Enterprise Security Weekly (Audio)

Today, we discuss the state of attack surface across the Internet. We've known for decades now that putting an insecure service on the public Internet is a recipe for disaster, often within minutes. How has this knowledge changed the publicly accessible Internet? We find out when we talk to Censys's Aidan Holland today.

We've reached an inflection point in security. There are a handful of organizations regularly and successfully stopping cyber attacks. Most companies haven't gotten there, however. What separates these two groups? Why does it seem like we're still failing as an industry, despite seeming to collectively have all the tools, intel, and budget we've asked for?

Kelly Shortridge has studied this problem in depth. She has created tools (https://www.deciduous.app/), and written books (https://www.securitychaoseng.com/) to help the community approach security challenges in a more logical and structured way. We'll discuss what hasn't worked for infosec in the past, and what Kelly thinks might work as we go into the future.

During the news today, we went deep down the rabbithole of discussing security product efficacy. Adrian still doesn't believe in enterprise browsers beyond Google Chrome, but can't deny that Talon got a pretty favorable exit considering the state of the market. We see the first major exit for cybersecurity insuretechs, and discuss a few notable funding rounds.

We discuss Kelly Shortridge's essay on the origins and nature of the term "security" and what it means. Stephen Schmidt suggests 6 questions every board should ask their CISO, we explore Cyentia Labs' meta analysis of MITRE ATT&CK techniques, and Phil Venables shares some hilarious takes on infosec stereotypes.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/esw-339

Protecting a normal enterprise environment is already difficult. What must it be like protecting a sports team? From the stadium to merch sales to protecting team strategies and even the players - securing an professional sports team and its brand is a cybersecurity challenge on a whole different level.

In this interview, we'll talk to Joe McMann about how Binary Defense helps to protect the Cleveland Browns and other professional sports teams.

This week, Adrian and Tyler discuss some crazy rumors - is it really possible that a cloud security startup valued at over $8 billion in November 2021 just got bought for $200 million???

Some healthy funding for Cyera and Cohesity ($300m and $150m, respectively)

Onum, Alethea, Sprinto, Andesite AI, StrikeReady, YL-Backed Miggo, Nymiz, Salvador Technologies, and Simbian all raise smaller seed, A, or B rounds.

Akamai picks up API security startup, Noname Security, Zscaler picks up Airgap networks, and it's rumored that Armis will acquire Silk Security for $150M.

LimaCharlie seems to be doing some vertical growth, adding its own response and automation capabilities (what they call "bi-directional" capabilities). CISA releases a malware analysis system to the general public. Boostsecurity.io releases "poutine", an open source CI/CD pipeline vulnerability scanner.

Some great essays this week, with Phil Venables' Letter from the Future, Ben Hawkes' Robots Dream of Root Shells, and Aileen Lee's 10 year Unicorn anniversary piece.

We briefly discuss the 3rd party breach that affected Cisco Duo customers, and the financial impact of Change Healthcare's highly disruptive ransomware incident.

Finally, we talk about the latest research on the security of LLMs and the apps using them. It's not looking great.

For more details, check out the show notes here: https://www.scmagazine.com/podcast-episode/3188-enterprise-security-weekly-358

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw-358

The world of AI is exploding, as excitement about generative AI creates a gold rush. We've already seen a huge number of new GenAI-based startups, products, and features flooding the market and we'll see a lot more emerge over the next few years. Generative AI will transform how we do business and how we interact with businesses, so right now is an excellent time to consider how to adopt AI safely.

Pamela Gupta's company literally has "trust" and "AI" in the name (Trusted.ai), so we couldn't think of anyone better to come on and have this conversation with.

Interview Resources:

• https://trusted.ai
• https://nvlpubs.nist.gov/nistpubs/ai/nist.ai.100-1.pdf

There's a lot of talk about AI, especially with the rise of apps like ChatGPT. Despite there being a huge amount of hype, there are legitimately practical applications for leveraging AI concepts in meaningful ways to improve the efficiency and effectiveness of your cybersecurity program. We'll discuss a few examples and show you some ways to bring AI out of the hype and into a proper tool to empower your security and risk program.

This segment is sponsored by Tenable. Visit https://www.securityweekly.com/tenableisw to learn more about them!

Threat actors don’t think in silos and neither should cybersecurity solutions. In this fireside chat with Uptycs’ newly appointed CRO, Mike Campfield, learn why organizations need to adopt a consolidation approach to win in cyber security, why it’s important to “shift up,” and what Mike is most excited about in his new role.

This segment is sponsored by Uptycs. Visit https://www.securityweekly.com/uptycsisw to learn more about them!

Deidre Diamond, founder & CEO of CyberSN, talks about her efforts to address InfoSec burnout and the skills shortage impacting the industry.

As long as there are profits to be made, cybercriminals will continue to monetize enterprise assets—whether they be devices, applications, data, or users. It only takes one weak or unknown asset to compromise an entire organization. Brian will discuss why enterprises need to move away from assumption-based approaches to asset data and decision making to evidence-based asset intelligence to secure their environments quickly, easily, and at scale.

This segment is sponsored by Sevco Security. Visit https://www.securityweekly.com/sevcoisw to learn more about them!

In this ISW interview, CRA's Bill Brenner catches up with Kevin Johnson of Secure Ideas for a chat about application security.

In this segment from ISW, Dakota State COO and General Counsel Stacy Kooistra talks to Bill Brenner about the university's effort create more cyber warriors.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Visit https://www.securityweekly.com/esw for all the latest episodes!

This week, Paul is joined by our very own Keith Hoodlet to review the book The Phoenix Project! In the news, we have updates from Cisco, Distil Networks, BeyondTrust, Cambridge Analytica, and more on this episode of Enterprise Security Weekly!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode85

Visit https://www.securityweekly.com/esw for all the latest episodes!

Doug White joins us to discuss network hardening using egress filtering, and we discuss the latest enterprise news!Full Show Notes: https://wiki.securityweekly.com/ES_Episode52Visit https://www.securityweekly.com for all the latest episodes!