (VP of Product, Patch Management) welcomes back Robert Waters (Lead PMM, Exposure Management) for a follow-up on Verizon's 2024 Data Breach Investigations Report, discussing the two main attack vectors used in most breaches -- phishing and credential attacks -- and how your organization should go about defending itself. To view Verizon's report, head to: https://www.verizon.com/business/resources/reports/dbir/Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)
Ivanti's Chris Goettl (VP of Product, Patch Management) welcomes Robert Waters (Lead PMM, Exposure Management) as they discuss the key takeaways from Verizon's latest annual Data Breach Investigations Report: persistent risk from credentials, more and more sophisticated phishing attacks, and the rising prevalence of vulnerability exploits. To view the report yourself, head to: https://www.verizon.com/business/resources/reports/dbir/Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)
© 2020-2026 Ivy Podcast Discovery LLC
