Enterprise Security Weekly (Audio)

Security Weekly Productions
  • 4,9 (14)
  • TECHNOLOGIES
  • CHAQUE SEMAINE
Enterprise Security Weekly (Audio)

News, analysis, and insights into enterprise security. We put security vendors under the microscope, and explore the latest trends that can help defenders succeed. Hosted by Adrian Sanabria. Co hosts: Katie Teitler-Santullo, Darwin Salazar.

  1. D3FEND 1.0: A Milestone in Cyber Ontology - Peter Kaloroumakis - ESW #388

    20/12/2024

    D3FEND 1.0: A Milestone in Cyber Ontology - Peter Kaloroumakis - ESW #388

    Since D3FEND was founded to fill a gap created by the MITRE ATT&CK Matrix, it has come a long way. We discuss the details of the 1.0 release of D3FEND with Peter in this episode, along with some of the new tools they've built to go along with this milestone. To use MITRE's own words to describe the gap this project fills: "it is necessary that practitioners know not only what threats a capability claims to address, but specifically how those threats are addressed from an engineering perspective, and under what circumstances the solution would work" Segment Resources: https://d3fend.mitre.org In the enterprise security news, a final few fundings before the year closes out Arctic Wolf buys Cylance from Blackberry for cheap, a sentence that feels very weird to say the quiet HTTPS revolution passkeys are REALLY catching on resilience keeps showing up in the titles of news items Apple Intelligence insults the BBC’s intelligence MITRE ATT&CK evals drama Lastpass breach drama continues All that and more, on this episode of Enterprise Security Weekly As we wrap up the year, we have an honest discussion about how important security really is to the business. We discuss some of Katie's predictions for AppSec in 2025, as well as "what sucks" in security! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-388

    1 h 43 min
  2. The 2024 Cybersecurity Market Review - Mike Privette, Rew Islam - ESW #387

    13/12/2024

    The 2024 Cybersecurity Market Review - Mike Privette, Rew Islam - ESW #387

    For our second year now, Mike Privette, from Return on Security and the Security, Funded newsletter joins us to discuss the year's highlights and what's to come in the next 12 months. In some ways, it has been a return to form for funding, though some casualties of a tough market likely had to seek acquisition when they might have otherwise raised another round and stayed independent a while longer. We'll cover some stats, talk 2025 IPO market, and discuss the likelihood of (already) being in another bubble, particularly with regards to the already saturated AI security market. It won't be all financial trends though, we'll discuss some of the technical market trends, whether they're finding market fit, and how ~50ish AI SOC startups could possibly survive in such a crowded space. In this segment, we discuss two new FIDO Alliance standards focused on credential portability. Specifically, if passwordless is going to catch on, we need to minimize friction and maximize usability. In practice, this means that passkeys must be portable! Rew Islam of Dashlane joins us to discuss the new standards and how they'll help us enter a new age of secure authentication, both for consumers and the enterprise. Segment Resources: Elevating Passwordless Security With AWS Nitro Synced Passkeys Will Be Portable FIDO Alliance Publishes New Specifications to Promote User Choice and Enhanced UX for Passkeys This week, in the enterprise security news, NOTE: We didn't get to 2, 3, 5, or 7 due to some technical difficulties and time constraints, but we'll hit them next week! The show notes have been updated to reflect what we actually discussed this week: https://www.scworld.com/podcast-segment/13370-enterprise-security-weekly-387 Snowflake takes security more seriously Microsoft takes security more seriously US Government takes telecom security more seriously Cleo Capital takes security more seriously EU’s DORA takes effect soon Is phishing and security awareness training worthless? CISOs need financial literacy Supply chain firewall is basic but useful All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-387

    1 h 47 min
  3. Tackling Barriers on the Road To Cyber Resilience - Rob Allen, Theresa Lanowitz - ESW #386

    06/12/2024

    Tackling Barriers on the Road To Cyber Resilience - Rob Allen, Theresa Lanowitz - ESW #386

    In this final installment of a trio of discussions with Theresa Lanowitz about Cyber Resilience, we put it all together and attempt to figure out what the road to cyber resilience looks like, and what barriers security leaders will have to tackle along the way. We'll discuss: How to identify these barriers to cyber resilience Be secure by design Align cybersecurity investments with the business Also, be sure to check out the first two installments of this series! Episode 380: Cybersecurity Success is Business Success Episode 383: Cybersecurity Budgets: The Journey from Reactive to Proactive This segment is sponsored by LevelBlue. Visit https://securityweekly.com/levelblue to learn more about them! When focused on cybersecurity through a vulnerability management lens, it's tempting to see the problem as a race between exploit development and patching speed. This is a false narrative, however. While there are hundreds of thousands of vulnerabilities, each requiring unique exploits, the number of post-exploit actions is finite. Small, even. Although Log4j was seemingly ubiquitous and easy to exploit, we discovered the Log4Shell attack wasn't particularly useful when organizations had strong outbound filters in place. Today, we'll discuss an often overlooked advantage defenders have: mitigating controls like traffic filtering and application control that can prevent a wide range of attack techniques. This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! This week, in the enterprise security news, Funding and acquisition news slows down as we get into the “I’m more focused on holiday shopping season” North Pole Security picked an appropriate time to raise some seed funding Breaking news, it’s still super easy to exfiltrate data The Nearest Neighbor Attack Agentic Security is the next buzzword you’re going to be tired of soon Frustrations with separating work from personal in the Apple device ecosystem We check in on the AI SOC and see how it’s going Office surveillance technology gives us the creeps All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-386

    1 h 59 min
  4. 2023 Funding and Acquisition Summary with Return on Security - Mike Privette - ESW Vault

    28/11/2024

    2023 Funding and Acquisition Summary with Return on Security - Mike Privette - ESW Vault

    Check out this episode from the ESW Vault, hand picked by main host Adrian Sanabria! This segment was originally published on December 22, 2023. We're excited to give an end-of-year readout on the performance of the cybersecurity industry with Mike Privette, founder of Return on Security and author of the weekly Security, Funded newsletter. This year, this podcast has leaned heavily on the Security, Funded newsletter to prep for our news segment, as it provides a great summary of all the funding and M&A events going on each week. In this segment, we look back at 2023, statistics for the year, comparisons to 2022, interesting insights, predictions, and more! Segment Resources: Mike's blog; Return on Security: https://www.returnonsecurity.com/ Mike's newsletter; Security, Funded: https://www.returnonsecurity.com/subscribe Show Notes: https://securityweekly.com/vault-esw-17

    44 min
  5. Fixing how cybersecurity products are bought and sold - Mariana Padilla - ESW #385

    22/11/2024

    Fixing how cybersecurity products are bought and sold - Mariana Padilla - ESW #385

    This is a topic our hosts are very passionate about, and we're excited to discuss with Mariana Padilla, co-founder and CEO of Hackerverse. She wants to change how cybersecurity sales works, with a focus on making the process more transparent and ideally demonstrating a product's efficacy before buyers even need to talk to a sales team. We'll discuss why existing sales processes are broken, how VC funding impacts vendor sales/marketing, and why community-led growth is so important. Why a special segment on Microsoft Ignite announcements? There were a lot of announcements Microsoft is the largest security vendor, in terms of revenue Microsoft and its products are also the biggest and most vulnerable hacking target in the tech industry. In the enterprise security news, Bitsight, Snyk, and Silverfort announce acquisitions Tanium announces an “autonomous” endpoint security offering We find out how much a smartphone costs when it is manufactured in the US CISA’s leadership announces resignations Ransomware is going after old versions of Excel Should vendors be doing more about alert fatigue? The latest cybersecurity reports Using AI to mess with scammers All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-385

    1 h 52 min
  6. AI and the Autonomous SOC - Separating Hype from Reality - Justin Beals, Itai Tevet - ESW #384

    15/11/2024

    AI and the Autonomous SOC - Separating Hype from Reality - Justin Beals, Itai Tevet - ESW #384

    There have been a lot of bold claims about how generative AI and machine learning will transform the SOC. Ironically, the SOC was (arguably) invented only because security products failed to make good on bold claims. The cybersecurity market is full of products that exist only to solve the problems created by other security products (Security Analytics, SOC Automation, Risk-Based Vulnerability Management). Other products are natural evolutions and pick up where others leave off. In this interview, we'll explore what AI can and can't do, particularly when it comes to alert triage and other common SOC tasks. Segment Resources: From Forrester: Generative AI Will Not Fulfill Your Autonomous SOC Hopes (Or Even Your Demo Dreams) From Intezer: Mastering SOC Automation in 2024: Tips, Trends and Tools The Future of SOC Automation Platforms SentinelOne wants to make the autonomous SOC a reality Naturally, the next approach to try is a federated one. How do we break down cybersecurity into more bite-sized components? How do we alleviate all this CISO stress we've heard about, and make their job seem less impossible than it does today? This will be a more standards and GRC focused discussion, covering: the reasons why cross-walking doesn't work the reasons why traditional TPRM approaches (e.g. questionnaires) don't work opportunities for AI to help risk management or sales support? This week in the enterprise security news, Upwind Security gets a massive $100M Series B Trustwave and Cybereason merge NVIDIA wants to force SOC analyst millennials to socialize with AI agents Has the cybersecurity workforce peaked? Why incident response is essential for resilience an example of good product marketing who is Salvatore Verini, Jr. and why does he have all my data? All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-384

    1 h 56 min
  7. Cybersecurity Budgets: the Journey from Reactive to Proactive - Todd Thiemann, Theresa Lanowitz - ESW #383

    08/11/2024

    Cybersecurity Budgets: the Journey from Reactive to Proactive - Todd Thiemann, Theresa Lanowitz - ESW #383

    CISOs struggle more with reactive budgets than CIOs or CTOs. It's not that part of the CISO's budget shouldn't be reactive, it's certainly necessary to an extent. The problem is when proactive measures suffer as a result. In this interview, we'll discuss some of the causes behind this and some strategies for breaking out of this loop. This segment is sponsored by LevelBlue. Visit https://securityweekly.com/levelblue to learn more about them! Is it a product or a feature? Is it DLP 4.0, or something legitimately new? Buy now, or wait for further consolidation? There are SO many questions about this market. It's undeniably important - data hygiene and governance continues to be a frustrating mess in many organizations, but is this the solution? We'll discuss with Todd to find out. In the enterprise security news, Some big fundings no less than 4 acquisitions Silencing the EDR silencers ghost jobs overinflated estimates on open cybersecurity jobs weaponizing Microsoft Copilot fun projects with disposable vapes All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-383

    2 h 1 min
  8. What if securing buildings was as easy as your smartphone? - Damon McDougald, Blaine Frederick, Punit Minocha - ESW #382

    04/11/2024

    What if securing buildings was as easy as your smartphone? - Damon McDougald, Blaine Frederick, Punit Minocha - ESW #382

    The future is here! Imagine if you could get into the office, a datacenter, or even an apartment building as easily as you unlock your smartphone. Alcatraz AI is doing exactly that with technology that works similarly to how smartphones unlock using your face. It works in the dark, if you shave off your beard, and so quickly you don't even need to slow down for the scan - you can just keep on walking. We don't often cover physical security, so this interview is going to be a treat for us. There are SO many questions to ask here, particularly for our hosts who have done physical penetration tests, social engineering, and tailgating in the past to get past physical security measures. This week, in the enterprise security news: the latest cybersecurity fundings Cyera acquires Trail Security Sophos acquires Secureworks new companies and products more coverage on Cyberstarts’ sunrise program AI can control your PC public cybersecurity companies are going private Splunk and Palo Alto beef All that and more, on this episode of Enterprise Security Weekly. Segment description coming soon! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-382

    2 h 6 min
Tout afficher (406)

Notes et avis

4,9
sur 5
14 notes

À propos

News, analysis, and insights into enterprise security. We put security vendors under the microscope, and explore the latest trends that can help defenders succeed. Hosted by Adrian Sanabria. Co hosts: Katie Teitler-Santullo, Darwin Salazar.

Informations

  • Création
    Security Weekly Productions
  • Années d’activité
    2016 - 2024
  • Épisodes
    406
  • Classification
    Tous publics
  • Copyright
    © 2024 CyberRisk Alliance
  • Site web de l’émission
    Enterprise Security Weekly (Audio)

Vous aimeriez peut‑être aussi

Pour écouter des épisodes au contenu explicite, connectez‑vous.

Recevez les dernières actualités sur cette émission

Connectez‑vous ou inscrivez‑vous pour suivre des émissions, enregistrer des épisodes et recevoir les dernières actualités.
Choisissez un pays ou une région

Afrique, Moyen‑Orient et Inde

Asie‑Pacifique

Europe

Amérique latine et Caraïbes

États‑Unis et Canada