Enterprise Security Weekly (Video)

Security Weekly Productions
  • 4.7(3則評分)
  • 科技新聞
  • 每日更新
Enterprise Security Weekly (Video)

News, analysis, and insights into enterprise security. We put security vendors under the microscope, and explore the latest trends that can help defenders succeed. Hosted by Adrian Sanabria. Co hosts: Katie Teitler-Santullo, Darwin Salazar.

  1. The dark side of security leadership, will agentic be a thing, OWASP AI resources - ESW #394

    3 天前 · 影片

    The dark side of security leadership, will agentic be a thing, OWASP AI resources - ESW #394

    In this week's enterprise security news, we've got 5 acquisitions Tines gets funding new tools and DFIR reports to check out A legal precedent that could hurt AI companies AI garbage is in your code repos the dark side of security leadership HIPAA fines are broken Salt Typhoon is having a great time Don't use ChatGPT for legal advice!!!!! All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-394

    51 分鐘
  2. A SecOps Medley: we talk automation, AI, data management, and EDR evaluations - Allie Mellen - ESW #394

    3 天前 · 影片

    A SecOps Medley: we talk automation, AI, data management, and EDR evaluations - Allie Mellen - ESW #394

    We couldn't decide what to talk to Allie about, so we're going with a bit of everything. Don't worry - it's all related and ties together nicely. First, we'll discuss AI and automation in the SOC - Allie is covering this trend closely, and we want to know if she's seeing any results yet here. Next, we'll discover SecOps data management - the blood that delivers oxygen to the SOC muscles. Finally, we'll discuss MITRE's recent EDR evaluations - there was some contention around some vendors claiming to ace the test and we're going to get the tea on what's really going on here! For each of these three topics, these are the blog posts they correspond with if you want to learn more: Generative AI Will Not Fulfill Your Autonomous SOC Hopes (Or Even Your Demo Dreams) If You’re Not Using Data Pipeline Management For Security And IT, You Need To Go Beyond The MITRE ATT&CK Evaluation To The True Cost Of Alert Volumes Show Notes: https://securityweekly.com/esw-394

    32 分鐘
  3. Evolving the SOC: Automating Manual Work while Maintaining Quality at Scale - Tim MalcomVetter - ESW #394

    4 天前 · 影片

    Evolving the SOC: Automating Manual Work while Maintaining Quality at Scale - Tim MalcomVetter - ESW #394

    We've got a few compelling topics to discuss within SecOps today. First, Tim insists it's possible to automate a large amount of SecOps work, without the use of generative AI. Not only that, but he intends to back it up by tracking the quality of this automated work with an ISO standard unknown to cybersecurity. I've often found useful lessons and wisdom outside security, so I get excited when someone borrows from another, more mature industry to help solve problems in cyber. In this case, we'll be talking about Acceptable Quality Limits (AQL), an ISO standard quality assurance framework that's never been used in cyber. Segment Resources: Introducing AQL for cyber. AQL - How we do it An AQL 'calculator' you can play around with Show Notes: https://securityweekly.com/esw-394

    32 分鐘
  4. Breach details need to be transparent and kids need cybersecurity education - ESW #393

    2月10日 · 影片

    Breach details need to be transparent and kids need cybersecurity education - ESW #393

    This week, in the enterprise security news, Semgrep raises a lotta money CYE acquires Solvo Sophos completes the Secureworks acquisition SailPoint prepares for IPO Summarizing the 2024 cybersecurity market Lawyers that specialize in keeping breach details secret Scientists torture AI Make sure to offboard your S3 buckets extinguish fires with bass All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-393

    48 分鐘
  5. Inside look and lessons from a Recent APT Attack on a U.S. Aerospace Company - John Dwyer - ESW #393

    2月10日 · 影片

    Inside look and lessons from a Recent APT Attack on a U.S. Aerospace Company - John Dwyer - ESW #393

    Listeners of the show are probably aware (possibly painfully aware) that I spend a lot of time analyzing breaches to understand how failures occurred. Every breach story contains lessons organizations can learn from to avoid suffering the same fate. A few details make today's breach story particularly interesting: It was a Chinese APT Maybe the B or C team? They seemed to be having a hard time Their target was a blind spot for both the defender AND the attacker Segment Resources: https://www.binarydefense.com/resources/blog/shining-a-light-in-the-dark-how-binary-defense-uncovered-an-apt-lurking-in-shadows-of-it/ https://www.theregister.com/2024/09/18/chinesespiesfoundonushqfirm_network/ Show Notes: https://securityweekly.com/esw-393

    32 分鐘
  6. The groundbreaking technology addressing employment scams and deepfakes - Aaron Painter - ESW #393

    2月9日 · 影片

    The groundbreaking technology addressing employment scams and deepfakes - Aaron Painter - ESW #393

    Spoiler: it's probably in your pocket or sitting on the table in front of you, right now! Modern smartphones are conveniently well-suited for identity verification. They have microphones, cameras, depth sensors, and fingerprint readers in some cases. With face scanning quickly becoming the de facto technology used for identity verification, it was a no-brainer for Nametag to build a solution around mobile devices to address employment scams. Segment Resources: Company website Aaron's book, Loyal Show Notes: https://securityweekly.com/esw-393

    30 分鐘
  7. Semgrep non-drama, Facebook hates Linux - Vulns in Cars, Cell Towers, M365, and more - ESW #392

    2月3日 · 影片

    Semgrep non-drama, Facebook hates Linux - Vulns in Cars, Cell Towers, M365, and more - ESW #392

    This week in the enterprise security weekly news, we discuss funding and acquisitions Understanding the Semgrep license drama Ridiculous vulnerabilities everywhere: vulns to take down your entire city’s cell service vulns to mess with your Subarus vulns in Microsoft 365 authentication cybersecurity regulations are worthless Facebook is banning people for mentioning Linux Vigilantes on Github Mastercard DNS error Qubes OS Turning a "No" into a conversation All that and more, on this episode of Enterprise Security Weekly! Show Notes: https://securityweekly.com/esw-392

    57 分鐘
  8. Special Breaking AI News - there's too much AI news, can we please stop - ESW #392

    2月3日 · 影片

    Special Breaking AI News - there's too much AI news, can we please stop - ESW #392

    This week, we've added an extra news segment just on AI. Not because we wanted to, but because the news cycle has bludgeoned us into it. My mom is asking about Chinese AI, my neighbor wants to know why his stocks tanked, my clients want to know how to prevent their employees from using DeepSeek, it's a mess. First, a DeepSeek primer, so we can make sure all Enterprise Security Weekly listeners know what they need to know. Then we get into some other AI news stories. DeepSeek Primer I think the most interesting aspect of the DeepSeek announcements is the business/market impact, which isn't really security-related, but could have some impact on security teams. By introducing models that are cheaper to train, sell access to, and less demanding to run on systems, DeepSeek has opened up more market opportunities. That means we'll see generative AI used in markets and ways that didn't make sense before, because it was too expensive. Another aspect that's really confusing is what DeepSeek is or does. For the most part, when someone says "DeepSeek", they could be referring to: the company the open source models released by the company the SaaS service (https://chat.deepseek.com) the mobile app (which is effectively just a front end for #3) the API (which is what the mobile app and SaaS service are built on top of) From a security perspective, there's little to no operational risk around downloading and using the models, though they're likely to get banned, so companies could get in trouble for using them. As for the app, API, or SaaS service, assume everything you type into them is getting collected by China (so, significantly less safe, probably no US companies should do this). But because these services are crazy cheap right now, I wouldn't be surprised if some suppliers and third parties will start using DeepSeek - if your third party service provider is using DeepSeek behind the scenes with your data, you still have problem #2, so best to ensure they're not doing this through updated contract language and call to confirm that they're not currently doing it (can take a while to get a new contract in place). Show Notes: https://securityweekly.com/esw-392

    42 分鐘
顯示全部 (1,056)

評分與評論

4.7
(滿分 5 顆星)
3 則評分

簡介

News, analysis, and insights into enterprise security. We put security vendors under the microscope, and explore the latest trends that can help defenders succeed. Hosted by Adrian Sanabria. Co hosts: Katie Teitler-Santullo, Darwin Salazar.

資訊

  • 創作者
    Security Weekly Productions
  • 活躍年代
    2016年 - 2025年
  • 集數
    1056
  • 年齡分級
    兒少適宜
  • 版權
    © 2024 CyberRisk Alliance
  • 節目網站
    Enterprise Security Weekly (Video)

你可能也會喜歡

若要收聽兒少不宜的單集,請登入帳號。

隨時掌握此節目最新消息

登入或註冊後,即可追蹤節目、儲存單集和掌握最新資訊。
選取國家或地區

非洲、中東和印度

亞太地區

歐洲

拉丁美洲與加勒比海地區

美國與加拿大