goodpods headphones icon

To access all our features

Open the Goodpods app
Close icon
profile image
share icon

Share

The best podcasts for SharkStriker Striego is a multi-tenant, open-architecture, human-led AI/ML-driven security platform

share icon

Share

Who am I?

SharkStriker Striego is a multi-tenant, open-architecture, human-led AI/ML-driven security platform designed to solve the most immediate challenges in cybersecurity and compliance. It helps organizations by providing them with a single stop for all their cybersecurity and compliance needs. It is managed by a dedicated team that can implement the best practices in the industry, helping businesses make the most of their existing cybersecurity investments. As businesses worldwide increase their demand for enterprise-grade security, they are faced with an increased challenge of aspects of cybersecurity being highly siloed off, a limited team for cybersecurity, and the rising cost of cybersecurity solutions. To solve this challenge, SharkStriker has come up with a holistic cybersecurity platform - STRIEGO, that not only seamlessly integrates with the status quo cybersecurity setup but also provides extensive visibility of the posture, real-time detection, and response to threats. It is designed to provide a single-stop solution for all the cyber security and compliance needs of businesses worldwide. What makes it powerful is a touch of human intelligence offered by a security team that dedicatedly works round the clock to address everyday and long-term cybersecurity challenges. They identify and implement industry best practices assisting businesses to get maximum returns across all of their cybersecurity investments. At the core of SharkStriker STRIEGO, are some of the powerful features that blend the best of both worlds - cutting-edge technology and human expertise. Let us take a look at all the features offered by SharkStriker STRIEGO: Data Lake - it has a massive data lake so businesses don’t have to worry about data management and storage. Security automation - It helps you automate routine security tasks and detection & response actions with AI and ML and human expertise. Integration - It seamlessly integrates with the existing infrastructure of businesses, assisting them in making the most of their cybersecurity investments. Threat Intelligence - It assists cybersecurity teams to stay two moves ahead of the threat actors with the latest multi-sourced intel on Tactics, Techniques, and Procedures. https://sharkstriker.com/ APT or Advanced Persistent Threat is a type of cyber-attack where an attacker or group of attackers target highly specific targets with an intent to steal sensitive data without being detected for a long time https://sharkstriker.com/guide/advanced-persistent-threats-apt-why-you-should-know-about-them/

What is my podcast playlist about?

What is the difference between ransomware and ransomware-as-a-service? Ransomware-as-a-service is inspired by software as a service where a ransomware operator can benefit from selling ransomware to multiple affiliates in the dark web. Learn more about Ransomware-as-a-service (RaaS) here. "Ransomware-as-a-Service (RaaS) is a type of cybercrime business model where individuals or groups create and distribute ransomware, making it available for others to use in exchange for a percentage of the ransom payments. In this model, the developers of the ransomware, known as the ""affiliates"" or ""operators,"" can use the RaaS platform to easily deploy and manage ransomware attacks without having to develop the malicious software themselves. Here's how the RaaS model typically works: Development: The creators of the ransomware design and develop the malicious software. Distribution: The ransomware is then made available on a RaaS platform. The developers may advertise their services on the dark web, where interested parties can sign up to become affiliates. Affiliates: Affiliates are individuals or groups who subscribe to the RaaS platform. They are provided with access to the ransomware and a dashboard for managing their attacks. Customization: Affiliates can customize certain aspects of the ransomware, such as the ransom amount, the method of payment, and the messages displayed to the victim. Distribution by Affiliates: Affiliates deploy the ransomware through various means, such as phishing emails, malicious websites, or exploiting vulnerabilities. Ransom Collection: If the ransomware is successful and encrypts the victim's files, the affiliates attempt to collect a ransom from the victim. The RaaS platform typically takes a percentage of the ransom as a fee, and the rest goes to the affiliate. Support and Infrastructure: RaaS platforms often provide technical support, infrastructure, and other services to help affiliates carry out successful attacks. The RaaS model has contributed to the proliferation of ransomware attacks, as it lowers the entry barrier for cybercriminals who may lack the technical skills to create ransomware from scratch. It also enables a more widespread and diverse range of attacks, making it a significant challenge for cybersecurity professionals and law enforcement. https://sharkstriker.com/guide/everything-you-should-know-about-ransomware-as-a-service/

The podcasts I picked and why

1. Why Google Never Shipped Its ChatGPT Predecessor — With Gaurav Nemade

Why this podcast?

APT stands for Advanced Persistent Threat. An APT attack is a sophisticated and targeted cyberattack where an unauthorized user gains access to a network and remains undetected for an extended period. The term "persistent" indicates that the attacker maintains a long-term presence within the targeted network to achieve specific objectives. Key characteristics of APT attacks include: 1. Advanced Techniques: APT attackers often employ advanced and sophisticated methods to breach security measures. This may involve the use of zero-day exploits (vulnerabilities that are unknown to the software vendor or the public), custom malware, or other advanced tactics. 2. Persistence: APT attackers aim to remain undetected for a prolonged period to achieve their goals, which could include stealing sensitive information, conducting espionage, or disrupting operations. 3. Targeted: APT attacks are typically targeted at specific individuals, organizations, or industries. The attackers often conduct thorough research to gather intelligence about the target before launching the attack. 4. Customized Malware: APT attacks frequently involve the use of custom-designed malware, tailored to the specific target environment. This makes it harder for traditional security tools to detect and mitigate the threat. 5. Stealthy Operations: APT attackers prioritize remaining stealthy and avoiding detection. They may use techniques such as lateral movement within a network, privilege escalation, and encryption to conceal their activities. 6. Long-Term Goals: APT attacks are not opportunistic or random; they are conducted with specific, long-term objectives. These objectives could include stealing intellectual property, gaining political advantage, or other strategic goals. 7. Multiple Phases: APT attacks often unfold in multiple phases, including initial reconnaissance, gaining access, maintaining persistence, lateral movement, and achieving the ultimate objective. Defending against APT attacks requires a multi-layered approach, including robust cybersecurity measures, continuous monitoring, employee education on security best practices, and timely incident response capabilities. Organizations need to be proactive in their cybersecurity efforts to detect and mitigate APT threats effectively. https://sharkstriker.com/guide/advanced-persistent-threats-apt-why-you-should-know-about-them/

Gaurav Nemade was the founding product manager on LaMDA, Google's ChatGPT predecessor that never shipped. He explains why the product got stuck at Google in this first-ever episode of the new Big Tech War Stories podcast. This new show from Big Technology is available to premium subscribers and is debuting free on the Big Technology Podcast feed today. You can access the Big Technology launch special and get 50% off the monthly price here: https://bit.ly/bigtechnology or just visit bigtechnology.com.

We return to our regularly scheduled Big Technology programming on Wednesday as Waymo Co-CEO Tekedra Mawakana stops by for an interview. Thanks for listening!

play

10/30/23 • 50 min

bookmark
plus icon
share episode

2. The AI Podcast

Why this podcast?

Managed Security and In-house Security are two different approaches to handling cybersecurity within an organization. Here are the key differences between them: 1. Ownership and Responsibility: Managed Security: In this model, a third-party service provider (Managed Security Service Provider or MSSP) is responsible for managing and overseeing the organization's security infrastructure and operations. The MSSP takes on the responsibility for monitoring, detecting, and responding to security incidents. In-house Security: In this model, the organization itself is responsible for all aspects of its security program. This includes hiring and training its own security team, procuring and managing security tools, and developing and implementing security policies and procedures. 2. Expertise and Skills: Managed Security: MSSPs typically have a team of highly skilled security professionals who specialize in various aspects of cybersecurity. They bring a wealth of experience and expertise to the table and often have access to advanced technologies and threat intelligence. In-house Security: The organization must invest in hiring and training its own security team. This may require significant time and resources to find and retain qualified individuals, and to provide ongoing training to keep them updated on the latest threats and technologies. 3. Cost: Managed Security: While MSSPs come with a service fee, they can often provide cost savings compared to maintaining an in-house security team, especially for smaller organizations that may not have the budget for a full-fledged security program. In-house Security: While there may be initial cost savings in terms of not paying for external services, the organization will need to budget for salaries, benefits, training, and security tools. Additionally, there may be hidden costs associated with managing an in-house team, such as infrastructure and operational expenses. 4. Scalability: Managed Security: MSSPs often have the capacity to quickly scale up or down based on the organization's needs. This can be particularly beneficial for businesses experiencing rapid growth or dealing with seasonal fluctuations in demand. In-house Security: Scaling an in-house team can be more challenging and time-consuming. Hiring and training new personnel takes time, and it may not always be feasible to quickly ramp up the security team in response to changing circumstances. 5. Response Time: Managed Security: MSSPs are often staffed around the clock, providing 24/7 monitoring and response capabilities. This can lead to quicker detection and response times in the event of a security incident. In-house Security: The availability of in-house security personnel may be limited to regular business hours, unless the organization invests in additional resources for round-the-clock coverage. 6. Customization: Managed Security: MSSPs offer standardized security services and solutions that may not be as tailored to the specific needs and nuances of an individual organization. In-house Security: An in-house team can design and implement security measures that are highly customized to the organization's unique requirements and risk profile. Ultimately, the choice between Managed Security and In-house Security depends on factors like the size of the organization, its budget, specific security requirements, and the level of control and customization desired. Some organizations may even opt for a hybrid approach, combining elements of both models to create a security program that best meets their needs. https://sharkstriker.com/guide/managed-security-vs-in-house-security-which-of-the-two-is-the-best/

The AI Podcast
play

Play first episode

Star filled black icon

4.5

One person, one interview, one story. Join us as we explore the impact of AI on our world, one amazing person at a time -- from the wildlife biologist tracking endangered rhinos across the savannah here on Earth to astrophysicists analyzing 10 billion-year-old starlight in distant galaxies to the Walmart data scientist grappling with the hundreds of millions of parameters lurking in the retailer’s supply chain. Every two weeks, we’ll bring you another tale, another 25-minute interview, as we build a real-time oral history of AI that’s already garnered nearly 3.4 million listens and been acclaimed as one of the best AI and machine learning podcasts. Listen in and get inspired. https://blogs.nvidia.com/ai-podcast/

profile image
profile image
profile image

4 Listeners

bookmark
share podcast

3. Network-Wide Security Policy, Tufin - Enterprise Security Weekly #139

Why this podcast?

CVE 2023-20198 – CISCO’s maximum severity zero-day vulnerabilities Cisco has issued an alert over its critical zero-day vulnerability detected in their IOS XE software range. The vulnerability is targeted toward systems that have HTTP/HTTP servers turned on. More than 40000 Cisco devices are now affected by this vulnerability, with 10,000 Cisco devices found with an implant for arbitrary code execution. The critical vulnerability CVE-2023-20198 is assigned a severity rating of 10. That is the highest rating given on a CVSS vulnerability severity scale. It is present in the Web UI component of IOS XE software. This vulnerability allows privilege escalation that enables an attacker to gain a full takeover of the system in that he has implanted the malware to. It means that cyber attackers can exploit this vulnerability to hijack a CISCO router and gain control of it. The countries that are impacted the most by this vulnerability include the US, the Philippines, Mexico, Chile, and India. Here are some of the facts about the said critical vulnerability: More than 6509 hosts were affected in the US alone There was a 40% jump in the number of hosts affected within 24 hours of detection Earlier CISCO had issued high-severity vulnerability CVE202344487 https://sharkstriker.com/blog/what-should-you-know-about-ciscos-high-severity-zero-day-vulnerabilities-cve-2023-20198/

Security Weekly Podcast Network (Video) - Network-Wide Security Policy, Tufin - Enterprise Security Weekly #139
play

06/01/19 • 34 min

Ruvi Kitov, CEO and Co-Founder of Tufin, talks about the importance of having a network-wide security policy! The discussion will be on the importance of having a network-wide security policy, the fact that most companies don’t have one, and therefore lack visibility and are not compliant with regulations and even with their own policies, and finally the value that we provide with SecureTrack.

To learn more about Tufin, visit: https://securityweekly.com/tufin

Full Show Notes: https://wiki.securityweekly.com/ES_Episode139

Visit https://securityweekly.com/esw for all the latest episodes!

play

06/01/19 • 34 min

bookmark
plus icon
share episode

4. 108. Last Week In AI — 2021: The (full) year in review

Why this podcast?

"A 24/7/365 Security Operations Center (SOC) is crucial for several reasons: Continuous Threat Monitoring: Cyber threats can occur at any time, day or night. Having a SOC that operates around the clock ensures that potential threats are identified and addressed promptly, reducing the risk of a successful attack. Swift Incident Response: In the event of a security incident, time is of the essence. A 24/7 SOC allows for immediate response to breaches, minimizing damage and preventing further compromise. Global Reach and Coverage: Cyberattacks are not confined to specific time zones or regions. Having a SOC that operates continuously ensures that your organization is protected regardless of its geographical location. Real-Time Threat Intelligence: The cybersecurity landscape is constantly evolving. A SOC that operates 24/7 can monitor emerging threats in real-time, enabling organizations to adapt their defenses accordingly. Compliance Requirements: Many industries and regulatory bodies require organizations to have continuous monitoring and incident response capabilities in place. A 24/7 SOC helps maintain compliance with these standards. Reduced Downtime and Business Impact: Cyberattacks can lead to significant downtime, which can be costly for businesses. A 24/7 SOC aims to minimize this downtime by quickly identifying and mitigating threats. Proactive Threat Hunting: A 24/7 SOC doesn't just respond to incidents; it actively hunts for potential threats, identifying vulnerabilities before they can be exploited. Customer and Stakeholder Trust: Demonstrating a commitment to cybersecurity through a 24/7 SOC can enhance trust and confidence among customers, partners, and stakeholders. Data Protection and Privacy: Organizations handle sensitive data that requires protection. A 24/7 SOC helps safeguard this data, ensuring compliance with privacy regulations and protecting the organization's reputation. Resilience to Persistent Threats: Some advanced threats persist over extended periods, attempting to evade detection. A continuously operating SOC is better equipped to identify and neutralize these persistent threats. In summary, a 24/7/365 SOC is a critical component of an organization's cybersecurity posture, providing continuous protection, rapid response, and proactive threat detection. It helps to safeguard sensitive data, maintain compliance, and ensure business continuity in the face of evolving cyber threats. https://sharkstriker.com/services/soc/

Towards Data Science - 108. Last Week In AI — 2021: The (full) year in review
play

01/05/22 • 50 min

2021 has been a wild ride in many ways, but its wildest features might actually be AI-related. We’ve seen major advances in everything from language modeling to multi-modal learning, open-ended learning and even AI alignment.

So, we thought, what better way to take stock of the big AI-related milestones we’ve reached in 2021 than a cross-over episode with our friends over at the Last Week In AI podcast.

***

Intro music:

Artist: Ron Gelinas

Track Title: Daybreak Chill Blend (original mix)

Link to Track: https://youtu.be/d8Y2sKIgFWc

***

Chapters:

  • 0:00 Intro
  • 2:15 Rise of multi-modal models
  • 7:40 Growth of hardware and compute
  • 13:20 Reinforcement learning
  • 20:45 Open-ended learning
  • 26:15 Power seeking paper
  • 32:30 Safety and assumptions
  • 35:20 Intrinsic vs. extrinsic motivation
  • 42:00 Mapping natural language
  • 46:20 Timnit Gebru’s research institute
  • 49:20 Wrap-up
play

01/05/22 • 50 min

bookmark
plus icon
share episode

5. This Day in AI Podcast

Why this podcast?

"Incident Response (IR) is a structured approach used by organizations to address and manage the aftermath of a cybersecurity incident. A cybersecurity incident refers to any event that poses a threat to the security of an organization's information systems, networks, or data. These incidents can range from malware infections and data breaches to denial-of-service attacks and insider threats. Here are the key components of an Incident Response process: Preparation: This phase involves setting up the necessary policies, procedures, and resources for effective incident handling. It includes tasks such as creating an incident response plan, defining roles and responsibilities, and establishing communication channels. Identification: In this phase, organizations work to detect and identify potential incidents. This involves monitoring systems, network traffic, and logs for unusual or suspicious activities that may indicate a security breach. Containment: Once an incident is identified, the focus shifts to limiting the scope and impact of the incident. This might involve isolating affected systems, blocking malicious network traffic, or taking other steps to prevent further damage. Eradication: After containment, efforts are made to remove the root cause of the incident. This could involve removing malware, patching vulnerabilities, or implementing other measures to ensure the same incident doesn't occur again. Recovery: The goal of this phase is to restore normal operations as quickly and safely as possible. This might involve restoring data from backups, reconfiguring systems, and ensuring that all security measures are in place. Lessons Learned (Post-Incident Analysis): After an incident has been resolved, it's crucial to conduct a thorough analysis of the incident. This involves understanding how the incident occurred, what vulnerabilities were exploited, and what steps can be taken to prevent similar incidents in the future. https://sharkstriker.com/guide/what-is-incident-response-a-comprehensive-guide/

This Day in AI Podcast

This Day in AI Podcast

Michael Sharkey, Chris Sharkey

play

Play first episode

This Day in AI Podcast is a podcast all about AI. It's an hour-long conversation on the influence and rise of AI in technology and society. Hosted by Michael and Chris Sharkey.

profile image

1 Listener

bookmark
share podcast

The best podcasts for...

View all

Podcasters, experts, and listeners pick a theme and share their 5 favorite podcasts



















  • View lists in the same categories