Podcasts about security analytics

⬥GUEST⬥Allie Mellen, Principal Analyst,  Forrester | On LinkedIn: https://www.linkedin.com/in/hackerxbella/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On ITSPmagazine: https://www.itspmagazine.com/sean-martin⬥EPISODE NOTES⬥In this episode, Allie Mellen, Principal Analyst on the Security and Risk Team at Forrester, joins Sean Martin to discuss the latest results from the MITRE ATT&CK Ingenuity Evaluations and what they reveal about detection and response technologies.The Role of MITRE ATT&CK EvaluationsMITRE ATT&CK is a widely adopted framework that maps out the tactics, techniques, and procedures (TTPs) used by threat actors. Security vendors use it to improve detection capabilities, and organizations rely on it to assess their security posture. The MITRE Ingenuity Evaluations test how different security tools detect and respond to simulated attacks, helping organizations understand their strengths and gaps.Mellen emphasizes that MITRE's evaluations do not assign scores or rank vendors, which allows security leaders to focus on analyzing performance rather than chasing a “winner.” Instead, organizations must assess raw data to determine how well a tool aligns with their needs.Alert Volume and the Cost of Security DataOne key insight from this year's evaluation is the significant variation in alert volume among vendors. Some solutions generate thousands of alerts for a single attack scenario, while others consolidate related activity into just a handful of actionable incidents. Mellen notes that excessive alerting contributes to analyst burnout and operational inefficiencies, making alert volume a critical metric to assess.Forrester's analysis includes a cost calculator that estimates the financial impact of alert ingestion into a SIEM. The results highlight how certain vendors create a massive data burden, leading to increased costs for organizations trying to balance security effectiveness with budget constraints.The Shift Toward Detection and Response EngineeringMellen stresses the importance of detection engineering, where security teams take a structured approach to developing and maintaining high-quality detection rules. Instead of passively consuming vendor-generated alerts, teams must actively refine and tune detections to align with real threats while minimizing noise.Detection and response should also be tightly integrated. Forrester's research advocates linking every detection to a corresponding response playbook. By automating these processes through security orchestration, automation, and response (SOAR) solutions, teams can accelerate investigations and reduce manual workloads.Vendor Claims and the Reality of Security ToolsWhile many vendors promote their performance in the MITRE ATT&CK Evaluations, Mellen cautions against taking marketing claims at face value. Organizations should review MITRE's raw evaluation data, including screenshots and alert details, to get an unbiased view of how a tool operates in practice.For security leaders, these evaluations offer an opportunity to reassess their detection strategy, optimize alert management, and ensure their investments in security tools align with operational needs.For a deeper dive into these insights, including discussions on AI-driven correlation, alert fatigue, and security team efficiency, listen to the full episode.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥Inspiring Post: https://www.linkedin.com/posts/hackerxbella_go-beyond-the-mitre-attck-evaluation-to-activity-7295460112935075845-N8GW/Blog | Go Beyond The MITRE ATT&CK Evaluation To The True Cost Of Alert Volumes: https://www.forrester.com/blogs/go-beyond-the-mitre-attck-evaluation-to-the-true-cost-of-alert-volumes/⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

⬥GUEST⬥Allie Mellen, Principal Analyst,  Forrester | On LinkedIn: https://www.linkedin.com/in/hackerxbella/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On ITSPmagazine: https://www.itspmagazine.com/sean-martin⬥EPISODE NOTES⬥In this episode, Allie Mellen, Principal Analyst on the Security and Risk Team at Forrester, joins Sean Martin to discuss the latest results from the MITRE ATT&CK Ingenuity Evaluations and what they reveal about detection and response technologies.The Role of MITRE ATT&CK EvaluationsMITRE ATT&CK is a widely adopted framework that maps out the tactics, techniques, and procedures (TTPs) used by threat actors. Security vendors use it to improve detection capabilities, and organizations rely on it to assess their security posture. The MITRE Ingenuity Evaluations test how different security tools detect and respond to simulated attacks, helping organizations understand their strengths and gaps.Mellen emphasizes that MITRE's evaluations do not assign scores or rank vendors, which allows security leaders to focus on analyzing performance rather than chasing a “winner.” Instead, organizations must assess raw data to determine how well a tool aligns with their needs.Alert Volume and the Cost of Security DataOne key insight from this year's evaluation is the significant variation in alert volume among vendors. Some solutions generate thousands of alerts for a single attack scenario, while others consolidate related activity into just a handful of actionable incidents. Mellen notes that excessive alerting contributes to analyst burnout and operational inefficiencies, making alert volume a critical metric to assess.Forrester's analysis includes a cost calculator that estimates the financial impact of alert ingestion into a SIEM. The results highlight how certain vendors create a massive data burden, leading to increased costs for organizations trying to balance security effectiveness with budget constraints.The Shift Toward Detection and Response EngineeringMellen stresses the importance of detection engineering, where security teams take a structured approach to developing and maintaining high-quality detection rules. Instead of passively consuming vendor-generated alerts, teams must actively refine and tune detections to align with real threats while minimizing noise.Detection and response should also be tightly integrated. Forrester's research advocates linking every detection to a corresponding response playbook. By automating these processes through security orchestration, automation, and response (SOAR) solutions, teams can accelerate investigations and reduce manual workloads.Vendor Claims and the Reality of Security ToolsWhile many vendors promote their performance in the MITRE ATT&CK Evaluations, Mellen cautions against taking marketing claims at face value. Organizations should review MITRE's raw evaluation data, including screenshots and alert details, to get an unbiased view of how a tool operates in practice.For security leaders, these evaluations offer an opportunity to reassess their detection strategy, optimize alert management, and ensure their investments in security tools align with operational needs.For a deeper dive into these insights, including discussions on AI-driven correlation, alert fatigue, and security team efficiency, listen to the full episode.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥Inspiring Post: https://www.linkedin.com/posts/hackerxbella_go-beyond-the-mitre-attck-evaluation-to-activity-7295460112935075845-N8GW/Blog | Go Beyond The MITRE ATT&CK Evaluation To The True Cost Of Alert Volumes: https://www.forrester.com/blogs/go-beyond-the-mitre-attck-evaluation-to-the-true-cost-of-alert-volumes/⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

How Generative AI and Machine Learning are Revolutionizing CybersecurityIn this episode of the Endace Packet Forensic Files, Michael Morris explores how advanced technologies like AI and machine learning are transforming security operations with James Spiteri. With extensive experience in cybersecurity and security operations, including leading SOC teams and developing innovative solutions for AI and machine learning, James offers unparalleled insights.He delves into the growing sophistication of nation-state threats, the critical role of SIEM tools, and how AI-driven insights are enabling faster, smarter threat detection by prioritizing critical alerts, automating mundane tasks, analyzing complex data patterns, and operationalizing unstructured threat intelligence in real-time.Don't miss this insightful episode, where James shares expert tips on leveraging cutting-edge technology to strengthen your cybersecurity defenses and stay ahead of evolving threats.ABOUT ENDACE*****************Endace (https://www.endace.com) is a world leader in high-performance packet capture solutions for cybersecurity, network and application performance.For more than two decades, Endace has revolutionized enterprise-class, always-on packet capture. The scalable EndaceProbe Analytics Platform (https://www.endace.com/endaceprobe) delivers deep, unified visibility across on-premise, private, and public cloud networks. Get to forensic evidence quickly, with rapid search and powerful tool integration. Protect your network and accelerate investigation and response with Endace.

There have been a lot of bold claims about how generative AI and machine learning will transform the SOC. Ironically, the SOC was (arguably) invented only because security products failed to make good on bold claims. The cybersecurity market is full of products that exist only to solve the problems created by other security products (Security Analytics, SOC Automation, Risk-Based Vulnerability Management). Other products are natural evolutions and pick up where others leave off. In this interview, we'll explore what AI can and can't do, particularly when it comes to alert triage and other common SOC tasks. Segment Resources: From Forrester: Generative AI Will Not Fulfill Your Autonomous SOC Hopes (Or Even Your Demo Dreams) From Intezer: Mastering SOC Automation in 2024: Tips, Trends and Tools The Future of SOC Automation Platforms SentinelOne wants to make the autonomous SOC a reality Naturally, the next approach to try is a federated one. How do we break down cybersecurity into more bite-sized components? How do we alleviate all this CISO stress we've heard about, and make their job seem less impossible than it does today? This will be a more standards and GRC focused discussion, covering: the reasons why cross-walking doesn't work the reasons why traditional TPRM approaches (e.g. questionnaires) don't work opportunities for AI to help risk management or sales support? This week in the enterprise security news, Upwind Security gets a massive $100M Series B Trustwave and Cybereason merge NVIDIA wants to force SOC analyst millennials to socialize with AI agents Has the cybersecurity workforce peaked? Why incident response is essential for resilience an example of good product marketing who is Salvatore Verini, Jr. and why does he have all my data? All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-384

There have been a lot of bold claims about how generative AI and machine learning will transform the SOC. Ironically, the SOC was (arguably) invented only because security products failed to make good on bold claims. The cybersecurity market is full of products that exist only to solve the problems created by other security products (Security Analytics, SOC Automation, Risk-Based Vulnerability Management). Other products are natural evolutions and pick up where others leave off. In this interview, we'll explore what AI can and can't do, particularly when it comes to alert triage and other common SOC tasks. Segment Resources: From Forrester: Generative AI Will Not Fulfill Your Autonomous SOC Hopes (Or Even Your Demo Dreams) From Intezer: Mastering SOC Automation in 2024: Tips, Trends and Tools The Future of SOC Automation Platforms SentinelOne wants to make the autonomous SOC a reality Naturally, the next approach to try is a federated one. How do we break down cybersecurity into more bite-sized components? How do we alleviate all this CISO stress we've heard about, and make their job seem less impossible than it does today? This will be a more standards and GRC focused discussion, covering: the reasons why cross-walking doesn't work the reasons why traditional TPRM approaches (e.g. questionnaires) don't work opportunities for AI to help risk management or sales support? This week in the enterprise security news, Upwind Security gets a massive $100M Series B Trustwave and Cybereason merge NVIDIA wants to force SOC analyst millennials to socialize with AI agents Has the cybersecurity workforce peaked? Why incident response is essential for resilience an example of good product marketing who is Salvatore Verini, Jr. and why does he have all my data? All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-384

There have been a lot of bold claims about how generative AI and machine learning will transform the SOC. Ironically, the SOC was (arguably) invented only because security products failed to make good on bold claims. The cybersecurity market is full of products that exist only to solve the problems created by other security products (Security Analytics, SOC Automation, Risk-Based Vulnerability Management). Other products are natural evolutions and pick up where others leave off. In this interview, we'll explore what AI can and can't do, particularly when it comes to alert triage and other common SOC tasks. Segment Resources: From Forrester: Generative AI Will Not Fulfill Your Autonomous SOC Hopes (Or Even Your Demo Dreams) From Intezer: Mastering SOC Automation in 2024: Tips, Trends and Tools The Future of SOC Automation Platforms SentinelOne wants to make the autonomous SOC a reality Show Notes: https://securityweekly.com/esw-384

There have been a lot of bold claims about how generative AI and machine learning will transform the SOC. Ironically, the SOC was (arguably) invented only because security products failed to make good on bold claims. The cybersecurity market is full of products that exist only to solve the problems created by other security products (Security Analytics, SOC Automation, Risk-Based Vulnerability Management). Other products are natural evolutions and pick up where others leave off. In this interview, we'll explore what AI can and can't do, particularly when it comes to alert triage and other common SOC tasks. Segment Resources: From Forrester: Generative AI Will Not Fulfill Your Autonomous SOC Hopes (Or Even Your Demo Dreams) From Intezer: Mastering SOC Automation in 2024: Tips, Trends and Tools The Future of SOC Automation Platforms SentinelOne wants to make the autonomous SOC a reality Show Notes: https://securityweekly.com/esw-384

Streamline threat detection and response across diverse environments with Microsoft Sentinel, your cloud-native SIEM solution. With features like Auxiliary logs for low-cost storage and proactive data optimization recommendations, you can efficiently manage high volumes of security data without compromising on threat intelligence. Leverage built-in AI and automation to uncover hidden threats and reduce investigation time from days to minutes. Rob Lefferts, CVP for Security Solutions at Microsoft, joins Jeremy Chapman to show how to migrate from existing SIEM solutions with built-in migration tools, ensuring seamless access to your security logs while maintaining investigative integrity.   ► QUICK LINKS: 00:00 - Microsoft Sentinel, modern Cloud SIEM 01:12 - Unified security operations platform 02:55 - Prioritize security updates 04:27 - Storage options 05:11 - Optimize data coverage and usage 06:17 - Protect against long-term persistent attacks 07:58 - Automation using auxiliary logs 08:59 - Manual effort 10:10 - Automation 12:07 - Migration 13:31 - Wrap up   ► Link References Get started at https://aka.ms/MicrosoftSentinel Find samples for the Playbook Logic App and the Function app at https://aka.ms/AuxLogsTIapp   ► Unfamiliar with Microsoft Mechanics?  As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. • Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries • Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog • Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast   ► Keep getting this insider knowledge, join us on social: • Follow us on Twitter: https://twitter.com/MSFTMechanics  • Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ • Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ • Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics

Graph learning has gained prominent traction from the academia and industry as a solution to detect complex cyber-attack campaigns. By constructing a graph that connects various network/host entities and modeling the benign/malicious patterns, threat-hunting tasks like data provenance and entity classification can be automated. We term the systems under this theme as Graph-based Security Analytics (GSAs). In this talk, we first provide a cursory view of GSA research in the recent decade, focusing on the academic side. Then, we elaborate a few GSAs developed in our lab, which are designed for edge-level intrusion detection (Argus), subgraph-level attack reconstruction (ProGrapher) and storage reduction (SEAL). In the end of the talk, we will review the progress and pitfalls along the development of GSA research, and highlight some research opportunities. About the speaker: Zhou Li is an Assistant Professor at UC Irvine, EECS department, leading the Data-driven Security and Privacy Lab. Before joining UC Irvine, he worked as Principal Research Scientist at RSA Labs from 2014 to 2018. His research interests include Internet Security, Organizational network security, Privacy Enhancement Technologies, and Security and privacy for machine learning. He received the NSF CAREER award, Amazon Research Award, Microsoft Security AI award and IRTF Applied Networking Research Prize.

Welcome to another episode of Category Visionaries — the show that explores GTM stories from tech's most innovative B2B founders. In today's episode, we're speaking with Robert Cowart, CEO & Co-Founder of ElastiFlow, a network performance and security analytics platform that's raised $8 Million in funding. Here are the most interesting points from our conversation: Network Dependency: Robert emphasizes the critical role of network infrastructure in today's world, impacting commerce, healthcare, entertainment, and social interactions. Genesis of ElastiFlow: The company started as an experiment to see how new data platforms like Elasticsearch could improve network observability, leading to a successful GitHub project. Community's Role: The initial success and growth of ElastiFlow were significantly boosted by a loyal community built around the GitHub project, highlighting the importance of community-led growth. Market Entry and Growth: ElastiFlow quickly transitioned from community support to paying customers, even before launching their beta product, showcasing the power of having a dedicated user base. Building a Marketing Strategy: Initially relying on inbound marketing, ElastiFlow has now invested in outbound sales and marketing, including paid ads and content creation, to increase brand awareness and drive growth. Future Vision: The company aims to continue enhancing network observability, adding more context to network traffic records, and ensuring comprehensive support for hybrid IT environments. //   Sponsors: Front Lines — We help B2B tech companies launch, manage, and grow podcasts that drive demand, awareness, and thought leadership. www.FrontLines.io The Global Talent Co. — We help tech startups find, vet, hire, pay, and retain amazing marketing talent that costs 50-70% less than the US & Europe.  www.GlobalTalent.co    

On this episode of the Six Five On the Road, host Krista Macomber is joined by Mike Nichols, VP of Product Management, Security, at Elastic for a conversation on the critical role of AI in transforming Security Operations Centers (SOCs). Mike shares insights on how artificial intelligence is not just the future but a present necessity in defending enterprise systems against advancing threats. Their discussion covers: The transition from traditional SIEM to AI-driven security analytics and its impact on SOC workflows. Advancements in threat detection with the new Attack Discovery feature using generative AI. Enhancements in team productivity through the AI Assistant, offering tailored guidance for analysts and administrators. The implementation of the Search AI platform to improve the accuracy and relevance of generative AI responses by integrating public Large Language Models (LLMs) with private contextual data. A forward-looking perspective on defending enterprises with AI technologies, emphasizing that the future is already here.  

In this Brand Story episode, hosts Marco Ciappelli and Sean Martin engage in a thought-provoking conversation with Ben Fitzpatrick from Cymulate. The discussion explores the innovative approaches to cybersecurity that can help regions advance beyond their current situation.Fitzpatrick shares his insights on the lifecycle of security and technology, emphasizing the critical role of continuous monitoring and understanding the attack path for staying ahead of potential threats. He elaborates on Cymulate's use of cutting-edge tools and methods like automation, AI, and TTP to simulate high-level intrusion attacks without causing damage, providing a non-disruptive method for businesses to validate their security controls.An important aspect of the conversation revolves around risk prioritization. Fitzpatrick expresses the necessity for businesses, particularly CISOs, to conduct regular—even continuous—testing of all components of their infrastructure and applications. This approach allows for a comprehensive understanding of potential risks and the ability to prioritize their mitigation.Fitzpatrick also digs into the concept of response. He asserts that many companies are only at the cusp of realizing its significance in their cybersecurity strategy. He underscores the need to stay ahead of the curve, tackling the most important threats and adversaries, and minimizing the risk window.The episode concludes with Fitzpatrick discussing Cymulate's role in helping businesses understand their most critical threats and adversaries, and how they can best respond to them. He emphasizes that Cymulate is not just about ticking boxes; it's about understanding the business, managing risks, and staying ahead of the curve. This episode promises to offer listeners a unique perspective on proactive, intelligent cybersecurity strategies and their role in business resilience.Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-storyGuest: Ben Fitzpatrick, VP of Sales, Asia Pacific (APAC)On LinkedIn | https://www.linkedin.com/in/befitzpatrick/ResourcesCymulate Expands Sales Leadership Team to Drive Growth in EMEA & APAC Global Markets: https://cymulate.com/news/cymulate-expands-sales-leadership-team-to-drive-growth-in-emea-apac-global-markets/Security Analytics for Continuous Threat Exposure Management: Making Better IT Decisions Through the Lens of an Attacker | A Brand Story from Infosecurity Europe 2023, London, England | A Cymulate Story with Nir Loya: https://redefining-cybersecurity.simplecast.com/episodes/security-analytics-for-continuous-threat-exposure-management-making-better-it-decisions-through-the-lens-of-an-attacker-a-company-briefing-from-infosecurity-europe-2023-london-england-a-cymulate-company-briefing-story-with-nir-loya____________________________Catch more stories from Cymulate: https://itspm.ag/cymulate-ltd--s2k4Are you interested in telling your story?https://www.itspmagazine.com/telling-your-storyTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcast

In this Brand Story episode, hosts Marco Ciappelli and Sean Martin engage in a thought-provoking conversation with Ben Fitzpatrick from Cymulate. The discussion explores the innovative approaches to cybersecurity that can help regions advance beyond their current situation.Fitzpatrick shares his insights on the lifecycle of security and technology, emphasizing the critical role of continuous monitoring and understanding the attack path for staying ahead of potential threats. He elaborates on Cymulate's use of cutting-edge tools and methods like automation, AI, and TTP to simulate high-level intrusion attacks without causing damage, providing a non-disruptive method for businesses to validate their security controls.An important aspect of the conversation revolves around risk prioritization. Fitzpatrick expresses the necessity for businesses, particularly CISOs, to conduct regular—even continuous—testing of all components of their infrastructure and applications. This approach allows for a comprehensive understanding of potential risks and the ability to prioritize their mitigation.Fitzpatrick also digs into the concept of response. He asserts that many companies are only at the cusp of realizing its significance in their cybersecurity strategy. He underscores the need to stay ahead of the curve, tackling the most important threats and adversaries, and minimizing the risk window.The episode concludes with Fitzpatrick discussing Cymulate's role in helping businesses understand their most critical threats and adversaries, and how they can best respond to them. He emphasizes that Cymulate is not just about ticking boxes; it's about understanding the business, managing risks, and staying ahead of the curve. This episode promises to offer listeners a unique perspective on proactive, intelligent cybersecurity strategies and their role in business resilience.Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-storyGuest: Ben Fitzpatrick, VP of Sales, Asia Pacific (APAC)On LinkedIn | https://www.linkedin.com/in/befitzpatrick/ResourcesCymulate Expands Sales Leadership Team to Drive Growth in EMEA & APAC Global Markets: https://cymulate.com/news/cymulate-expands-sales-leadership-team-to-drive-growth-in-emea-apac-global-markets/Security Analytics for Continuous Threat Exposure Management: Making Better IT Decisions Through the Lens of an Attacker | A Brand Story from Infosecurity Europe 2023, London, England | A Cymulate Story with Nir Loya: https://redefining-cybersecurity.simplecast.com/episodes/security-analytics-for-continuous-threat-exposure-management-making-better-it-decisions-through-the-lens-of-an-attacker-a-company-briefing-from-infosecurity-europe-2023-london-england-a-cymulate-company-briefing-story-with-nir-loya____________________________Catch more stories from Cymulate: https://itspm.ag/cymulate-ltd--s2k4Are you interested in telling your story?https://www.itspmagazine.com/telling-your-storyTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcast

In letzter Zeit hört man viel von Resilienz im Zusammenhang mit IT-Sicherheit. Aber was bedeutet das genau? Wie kann sich ein Unternehmen cyber-resilient aufstellen und wie können Security Frameworks dabei helfen? Diesmal ist Le-Khanh Au von Splunk bei Salsabil und Tobias zu Gast. Sie erklärt uns, wie das MITRE ATT&CK-Framework Unternehmen dabei helfen kann, eine zielführende Cybersicherheits-Strategie anzuwenden.

Live on-location from Infosecurity Europe 2023, Sean Martin connects with Nir Loya from Cymulate to discuss the launch of their new solution for organizations to run an informed continuous threat exposure management (CTEM) program.When you have the insights presented through the lens of the attacker and mapped to a CTEM program, you have an opportunity to drive better IT decisions to securely enable the business. The Cymulate Exposure Analytics solution has a quantifiable impact across all five of the CTEM program pillars and on a business's ability to reduce risk by understanding, tracking, and improving its security posture with the following CTEM Alignment:Scoping: Understand by organizational segment, the risk posture of business systems and security tools and its risk to immediate and emergent threats to define the highest impact programs needed to reduce or manage risk scores and toleranceDiscovery: Correlated analysis from Cymulate and multi-vendor data that assesses on-premises and cloud attack surfaces, risky assets, attack paths, vulnerabilities, and business impactPrioritization: Vulnerability prioritization & remediation guidance based on multi-vendor aggregated data that is normalized, contextualized, and evaluated against breach feasibilityValidation: Analyze exposure severity, security integrity, and effectiveness of remediation from security validation assessment data. Immediate threat and security control efficacy data can be used to answer questions such as “Are we at risk to this emergent threat?”, “Do we have the necessary capabilities to protect us when under attack?”.Mobilization: Utilize Cymulate contextualized data to understand various response outcome options, and establish and track performance against baselines, benchmarks, and risk profilesNote: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-storyGuest: Nir Loya, VP of Product at Cymulate [@Cymulateltd]On LinkedIn | https://www.linkedin.com/in/nir-loya-dahan/ResourcesLearn more about Cymulate: https://itspm.ag/cymulate-ltd--s2k4Be sure to tune in to all of our Infosecurity Europe 2023 conference coverage: https://www.itspmagazine.com/infosecurity-europe-2023-infosec-london-cybersecurity-event-coverageCatch the full Infosecurity Europe 2023 YouTube playlist: https://www.youtube.com/playlist?list=PLnYu0psdcllTOeLEfCLJlToZIoJtNJB6BAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story____________________________If you are a cybersecurity vendor with a story to share, you can book your pre-event video podcast briefing here (https://itspm.ag/iseu23tsv) and your on-location audio podcast briefing here (https://itspm.ag/iseu23tsp).Explore the full conference coverage sponsorship bundle here: https://itspm.ag/iseu23bndlFor more ITSPmagazine advertising and sponsorship opportunities:

Live on-location from Infosecurity Europe 2023, Sean Martin connects with Nir Loya from Cymulate to discuss the launch of their new solution for organizations to run an informed continuous threat exposure management (CTEM) program.When you have the insights presented through the lens of the attacker and mapped to a CTEM program, you have an opportunity to drive better IT decisions to securely enable the business. The Cymulate Exposure Analytics solution has a quantifiable impact across all five of the CTEM program pillars and on a business's ability to reduce risk by understanding, tracking, and improving its security posture with the following CTEM Alignment:Scoping: Understand by organizational segment, the risk posture of business systems and security tools and its risk to immediate and emergent threats to define the highest impact programs needed to reduce or manage risk scores and toleranceDiscovery: Correlated analysis from Cymulate and multi-vendor data that assesses on-premises and cloud attack surfaces, risky assets, attack paths, vulnerabilities, and business impactPrioritization: Vulnerability prioritization & remediation guidance based on multi-vendor aggregated data that is normalized, contextualized, and evaluated against breach feasibilityValidation: Analyze exposure severity, security integrity, and effectiveness of remediation from security validation assessment data. Immediate threat and security control efficacy data can be used to answer questions such as “Are we at risk to this emergent threat?”, “Do we have the necessary capabilities to protect us when under attack?”.Mobilization: Utilize Cymulate contextualized data to understand various response outcome options, and establish and track performance against baselines, benchmarks, and risk profilesNote: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-storyGuest: Nir Loya, VP of Product at Cymulate [@Cymulateltd]On LinkedIn | https://www.linkedin.com/in/nir-loya-dahan/ResourcesLearn more about Cymulate: https://itspm.ag/cymulate-ltd--s2k4Be sure to tune in to all of our Infosecurity Europe 2023 conference coverage: https://www.itspmagazine.com/infosecurity-europe-2023-infosec-london-cybersecurity-event-coverageCatch the full Infosecurity Europe 2023 YouTube playlist: https://www.youtube.com/playlist?list=PLnYu0psdcllTOeLEfCLJlToZIoJtNJB6BAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story____________________________If you are a cybersecurity vendor with a story to share, you can book your pre-event video podcast briefing here (https://itspm.ag/iseu23tsv) and your on-location audio podcast briefing here (https://itspm.ag/iseu23tsp).Explore the full conference coverage sponsorship bundle here: https://itspm.ag/iseu23bndlFor more ITSPmagazine advertising and sponsorship opportunities:

Is it possible to take a different approach to threat detection and do better? Why are endpoint security solutions missing the threats that we buy them to detect? Is a counter-terrorism method applicable to threat hunting? How does malware evade allow listing in some instances? What gaps in coverage are we seeing from methodologies for threat intelligence? Those questions and more on this episode!

In today's episode of Category Visionaries, we speak with Lucas Nelson, Partner at Lytical Ventures, a Venture Fund Focusing on Enterprise Intelligence, Security & Analytics, about the current state of the venture space, and what is getting people excited or frustrated these days. Lytical ventures' focus on the enterprise intelligence sector gives them the opportunity to work with passionate and technical founders across a whole range of enterprises, returning the market to its roots of investors taking board seats and being more involved in how their investment is run. We also speak about the Lytical Ventures' two main funds, frustration with the current ‘business school mindset' dominating the market, why deep diligence is probably more important now than ever, and why data is driving much innovation based on deep market insights. Topics Discussed: Lucas' career from self-professed ‘geek hacker' to venture capitalist, and what he's learned along the way Why Lytical ventures chose a focus on the enterprise intelligence space, and how it helps them identify truly innovative offerings The different funding structures available, and the difference between seed funds, crossover funds, and others Why Lucas loves working with passionate founders, and taking a hands-on approach to investments Why Lucas has been frustrated with the ‘business school mindset' dominating the venture capital space The present and future of venture capital, and how data is set to transform the investment tomorrow

This episode features “the expert in ChatGPT”, Stephan Jou. He is CTO of Security Analytics at OpenText Cybersecurity. “The techniques that we are developing are becoming so sophisticated and scalable that it's really become the only viable method to detect increasingly sophisticated and subtle attacks when the data volumes and velocity are so huge. So think about nation state attacks where you have very advanced adversaries that are using uncommon tools that won't be on any sort of blacklist.”“In the past five years or so, I've become increasingly interested in the ethical and responsible application of AI. Pure AI is kind of like pure math. It's neutral. It doesn't have an angle to it, but applied AI is a different story. So all of a sudden you have to think about the implications of your AI product, the data that you're using, and whether your AI product can be weaponized or misled.” “You call me the expert in ChatGPT. I sort of both love it and hate it. I love it because people like me are starting to get so much attention and I hate it because it's sort of highlighted some areas of potential risk associated with AI that people are only start now starting to realize.”“I'm very much looking forward to using technologies that can understand code and code patterns and how code gets assembled together and built into a product in a human-like way to be able to sort of detect software vulnerabilities. That's a fascinating area of development and research that's going on right now in our labs.”“[on AI poisoning] The good news is, this is very difficult to do in practice. A lot of the papers that we see on AI poisoning, they're much more theoretical than they are practical.”Rate and review the show on Apple Podcasts.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com

IT administrators today are faced with unique challenges on how they can secure their environment and intellectual property. With remote workers, the IT perimeter that needs to be protected has grown exponentially opening opportunities to get into the environment. So how can administrators deal with security threats proactively and reactively? In this episode of The Click-Down, we invite JR Goldman, Lead Sales Engineer, to talk about how customers can proactively and reactively use Security Analytics to protect their environment. We discuss how Security Analytics can be used in conjunction with other SIEM tools to get a more comprehensive look at your security landscape. Finally, we discuss some of the challenges both end-users and administrators are facing today. You can learn more about Citrix Security Analytics here.  Make sure to read the success of other customers using the solution here.Follow us on Twitter, we would love to hear from you!Ana Ruiz: @mobileruizDan Feller: @djfeller

Freedom is not something to fear; in fact, it's an essential component of creativity. Chaos is something to avoid, however. Many creative people confuse freedom with chaos and think a chaotic environment inspires creative passion. The most creative environments are those that provide enough order, and essential security, that allows individuals to stretch out to create something new. As security information management has evolved with the cloud, a new form of defense has been required. Dave Frampton, the VP/GM Cloud SIEM & Security Analytics at Sumo Logic, describes this system as living in the middle of the cloud chaos. “What you really need to do is rethink this and deliver this SIM from the cloud, like as a cloud service itself. So that's it's right there in the midst of all that chaos [and] able to ingest all of that data and it's savvy and smart about all those different new threat surfaces, because, in and [of] itself, this service is built and made from all of these same components: microservices, and containers, and modular, modern software that communicates by APIs.”By living in the midst of the cloud chaos, a security platform such as Sumo Logic is in the middle of the action and is creating a secure place for business and creativity to flourish. In Greek mythology, Atlas was forced to hold up the sky as a punishment by Zeus. Cybersecurty forces must hold back those with ill intent and to do so they dwell inside the chaos and create a safe place there. They don't do this because they are condemned to this fate. Instead, they do so because they have chosen this role of protector and this is their mission.On this episode of IT Visionaries, Dave chats about how cybersecurity has evolved to decrease silos and increase automation. He explains how humanity, and ethics, are required to make judgements on how A.I. and automation should be used to further security aims. Enjoy the episode!Main TakeawaysMoving Into the Cloud Chaos: If the action is in the cloud, then security needs to be in the cloud too to ingest necessary data and to disrupt attacks. The security product must be at the same level, and made with the same parts, as that which it is intended to protect. Platform Disrupts Silos: In companies, silos are often made out of a sense of necessity. People work in their areas with their specific knowledge and access. In security, however, it is important to have a platform that connects those on the application and security teams so they can work together to protect the company.  Automation with Ethics: There's a drive to automate as much as possible in the security realm because there is so much data and so many threats with everything moving so fast. This is reasonable, but humanity must lead decision-making concerning automation. It's a matter of ethics. People must choose when to automate and for what purpose. They must weigh the pros and cons of their actions and accept any consequences. Fear and Greed: People are often driven by fear and greed. This is the case when considering A.I. and automation advances in security. On the fear side, it's reasonable to be concerned about potential technological overreaches and unintended consequences. On the greed side, A.I. and automation has vast potential to deal with so much incoming data and to make quick decisions.---IT Visionaries is brought to you by the Salesforce Platform - the #1 cloud platform for digital transformation of every experience. Build connected experiences, empower every employee, and deliver continuous innovation - with the customer at the center of everything you do. Learn more at salesforce.com/platform 

This talk covers the state of the Art and Practice in Cybersecurity Metrics. The history ranges from the 1970s through the present. Topics include, but are not limited to: Control Objectives, the Orange Book, the Common Criteria, Systems Security Engineering Capability Maturity Model, Common Vulnerability Enumeration, National Vulnerability Database, NIST Pubs such as the Performance Measurement Guide for Information Security, Threat Intelligence Protocols, Exemplar studies such as the Verizon Data Breach Incident Report, Industry Best Practice and Regulatory Assessments, Security Incident and Event Management, Security Analytics, Security Scorecards. About the speaker: Jennifer L. Bayuk,Ph.D., is an Independent Cybersecurity Consultant. She also teaches Cybersecurity Risk Management in multiple academic and professional forums and serves as a Private Cybersecurity Investigator and Expert Witness. She has previously been a Wall Street Chief Information Security Officer, a Global Financial Services Cybersecurity Risk Management Officer, a Global Financial Services Technology Risk Management Officer, a Big 4 Information Risk Management Auditor/Consultant,a Manager of Information Technology Internal Audit, a Security Architect, a Bell Labs Security Software Engineer, a Professor of Systems Security Engineering.  In all of these positions, governance using security metrics has been a core component of her job function. Her numerous books, articles, and presentations cover a wide variety of topics in Cybersecurity Management and Engineering. She earned a Ph.D. in Systems Engineering with a dissertation on security metrics: Security as a Theoretical Attribute Construct and is frequently a member of the Metricon program committee(securitymetrics.org)

Our guest this week is Gunter Ollmann, chief security officer at security analytics firm Devo. He shares his insights on the history and evolution of security analytics, the challenges organizations face when implementing them, the network effects of cloud migration, as well as strategies for making the case to the organizational powers that be that security analytics are a wise investment.

Our guest this week is Gunter Ollmann, chief security officer at security analytics firm Devo. He shares his insights on the history and evolution of security analytics, the challenges organizations face when implementing them, the network effects of cloud migration, as well as strategies for making the case to the organizational powers that be that security analytics are a wise investment.

No guests. We interviewed each other! Topics: What would you say are the most things that Chronicle is trying to address today? What are the good ways to use threat intel to detect threats that do not ruin your SOC? What does “autonomic” security mean, anyway? Is this a fancy way of saying “automatic” or something more? For sure, “the Cloud is not JUST someone else's computer“ - but how does this apply to threat detection? What makes threat detection “cloud-native”? What kinds of ML magic does your mini UEBA inside SCC use? Can you really do automated remediation in the cloud? Resources: Google Cloud Security Summit “Making Invisible Security a Reality with Google” keynote “Security Analytics at Google Speed and Scale” presentation by Anton “Managing Your Security Posture on Google Cloud” presentation by Tim “Stop Trying to Take Humans Out of SOC … Except … Wait… Wait… Wait…” blog Chronicle main site Threat Detection in Logs in Google Cloud SCC video “Modern Threat Detection at Google” (episode 17)  “Automate and/or Die?” (episode 3)

In the latest episode of our Weekly IT Security podcast series, Ram, IT security expert at ManageEngine, shares his thoughts on the importance of threat intelligence in elevating the security posture of an organization. He also explains how threat intelligence allows organizations to beef up their security against constantly evolving malicious threats and attack patterns known around the world.

Today I will discuss: 1. What is the scope of security analytics? 2. What are the main components of security analytics? 3. What are the benefits of using analytics for organization? Watch

Security as a platform. This is what Cisco is working to integrate with its newer security products: SecureX and Stealthwatch Cloud. Systems Engineering Manager John Heintz is part of that team trying to make information security as simple and streamlined as possible. He joins Keri on this episode to discuss… -Why security as a platform is a unique and helpful approach to security management today -How SecureX provides a unified vision of all your security products -How Stealthwatch detects threats through scalable visibility and security analytics Find more on Stealthwatch, Stealthwatch case studies and listen to episode 67: Securing it all with SecureX. To join the discussion, follow us on Twitter @IngramTechSol #B2BTechTalk Listen to this episode and more like it by subscribing to B2B Tech Talk on Spotify, Apple Podcasts, or Stitcher. Or tune in on our website.

Im IBM Livestudio Magazin diese Woche dreht sich alles um Security. Unsere Themen: Cyberattacken als elementare Bedrohung – Lisa Unkelhäußer, Security Channel Leader DACH, zeigt, warum Cyberattacken heutzutage gefährlicher sind als Feuer und wie ein Incident Response Plan hilft, Kosten zu sparen. Der IBM Security Summit findet im Juni virtuell statt und beschäftigt sich mit den Aspekten einer leistungsfähigen Sicherheitsinfrastruktur. Martin Runde, Marketing Manager IBM Security, gibt einen Ausblick auf die Veranstaltung. Um Security Analytics geht es dann im Gespräch mit Ralf Finger, Geschäftsführer des IBM Business Partners Information Works. Denn bei allen Arten von Ermittlungstätigkeiten fallen große Mengen an Daten an, die analysiert werden müssen.

Matthias Reinwarth and Alexei Balaganski discuss the plethora of acronyms for security analytics solutions: from SOC and SIEM to UEBA and SOAR.

Matthias Reinwarth and Alexei Balaganski discuss the plethora of acronyms for security analytics solutions: from SOC and SIEM to UEBA and SOAR.

Chris Morales is the Head of Security Analytics at Vectra, and joined the podcast this week to talk about incident response and threat management programs. He also discussed an interesting research report on privileged access. In this week’s Who Got Pwned, the team looked at Nintendo accounts being hacked with proceeds laundered through Fortnite currency. In other news, they discussed why Microsoft doesn’t trust Thunderbolt, an Australian coronavirus tracking app, and Wifi 6E.

Chris Morales is the Head of Security Analytics at Vectra, and joined the podcast this week to talk about incident response and threat management programs. He also discussed an interesting research report on privileged access. In this week’s Who Got Pwned, the team looked at Nintendo accounts being hacked with proceeds laundered through Fortnite currency. In other news, they discussed why Microsoft doesn’t trust Thunderbolt, an Australian coronavirus tracking app, and Wifi 6E.

Chris Morales is the Head of Security Analytics at Vectra, and joined the podcast this week to talk about incident response and threat management programs. He also discussed an interesting research report on privileged access. In this week’s Who Got Pwned, the team looked at Nintendo accounts being hacked with proceeds laundered through Fortnite currency. In other news, they discussed why Microsoft doesn’t trust Thunderbolt, an Australian coronavirus tracking app, and Wifi 6E.

Chris Morales is the Head of Security Analytics at Vectra, and joined the podcast this week to talk about incident response and threat management programs. He also discussed an interesting research report on privileged access. In this week’s Who Got Pwned, the team looked at Nintendo accounts being hacked with proceeds laundered through Fortnite currency. In other news, they discussed why Microsoft doesn’t trust Thunderbolt, an Australian coronavirus tracking app, and Wifi 6E.

Chris Morales is the Head of Security Analytics at Vectra, and joined the podcast this week to talk about incident response and threat management programs. He also discussed an interesting research report on privileged access. In this week’s Who Got Pwned, the team looked at Nintendo accounts being hacked with proceeds laundered through Fortnite currency. In other news, they discussed why Microsoft doesn’t trust Thunderbolt, an Australian coronavirus tracking app, and Wifi 6E.

Chris Morales is the Head of Security Analytics at Vectra, and joined the podcast this week to talk about incident response and threat management programs. He also discussed an interesting research report on privileged access. In this week’s Who Got Pwned, the team looked at Nintendo accounts being hacked with proceeds laundered through Fortnite currency. In other news, they discussed why Microsoft doesn’t trust Thunderbolt, an Australian coronavirus tracking app, and Wifi 6E.

Splunk's Security Research Team collects attack data in the wild from across the globe and analyzes new and unusual techniques, tactics, and procedures employed by threat actors. We use this data to help customers build tailored defenses—defenses that automatically detect, investigate, and respond to suspicious activities in real time. In this session we will discuss how Splunk security researchers created our own honeypot and data collection framework in response to research demonstrating that honeypots were twice as effective as open-source intelligence feeds at detecting new threats (http://tinyurl.com/y335po8d). We will provide an introduction to honeypots and explain how we architected and built KLAPP-Back, a high-interaction SSH honeypot. We will also discuss how KLAPP-Back helped us build better detection analytics and seed Splunk Enterprise Security, Splunk Phantom, and Splunk User Behavior Analytics use cases with attacker data. Speaker(s) Bhavin Patel, Security Software Engineer, Splunk Jose Hernandez, Security Researcher, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1357.pdf?podcast=1577146238 Product: Splunk Enterprise, Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Intermediate

Splunk's Security Research Team collects attack data in the wild from across the globe and analyzes new and unusual techniques, tactics, and procedures employed by threat actors. We use this data to help customers build tailored defenses—defenses that automatically detect, investigate, and respond to suspicious activities in real time. In this session we will discuss how Splunk security researchers created our own honeypot and data collection framework in response to research demonstrating that honeypots were twice as effective as open-source intelligence feeds at detecting new threats (http://tinyurl.com/y335po8d). We will provide an introduction to honeypots and explain how we architected and built KLAPP-Back, a high-interaction SSH honeypot. We will also discuss how KLAPP-Back helped us build better detection analytics and seed Splunk Enterprise Security, Splunk Phantom, and Splunk User Behavior Analytics use cases with attacker data. Speaker(s) Bhavin Patel, Security Software Engineer, Splunk Jose Hernandez, Security Researcher, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1357.pdf?podcast=1577146229 Product: Splunk Enterprise, Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Intermediate

Splunk's Security Research Team collects attack data in the wild from across the globe and analyzes new and unusual techniques, tactics, and procedures employed by threat actors. We use this data to help customers build tailored defenses—defenses that automatically detect, investigate, and respond to suspicious activities in real time. In this session we will discuss how Splunk security researchers created our own honeypot and data collection framework in response to research demonstrating that honeypots were twice as effective as open-source intelligence feeds at detecting new threats (http://tinyurl.com/y335po8d). We will provide an introduction to honeypots and explain how we architected and built KLAPP-Back, a high-interaction SSH honeypot. We will also discuss how KLAPP-Back helped us build better detection analytics and seed Splunk Enterprise Security, Splunk Phantom, and Splunk User Behavior Analytics use cases with attacker data. Speaker(s) Bhavin Patel, Security Software Engineer, Splunk Jose Hernandez, Security Researcher, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1357.pdf?podcast=1577146234 Product: Splunk Enterprise, Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Intermediate

Splunk's Security Research Team collects attack data in the wild from across the globe and analyzes new and unusual techniques, tactics, and procedures employed by threat actors. We use this data to help customers build tailored defenses—defenses that automatically detect, investigate, and respond to suspicious activities in real time. In this session we will discuss how Splunk security researchers created our own honeypot and data collection framework in response to research demonstrating that honeypots were twice as effective as open-source intelligence feeds at detecting new threats (http://tinyurl.com/y335po8d). We will provide an introduction to honeypots and explain how we architected and built KLAPP-Back, a high-interaction SSH honeypot. We will also discuss how KLAPP-Back helped us build better detection analytics and seed Splunk Enterprise Security, Splunk Phantom, and Splunk User Behavior Analytics use cases with attacker data. Speaker(s) Bhavin Patel, Security Software Engineer, Splunk Jose Hernandez, Security Researcher, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1357.pdf?podcast=1577146224 Product: Splunk Enterprise, Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Intermediate

Splunk's Security Research Team collects attack data in the wild from across the globe and analyzes new and unusual techniques, tactics, and procedures employed by threat actors. We use this data to help customers build tailored defenses—defenses that automatically detect, investigate, and respond to suspicious activities in real time. In this session we will discuss how Splunk security researchers created our own honeypot and data collection framework in response to research demonstrating that honeypots were twice as effective as open-source intelligence feeds at detecting new threats (http://tinyurl.com/y335po8d). We will provide an introduction to honeypots and explain how we architected and built KLAPP-Back, a high-interaction SSH honeypot. We will also discuss how KLAPP-Back helped us build better detection analytics and seed Splunk Enterprise Security, Splunk Phantom, and Splunk User Behavior Analytics use cases with attacker data. Speaker(s) Bhavin Patel, Security Software Engineer, Splunk Jose Hernandez, Security Researcher, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1357.pdf?podcast=1577146215 Product: Splunk Enterprise, Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Intermediate

When my 7-year-old introduced me to his second-grade class, he put it best: "My Mom teaches the good guys how to keep the bad guys out of their computers. She has a blue lightsaber." - Nadean Tanner Puppet (https://puppet.com/) . She is responsible for all things product training from working with internal knowledge sources and the instructional design team to produce modern, engaging knowledge assets to delivering online and onsite classroom sessions.  Nadean is an experienced instructor and speaker with nearly 20 years' experience in information technology and security training delivery and development. At Rapid7, she taught vulnerability management and network and application assault as well as SQL, Ruby, and API. Before Rapid 7, Nadean taught Security Analytics and Advanced Security Operations Center Management for RSA. She taught cybersecurity and information assurance 8570 classes for the Department of Defense including CISSP at Fort Gordon, Fort Carson, and the Pentagon, and she developed and taught graduate-level computer science courses at Louisiana State University for six years. In this episode, we discuss teaching and traveling, communicating technical terms, talking about the basics, writing a book, teaching with humility, knowing when you are an expert, and so much more. Where you can find Nadean: LinkedIn (https://www.linkedin.com/in/nadeanhtanner/) Website (https://www.nadeantanner.org/) Amazon (https://www.amazon.com/Cybersecurity-Blue-Toolkit-Nadean-Tanner/dp/1119552931/)

This week, we welcome Matthew McMahon, Head of Security Analytics at Salve Regina University, to talk about Medical devices, Cybersecurity and Resilience, and Cybersecurity Training! In our second segment, we welcome Justin Murphy, Cloud Security Engineer at Cisco, to talk about DNS in the Security Architecture! In our final segment, Doug, Jeff, Patrick, and Lee give you the latest security news to talk about a Zero Day for Windows, the battle over Huawei with the US and Google, & unpatched hardware and companies tripping themselves up!   Full Show Notes: https://wiki.securityweekly.com/Episode605 Visit https://www.securityweekly.com/psw for all the latest episodes!   Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Matthew McMahon, Head of Security Analytics at Salve Regina University, to talk about Medical devices, Cybersecurity and Resilience, and Cybersecurity Training! In our second segment, we welcome Justin Murphy, Cloud Security Engineer at Cisco, to talk about DNS in the Security Architecture! In our final segment, Doug, Jeff, Patrick, and Lee give you the latest security news to talk about a Zero Day for Windows, the battle over Huawei with the US and Google, & unpatched hardware and companies tripping themselves up!   Full Show Notes: https://wiki.securityweekly.com/Episode605 Visit https://www.securityweekly.com/psw for all the latest episodes!   Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

We welcome Matthew McMahon, Head of Security Analytics at Salve Regina University, to talk about Medical devices, Cybersecurity and Resilience, and Cybersecurity Training! Full Show Notes: https://wiki.securityweekly.com/Episode605 Follow us on Twitter: https://www.twitter.com/securityweekly

We welcome Matthew McMahon, Head of Security Analytics at Salve Regina University, to talk about Medical devices, Cybersecurity and Resilience, and Cybersecurity Training! Full Show Notes: https://wiki.securityweekly.com/Episode605 Follow us on Twitter: https://www.twitter.com/securityweekly

Christopher Morales is Head of Security Analytics at Vectra, where he advises and designs incident response and threat management programs for Fortune 500 enterprise clients. Christopher is a widely respected expert on cybersecurity issues and technologies and has researched, written and presented numerous information security architecture programs and processes. Full Show Notes: https://wiki.securityweekly.com/Episode591 Follow us on Twitter: https://www.twitter.com/securityweekly

This week, we welcome Chris Morales, the Head of Security Analytics at Vectra for an interview to talk about Machine Learning! In our second segment, the Security Weekly hosts talks about some of our favorite hacker movies, influencers in the community, and what software and devices make appearances in our labs! In the Security News, cellular carriers are implementing services to identify cell scam leveraging, new Android malware uses motion sensor to avoid detection, Linux malware disables security software to mine cryptocurrency, and how a hacker threatened a family using a Nest camera to broadcast a fake missile attack alert!   Full Show Notes: https://wiki.securityweekly.com/Episode591 Visit https://www.securityweekly.com/psw for all the latest episodes!   Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Chris Morales, the Head of Security Analytics at Vectra for an interview to talk about Machine Learning! In our second segment, the Security Weekly hosts talks about some of our favorite hacker movies, influencers in the community, and what software and devices make appearances in our labs! In the Security News, cellular carriers are implementing services to identify cell scam leveraging, new Android malware uses motion sensor to avoid detection, Linux malware disables security software to mine cryptocurrency, and how a hacker threatened a family using a Nest camera to broadcast a fake missile attack alert!   Full Show Notes: https://wiki.securityweekly.com/Episode591 Visit https://www.securityweekly.com/psw for all the latest episodes!   Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Christopher Morales is Head of Security Analytics at Vectra, where he advises and designs incident response and threat management programs for Fortune 500 enterprise clients. Christopher is a widely respected expert on cybersecurity issues and technologies and has researched, written and presented numerous information security architecture programs and processes. Full Show Notes: https://wiki.securityweekly.com/Episode591 Follow us on Twitter: https://www.twitter.com/securityweekly

This webinar focused on the development and application of combined data analytics and offered several examples of analytics that combine domain resolution data, network device inventory and configuration data, and intrusion detection.

In this episode of SearchSecurity's Risk & Repeat podcast, Tod Beardsley and Rebekah Brown of Rapid7 talk about the IoT threat landscape and improving IoT device security.

How effective are Security Analytics tools and how do you compare their operational effectiveness? After spending months researching this subject, Gartner's Dr. Anton Chuvakin says the long and short is that they just don't know how well the tools work as there isn't much data on the operational effectiveness of security analytics. He points out that for analytics tools, many of the vendors have just 5-10 customers that have some data but it isn't enough. He tells Security Current's Vic Wheatman that a lot of stuff is very anecdotal and we only hear the success stories. So, he says it is hard to say, which type of a tool, model and statistics are working well. Listen to hear what you should do.

How big a market is Security Analytics? If you ask our guest, Gartner Research VP Dr. Anton Chuvakin you'll hear that there actually is no specific or defined market called Security Analytics. He says that while there are technology providers offering products or services so labeled they all do somewhat different things in different ways.  There are vendors who look at packets, others that look at logs or roles and those that look at malware among other things and they all carry a label of analytics but according to Dr. Chuvakin the fact that all of the vendors do different things indicates that there is no market that you can just go to and buy a security analytics product.  Organizations need to self define what they want to analyze and then assemble the required pieces and perhaps integrate with a Security Information and Event Management (SIEM) system, which is in some cases is essential for aspects of security analytics to work. In any case, the buy versus build discussion becomes much more than binary. Dr. Chuvakin explores this largely undefined territory with Security Current's Vic Wheatman.

Research on new technologies to help security analysts defend networks and systems from attacks has unique challenges --- the ad-hoc nature of attacks and their mitigation makes formal modeling elusive; the diverse threat scenarios of organizations makes a one-size-fit-all solution unlikely; and the lack of data and production deployment to test research prototypes makes evaluation extremely difficult. In this talk I will describe the unique approaches we have been taking to address this problem. Since algorithms and tools that arise from this research are intended to help the tasks performed by human analysts, it becomes a pre-requisite for researchers to first understand how analysts do their jobs, and identify the key obstacles and bottlenecks for performance. I will explain how we designed/built the SnIPS system for intrusion analysis by eliciting expert knowledge through ad-hoc interviews, and the formulation of a customized Dempster-Shafer theory to capture how humans deal with the inherent uncertainty in this reasoning process. I then explain how this led us to eventually adopt an anthropological approach to address this research challenge.Anthropology is a social science well known for its long-term participant observation method in which researchers spend substantial amounts of time living/working together with the subjects of study, as participant observers who take part in the daily lives and challenges of those they study, giving them a more empathic perspective understanding of their views, practices, and challenges. I will use the examples in my past eight years' research to explain why this type of ethnographic fieldwork is crucial and could be a very effective method to extract the "tacit knowledge" embodied in the practices of security analysts. Joining the "community of practice" of security operations will enable researchers to access the tacit knowledge, make it explicit, subject it to systematic analysis and modeling, and yield algorithms that execute the knowledge in an automated fashion. I will also talk about "unexpected findings" we are still deriving from on-going anthropological fieldwork at multiple security operations centers. About the speaker: Dr. Xinming (Simon) Ou is an associate professor of Computer Science and the Peggy and Gary Edwards Chair in Engineering at Kansas State University. He received his PhD from Princeton University in 2005. Before joining Kansas State University in 2006, he was a post-doctoral research associate at Purdue University's Center for Education and Research in Information Assurance and Security (CERIAS), and a research associate at Idaho National Laboratory (INL). Dr. Ou's research is primarily in cyber defense technologies, with focuses on intrusion/forensics analysis, cloud security and moving-target defense, mobile system security, and cyber physical system security. Dr. Ou's research has been funded by National Science Foundation, Department of Defense, Department of Energy, National Institute of Standards and Technology (NIST), HP Labs, and Rockwell Collins. He is a recipient of 2010 NSF Faculty Early Career Development (CAREER) Award, a three-time winner of HP Labs Innovation Research Program (IRP) award, and 2013 K-State College of Engineering Frankenhoff Outstanding Research Award.

Research on new technologies to help security analysts defend networks and systems from attacks has unique challenges --- the ad-hoc nature of attacks and their mitigation makes formal modeling elusive; the diverse threat scenarios of organizations makes a one-size-fit-all solution unlikely; and the lack of data and production deployment to test research prototypes makes evaluation extremely difficult. In this talk I will describe the unique approaches we have been taking to address this problem. Since algorithms and tools that arise from this research are intended to help the tasks performed by human analysts, it becomes a pre-requisite for researchers to first understand how analysts do their jobs, and identify the key obstacles and bottlenecks for performance. I will explain how we designed/built the SnIPS system for intrusion analysis by eliciting expert knowledge through ad-hoc interviews, and the formulation of a customized Dempster-Shafer theory to capture how humans deal with the inherent uncertainty in this reasoning process. I then explain how this led us to eventually adopt an anthropological approach to address this research challenge. Anthropology is a social science well known for its long-term participant observation method in which researchers spend substantial amounts of time living/working together with the subjects of study, as participant observers who take part in the daily lives and challenges of those they study, giving them a more empathic perspective understanding of their views, practices, and challenges. I will use the examples in my past eight years' research to explain why this type of ethnographic fieldwork is crucial and could be a very effective method to extract the "tacit knowledge" embodied in the practices of security analysts. Joining the "community of practice" of security operations will enable researchers to access the tacit knowledge, make it explicit, subject it to systematic analysis and modeling, and yield algorithms that execute the knowledge in an automated fashion. I will also talk about "unexpected findings" we are still deriving from on-going anthropological fieldwork at multiple security operations centers.

Bill Brenner interviews three interns who spent the summer working with the InfoSec team. A look at their projects and where they hope to go from here.

Scott Crane is Arbor Networks product manager for its Pravail line of big data security analytics division. Scott was a part of the original PacketLoop team -- PacketLoop was an Australian start up that created some pretty impressive big data security analytics technology. It was so impressive that it wound up being acquired by Arbor Networks and is now sold under the Pravail brand. Somehow the original team managed to convince Arbor to keep the bulk of the R&D on those products based right here in Australia. So you could say we're all pretty big fans of Scott and his team for scoring some runs for the home team. They've got 12 staff in Sydney, and they're growing. It's been eight months since the deal was struck, so I caught up with Scott to talk about what's new in the field of big data security analytics. And interestingly enough, the Pravail tech wound up being pretty useful lately. Because it performs packet-capture based analysis, the Pravail team could help their clients roll back through their stored packet captures to see if anyone had used the Heartbleed flaw against them. Somewhat reassuringly, the Pravail guys at Arbor did not find any evidence of Heartbleed actually being used in the wild.

With the advent of advanced data collection techniques in the form of honeypots, distribured honeynets, honey clients and malware collectors, data collected from these mechanisms becomes an abundant resource. One must remember though that the value of data is often only as good as the analysis technique used. In this presentation, we will describe a number of alternative analysis techniqes that leverages techniques adopted from statistics, AI, data mining, graphics design pattern recognition and economics. We will also show how security researchers can utilize tools from other disciplines to extract valuable findings to support security research work. This presentation hopes to be an eye opener for security practitioners that there are many more techniques, tools and options beyond the security research field that they can use in their work. Hopefully, this will be the groundwork for a cross-discipline collaborative project that will help identify more techniques for security research and analysis. Some techniques that we will talk about is the use of various clustering algorithms to classify attacks. Predicting attacks by using learning algorithms, detecting attacks through artificial intelligence, determining attack trends using pattern recognition and advanced visualization for attack analysis. Among the tools that we will demonstrate are readily available open source tools like WEKA, Tanagra, and R Project that have not been traditionally used in security research but has great potential in security research. This presentation will be useful for those in security research, honeypot development and forensics.

With the advent of advanced data collection techniques in the form of honeypots, distribured honeynets, honey clients and malware collectors, data collected from these mechanisms becomes an abundant resource. One must remember though that the value of data is often only as good as the analysis technique used. In this presentation, we will describe a number of alternative analysis techniqes that leverages techniques adopted from statistics, AI, data mining, graphics design pattern recognition and economics. We will also show how security researchers can utilize tools from other disciplines to extract valuable findings to support security research work. This presentation hopes to be an eye opener for security practitioners that there are many more techniques, tools and options beyond the security research field that they can use in their work. Hopefully, this will be the groundwork for a cross-discipline collaborative project that will help identify more techniques for security research and analysis. Some techniques that we will talk about is the use of various clustering algorithms to classify attacks. Predicting attacks by using learning algorithms, detecting attacks through artificial intelligence, determining attack trends using pattern recognition and advanced visualization for attack analysis. Among the tools that we will demonstrate are readily available open source tools like WEKA, Tanagra, and R Project that have not been traditionally used in security research but has great potential in security research. This presentation will be useful for those in security research, honeypot development and forensics.