Alice and Bob Learn Secure Coding - Tanya Janca - ESW #396

Enterprise Security Weekly (Video)

Player FM - Internet Radio Done Right

21 subscribers

הוסף לפני nine שנים

תוכן מסופק על ידי Security Weekly Productions. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Security Weekly Productions או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.

Good Moms Bad Choices

1
5 Ways To Rethink Dating 1:36:55

לפני 17 weeks1:36:55

הפעל מאוחר יותר

רשימות

לייק

אהבתי

1:36:55

What’s up, Tribe, and welcome back to Good Moms Bad Choices! January was amazing, but its time to turn the page on the calendar and embrace beautiful new energy as we enter ‘The Journey of Love February.’ This month is all about the heart - join Erica and Milah to catch up and discuss what’s new in the world of motherhood, marriage, and amor! In this week’s episode, the ladies offer witty and sharp perspectives about personal growth in love, supporting your kids through their friend drama, and how to honor your true needs in a partnership. Mama Bear to the Rescue! The Good Moms discuss protective parenting and helping your kids fight their battles (8:00) Bad Choice of the Week: Help! My kids saw me in my lingerie! (20:00) My Happily Ever After: Erica and Milah discuss the prospect of marriage, dreams of becoming a housewife, and the top 5 ways to be confident in love (32:00) Yoni Mapping: Releasing Trauma and Increasing Pleasure (57:00) Its OK to fuck up, but also, what do you (really) bring to the table: The Good Moms have an honest discussion about finding accountability and growth before love (1:03:00) Watch This episode & more on YouTube! Catch up with us over at Patreon and get all our Full visual episodes, bonus content & early episode releases. Join our private Facebook group! Let us help you! Submit your advice questions, anonymous secrets or vent about motherhood anonymously! Submit your questions Connect With Us: @GoodMoms_BadChoices @TheGoodVibeRetreat @Good.GoodMedia @WatchErica @Milah_Mapp Official GMBC Music: So good feat Renee, Trip and http://www.anthemmusicenterprises.com Join us this summer in paradise at the Good Vibe Rest+Vibe Retreat in Costa Rica July 31- August 5 August 8 - August 13 See omnystudio.com/listener for privacy information.…

לפני שנה 34:24

MP4•בית הפרקים

We get a visit from Tanya Janca to discuss her latest book, Alice and Bob Learn Secure Coding!

Segment Resources:

Tanya's latest book on Amazon
Tanya's previous book, Alice and Bob Learn Application Security on Amazon
Tanya's website, She Hacks Purple

Show Notes: https://securityweekly.com/esw-396

1092 פרקים

#Tech #Tech News #Paul Asadoorian #Security Weekly #News #Video #Security News

Enterprise Security Weekly (Video)

Alice and Bob Learn Secure Coding - Tanya Janca - ESW #396

Enterprise Security Weekly (Video)

21 subscribers

published לפני שנה

שתפו

MP4•בית הפרקים

We get a visit from Tanya Janca to discuss her latest book, Alice and Bob Learn Secure Coding!

Segment Resources:

Tanya's latest book on Amazon
Tanya's previous book, Alice and Bob Learn Application Security on Amazon
Tanya's website, She Hacks Purple

Show Notes: https://securityweekly.com/esw-396

1092 פרקים

#Tech #Tech News #Paul Asadoorian #Security Weekly #News #Video #Security News

כל הפרקים

Enterprise Security Weekly (Video)

1
Building Cyber Resilience: AI Threats, Mid-Market Risks & Ransomware Trends - Eyal Benishti, Chris Peluso, Chad Alessi, Tony Anscombe, Karl Van den Bergh, Nick Carroll - ESW #409 1:38:33

לפני 3 ימים1:38:33

1:38:33

Segment 1 CTG Interview Middle market companies face unique challenges in the ever-evolving cyber environment. Developing a comprehensive cybersecurity approach is a business imperative for middle market companies, and Chad Alessi will discuss the threat landscape, what’s keeping IT decision-makers awkward at night, and the best approach to creating a proactive security measure. Cyber Resilience in Action: A Guide for Mid-Market Firms This segment is sponsored by CTG. Visit https://securityweekly.com/ctgrsac to learn more about them! Nightwing Interview Nightwing divested from Raytheon in April 2024 and is entering another year of redefining national security. Amid emerging threats and shifting industry regulations and compliance frameworks, traditional security measures are no longer cutting it. As Cyber Incident Response Manager at Nightwing, Nick Carroll discusses how organizations can continue to build cyber resiliency and stay one step ahead in today’s threat landscape. This segment is sponsored by Nightwing. Visit https://securityweekly.com/nightwingrsac to learn more about them! Segment 2 Libraesva Interview Generative AI is having a transformative effect across almost every industry, but arguably the area it has had the most significant impact is cybercrime. Discriminative AI can now learn to recognize what constitutes normal communication patterns, so anything out of the ordinary can be flagged. AI is also enabling human security analysts to automate the triage of reported emails, to rapidly identify false positives and keep up with emerging cybercriminal tactics. Finally, specialized Small Language Models (SLMs) using neural networks are able to analyze and comprehend the semantic intent of the message. This segment is sponsored by Libraesva. Visit https://securityweekly.com/libraesvarsac to learn more about them! IRONSCALES Interview Phishing has evolved—fast. What started as basic email scams has transformed into AI-powered cyber deception. Phishing 1.0: Early phishing relied on spam emails, fake banking alerts, and malware links to trick users into clicking Phishing 2.0: Attackers got smarter—instead of mass emails, they started impersonating real people Phishing 3.0: Now, cybercriminals are using AI to generate fake but highly convincing voices, videos, and images IRONSCALES discusses the current gaps in SEG technology and will showcase industry-first innovations for protection against deepfakes. Assessing Organizational Readiness in the Face of Emerging Cyber Threat Using AI to Enhance Defensive Cybersecurity white paper The Hidden Gaps of SEG Protection white paper This segment is sponsored by IRONSCALES. Visit https://securityweekly.com/ironscalesrsac to learn more about them! Segment 3 Illumio Interview In the post-breach world, speed and clarity are essential for effective cybersecurity. Security teams are inundated with vast amounts of data, much of which is not actionable. To combat cyber threats—and level the playing field—defenders need precise intelligence to identify attacks, dynamically quarantine threats, and prevent cyber disasters, highlighting the power of the security graph. Segment Resources: Rethinking Threat Detection in a Decentralized World Illumio Insights Announcement More information about Illumio Insights This segment is sponsored by Illumio. Visit https://securityweekly.com/illumiorsac for information on Illumio Insights or to sign up for a private preview! ESET Interview The ransomware landscape is rapidly changing. ESET global research team has been closely following ransomware gang disruptions, new players and how the RaaS business model continues to evolve. In this segment, Tony Anscombe will take a look into recent research, hacks and attacks, and explore how the industry and businesses are responding to combat financial risk and mitigate threats. Segment Resources: https://www.welivesecurity.com/en/eset-research/shifting-sands-ransomhub-edrkillshifter/ https://www.welivesecurity.com/en/eset-research/eset-threat-report-h2-2024/ This segment is sponsored by ESET. Visit https://securityweekly.com/esetrsac to learn more about them! Show Notes: https://securityweekly.com/esw-409…

Enterprise Security Weekly (Video)

1
Reality check on SOC AI; Enterprise News; runZero and Imprivata RSAC interviews - HD Moore, Joel Burleson-Davis, Erik Bloch - ESW #408 1:49:38

לפני 10 ימים1:49:38

1:49:38

Segment 1: Erik Bloch Interview The math on SOC AI just isn't adding up. It's not easy to do the math, either, as each SOC automation vendor is tackling alert fatigue and SecOps assistants a bit differently. Fortunately for us and our audience, Erik Bloch met with many of these vendors at RSAC and is going to share what he learned with us! Segment 2: Enterprise Weekly News In this week's enterprise security news, 1. Some interesting new companies getting funding 2. Chainguard isn’t unique anymore 3. AI slop coming to open source soon 4. Wiz dominance analysis 5. the IKEA effect in cybersecurity 6. LLM model collapse 7. vulnerabilities 8. DFIR reports 9. and fun with LinkedIn and prompt injection! Segment 3: RSAC Interviews runZero Interview with HD Moore Despite becoming a checkbox feature in major product suites, vulnerability management is fundamentally broken. The few remaining first-wave vulnerability scanners long ago shifted their investments and attention into adjacent markets to maintain growth, bolting on fragmented functionality that's added complexity without effectively securing today's attack surfaces. Meanwhile, security teams are left contending with massive blind spots and disparate tools that collectively fail to detect exposures that are commonly exploited by attackers. Our industry is ready for change. Jeff and HD explore the current state of vulnerability management, what’s required to truly prevent real-world incidents, new perspectives that are challenging the status quo, and innovative approaches that are finally overcoming decades old problems to usher in a new era of vulnerability management. Segment Resources: Read more about runZero's recent launch, including new exposure management capabilities: https://www.runzero.com/blog/new-era-exposure-management/ Watch a two-minute summary and deeper dive videos here: https://www.youtube.com/@runZeroInc Tune into runZero's monthly research webcast, runZero Hour, to hear about the team's latest research findings and additional debate on all things exposure management: https://www.runzero.com/research/runzero-hour/ Try runZero free for 21 days by visiting https://securityweekly.com/runzerorsac . After 21 days, the trial converts into a free Community Edition license that is great for small environments and home networks. Imprivata interview with Joel Burleson-Davis Organizations in mission-critical industries are acutely aware of the growing cyber threats, like the Medusa ransomware gang attacking critical US sectors, but are wary that implementing stricter security protocols will slow productivity and create new barriers for employees. This is a valid concern, but organizations should not accept the trade-off between the inevitability of a breach by avoiding productivity-dampening security measures, or the drop in employee productivity and rise in frustration caused by implementing security measures that might mitigate a threat like Medusa. In this conversation, Joel will discuss how organizations can build a robust security strategy that does not impede productivity. He will highlight how Imprivata’s partnership with SailPoint enables stronger enterprise identity security while enhancing efficiency—helping organizations strike the right balance. This segment is sponsored by Imprivata. Visit https://securityweekly.com/imprivatarsac to learn more about them! Show Notes: https://securityweekly.com/esw-408…

Enterprise Security Weekly (Video)

1
The State of Cybersecurity Readiness for the Next Big Emergency - Bri Frost, David Aviv, Marshall Erwin - ESW #407 2:12:42

לפני 17 ימים2:12:42

2:12:42

Segment 1: Fastly Interview In this week's interview segment, we talk to Marshall Erwin about the state of cybersecurity, particularly when it comes to third party risk management, and whether we're ready for the next big SolarWinds or Crowdstrike incident. These big incidents have inspired executive orders, the Secure by Design initiative, and even a memo from JPMorgan Chase's CISO. We will discuss where Marshall feels like we should be pushing harder, where we've made some progress, and what to do about incentives. How do you convince a software supplier or service provider to prioritize security over features? This segment is sponsored by Fastly. Visit https://securityweekly.com/fastly to learn more about them! Segment 2: Weekly Enterprise News In this week's enterprise security news, Agents replacing analysis is highly misunderstood only one funding round Orca acquires Opus to automate remediation OneDrive is updating to make BYOD worse? Companies are starting to regret replacing workers with AI Is venture capital hanging on by a thread (made of AI)? Potential disruption in the traditional vuln mgmt space! MCP is already looking like a dumpster fire from a security perspective malicious NPM packages and, IS ALCHEMY REAL? Segment 3: RSAC Conference 2025 Interviews Interview 1: Pluralsight Emerging technologies like AI and deepfakes have significantly complicated the threat landscape of today. As AI becomes more integrated into our lives, everyone - not just cybersecurity professionals - needs to develop security literacy skills to keep themselves, their organizations, and their loved ones safe. Luckily, there are countermeasures to spot and identify AI and deepfake-related threats in the wild. In this segment, Pluralsight's Director of Security and IT Ops Curriculum, Bri Frost, discusses how AI has changed the cybersecurity industry, how to spot AI and deepfakes in the wild, and the skills you should know to defend against these emerging threats. Pluralsight's AI Skills Report This segment is sponsored by Pluralsight. Visit https://securityweekly.com/pluralsightrsac to learn the skills you need to defend against the latest cyber threats! Interview 2: Radware Adversaries are rewriting the cybersecurity rules. Shifts in the threat landscape are being fueled by attackers with political and ideological agendas, more sophisticated attack tools, new coalitions of hacktivists, and the democratization of AI. Radware CTO David Aviv will discuss how companies must adapt their cyber defenses and lead in an evolving era of asymmetric warfare and AI-driven attacks. This segment is sponsored by Radware. Visit https://securityweekly.com/radwarersac to learn more about them! Show Notes: https://securityweekly.com/esw-407…

Enterprise Security Weekly (Video)

1
Secrets and their role in infrastructure security - Jawahar Sivasankaran, Chas Clawson, Sergey Gorbaty, Fernando Medrano - ESW #406 2:14:05

לפני 24 ימים2:14:05

2:14:05

Segment 1 - Secrets and their role in infrastructure security From API keys and tokens to environment variables and credentials, secrets are foundational—and often overlooked—attack surfaces in cloud-native and distributed systems. We break down the risks tied to poor secret hygiene, discuss emerging patterns for secure secret management at scale, and shares insights on integrating secrets management into systems design. This segment is sponsored by Fastly. Visit https://securityweekly.com/fastly to learn more about them! Segment 2 - Weekly Enterprise News In this week's enterprise security news, we have: Funding, mostly focused on identity security and ‘secure-by-design’ Palo Alto acquires one of the more mature AI security startups, Protect AI LimaCharlie is first with a cybersecurity-focused MCP offering Meta releases a ton of open source AI security tooling, including LlamaFirewall Exploring the state of AI in the SOC The first research on whether AI is replacing jobs is out Some CEOs are requiring employees to be more productive with AI Are prompts the new IOCs? Are puppies the new booth babes? We get closure on two previous stories we covered: one about an ex-Disney employee, and one about a tiny dog Segment 3 - Executive Interviews from RSAC CYWARE The legacy SecOps market is getting disrupted. The traditional way of ingesting large troves of data, analysis and actioning is not efficient today. Customers and the market are moving towards a more threat centric approach to effectively solve their security operations challenges. CERT Water Management Case Study Cybersecurity Alert Fatigue! How Threat Intelligence Can Turn Data Overload Into Actionable Insights Blog Frost & Sullivan's 2024 Threat Intelligence Platform Radar Report 2025 TIP Buyer’s Guide This segment is sponsored by Cyware. Visit https://securityweekly.com/cywarersac to request a demo! SUMOLOGIC Intelligent SecOps is more than a buzzword—it's a blueprint for modernizing security operations through real-time analytics, contextual threat intelligence, and AI-powered automation. In this segment, Sumo Logic’s Field CTO Chas Clawson explains how SOC teams can accelerate detection and response, cut through alert noise, and improve security outcomes by fusing AI-driven automation with human context and expertise. He also shares the latest security capabilities Sumo Logic announced at the RSA Conference to help organizations build and operate Intelligent SecOps. Press Release: Sumo Logic Unifies Security to Deliver Intelligent Security Operations Blog: RSAC 2025 Intelligent Security Operations Brief: Sumo Logic Threat Intelligence Chas Blog: Cloudy with a chance of breach: advanced threat hunting strategies for a hyperconnected and SaaSy world LinkedIn Live: Implications of AI in a modern defense strategy This segment is sponsored by Sumo Logic. Visit https://securityweekly.com/sumologicrsac to learn more about them! Show Notes: https://securityweekly.com/esw-406…

Enterprise Security Weekly (Video)

1
2025 Security Trends: Identity, Endpoint, Cloud & the Rise of Browser Threats - Hed Kovetz, Vivek Ramachandran, Rob Allen, Jason Mical, Alex Pinto, Lori Robinson - ESW #405 1:42:44

לפני 4 weeks1:42:44

1:42:44

Now in its 18th year, the Verizon Business DBIR is one of the industry’s longest standing and leading reports on the current cybersecurity landscape. This year’s report analyzes more than 22,000 security incidents with victims spanning 139 countries, examining significant growth in third-party involvement in breaches, increases in ransomware and examines the average amounts paid and amount of time to patch vulnerabilities, among many other findings. Segment Resources: - https://www.verizon.com/about/news/2025-data-breach-investigations-report - https://www.verizon.com/business/resources/reports/dbir This segment is sponsored by Verizon Business! To read the full Verizon Business 2025 Data Breach Investigations Report, please visit https://securityweekly.com/verizonrsac . Over the past two decades, the browser has evolved from a simple web rendering engine to the primary gateway through which users interact with the internet, be it for work, leisure or transactions. In other words, browsers are becoming the new endpoint. Yet, despite the exponential growth of browser-native attacks, traditional security solutions continue to focus on endpoint and network, leaving a large gaping hole when it comes to browser security. SquareX has started the Year of Browser Bugs (YOBB), a yearlong initiative to draw attention to the lack of security research and rigor in what remains one of the most understudied attack vectors - the browser. Learn more about SquareX's Browser Detection and Response solution at https://securityweekly.com/squarexrsac Last Mile Reassembly Attacks: https://www.sqrx.com/lastmilereassemblyattacks Polymorphic Extensions technical blog: https://labs.sqrx.com/polymorphic-extensions-dd2310006e04 There is a growing overlap between endpoint and cloud environments, creating new security challenges. ThreatLocker has recently released innovative solutions designed to protect organizations operating in this space. These include Cloud Control, Cloud Detect, Patch Management, and other advanced security tools tailored to bridge the gap between endpoint and cloud protection. This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlockerrsac to learn more about them! Jason Mical, Field CTO, discusses Devo and Detecteam's integrated solution, which proactively improves security posture by identifying and closing detection gaps. The integration combines Devo's comprehensive threat detection, investigation, and response capabilities with Detecteam's autonomic detection lifecycle platform to continuously validate and improve detection capabilities based on real-world attack scenarios. Solution demo: https://www.devo.com/interactive-demos/devo-detecteam-engineering-confidence-in-threat-detection/ This segment is sponsored by Devo . Visit https://securityweekly.com/devorsac to learn more about them! While the value of identity security remains largely untapped, SailPoint’s latest Horizons of Identity Security report reveals that organizations with mature identity programs can bend their identity security-to-value curve and recognize disproportionately higher returns. These programs unlock new value pools and can help address emerging challenges, such as securing machine and AI agent identities. The 2024-25 Horizons of Identity Security report: https://www.sailpoint.com/identity-library/horizons-identity-security-3 Take the identity security maturity assessment: https://www.sailpoint.com/identity-security-adoption Learn more about SailPoint’s Customer Experience Portfolio: https://www.sailpoint.com/customer-success/customer-experience-portfolio This segment is sponsored by SailPoint. Visit https://securityweekly.com/sailpointrsac to learn more about them! Identity has long been the soft underbelly of cybersecurity—but with AI, non-human identities (NHIs), and autonomous agents on the rise, it’s now front and center for security teams, the C-suite, and boardrooms alike. Adversaries aren’t just hacking systems anymore—they’re hijacking identities to slip through the cracks and move undetected in systems. For too long, identity security was treated as interchangeable with IAM—but that mindset is exactly what left critical gaps exposed. Listen to our interview with Hed Kovetz as he unpacks why identity has become today’s most urgent battleground in cyber. He'll what you can do about it with an identity security playbook that gives you the upper hand. https://resources.silverfort.com/identity-security-playbook/home https://www.silverfort.com/blog/shining-the-spotlight-on-the-rising-risks-of-non-human-identities/ This segment is sponsored by Silverfort. Visit https://securityweekly.com/silverfortrsac to learn more about Silverfort's IDEAL approach to identity security! Show Notes: https://securityweekly.com/esw-405…

Enterprise Security Weekly (Video)

1
The reason for Zoom's outage is crazy, huge funding amounts before RSA - ESW #404 40:37

לפני 5 weeks40:37

40:37

In this week's enterprise security news, Lots of funding announcements as we approach RSA New products The M-Trends also rudely dropped their report the same day as Verizon Supply chain threats Windows Recall is making another attempt MCP server challenges Non-human identities A startup post mortem Remember that Zoom outage a week or two ago? The cause is VERY interesting All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-404…

Enterprise Security Weekly (Video)

1
The Future of Access Management - Jeff Shiner - ESW #404 39:05

לפני 5 weeks39:05

39:05

As organizations embrace hybrid work, SaaS sprawl, and employee-owned devices, traditional Identity and Access Management (IAM) tools are failing to keep up. The rise of shadow IT, unmanaged applications, and evolving cyber threats have created an "Access-Trust Gap", a critical security challenge where IT lacks visibility and control over how employees access sensitive business data. In this episode of Security Weekly, Jeff Shiner, CEO of 1Password, joins us to discuss the future of access management and how organizations must move beyond traditional IAM and MDM solutions. He’ll explore the need for Extended Access Management, a modern approach that ensures every identity is authentic, every device is healthy, and every application sign-in is secure, including the unmanaged ones. Tune in to learn how security teams can bridge the Access-Trust Gap while empowering employees with frictionless security. Show Notes: https://securityweekly.com/esw-404…

Enterprise Security Weekly (Video)

1
Reviewing the Verizon 2025 Data Breach Investigations Report - ESW #404 40:42

לפני 5 weeks40:42

40:42

In this topic segment, we discuss the most interesting insights from the 2025 edition of Verizon's DBIR. You can grab your own copy of the report at https://verizon.com/dbir Show Notes: https://securityweekly.com/esw-404

Enterprise Security Weekly (Video)

1
Tailscale rakes it in, CVE dead to us, cool Chrome extensions, dog saves toddler - ESW #403 57:56

לפני 6 weeks57:56

57:56

In the enterprise security news, lots of funding, but no acquisitions? New companies new tools including a SecOps chrome plugin and a chrome plugin that tells you the price of enterprise software prompt engineering tips from google being an Innovation Sandbox finalist will cost you Security brutalism CVE dumpster fires and a heartwarming story about a dog, because we need to end on something happy! All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-403…

Enterprise Security Weekly (Video)

1
The past, present, and future of enterprise AI - Pravi Devineni - ESW #403 39:13

לפני 6 weeks39:13

39:13

In this interview, we're excited to speak with Pravi Devineni, who was into AI before it was insane . Pravi has a PhD in AI and remembers the days when machine learning (ML) and AI were synonymous. This is where we'll start our conversation: trying to get some perspective around how generative AI has changed the overall landscape of AI in the enterprise. Then, we move on to the topic of AI safety and whether that should be the CISO's job, or someone else's. Finally, we'll discuss the future of AI and try to end on a positive or hopeful note! Show Notes: https://securityweekly.com/esw-403…

Enterprise Security Weekly (Video)

1
Patch It Like You Stole It: Vulnerability Management Lifestyle Choices - Matthew Toussain - ESW #403 34:44

לפני 6 weeks34:44

34:44

What a time to have this conversation! Mere days from the certain destruction of CVE, averted only in the 11th hour, we have a chat about vulnerability management lifecycles. CVEs are definitely part of them. Vulnerability management is very much a hot mess at the moment for many reasons. Even with perfectly stable support from the institutions that catalog and label vulnerabilities from vendors, we'd still have some serious issues to address, like: disconnects between vulnerability analysts and asset owners gaps and issues in vulnerability discovery and asset management different options for workflows between security and IT: which is best? patching it like you stole it Oh, did we mention Matt built an open source vuln scanner? https://sirius.publickey.io/ Show Notes: https://securityweekly.com/esw-403…

Enterprise Security Weekly (Video)

1
The rise of MSSPs, CVE drama, Detection Engineering How-To & Doggie Survival Skills - ESW #402 51:20

לפני 7 weeks51:20

51:20

In the enterprise security news, new startup funding what happened to the cybersecurity skills shortage? tools for playing with local GenAI models CVE assignment drama a SIEM-agnostic approach to detection engineering pitch for charity a lost dog that doesn’t want to be found All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-402…

Enterprise Security Weekly (Video)

1
What is old is new again: default deny on the endpoint - Danny Jenkins - ESW #402 36:20

לפני 7 weeks36:20

36:20

Default deny is an old, and very recognizable term in security. Most folks that have been in the industry for a long time will associate the concept with firewall rules. The old network firewalls, positioned between the public Internet and private data centers, however, were relatively uncomplicated and static. Most businesses had a few hundred firewall rules at most. The idea of implementing default deny principles elsewhere were attempted, but without much success. Internal networks (NAC), and endpoints (application control 1.0) were too dynamic for the default deny approach to be feasible. Vendors built solutions, and enterprises tried to implement them, but most gave up. Default deny is still an ideal approach to protecting assets and data against attacks - what it needed was a better approach. An approach that could be implemented at scale, with less overhead. This is what we’ll be talking to Threatlocker’s CEO and co-founder, Danny Jenkins, about on this episode. They seemed to have cracked the code here and are eager to share how they did it. This segment is sponsored by ThreatLocker. Visit https://www.securityweekly.com/threatlocker to learn more about them! Show Notes: https://securityweekly.com/esw-402…

Enterprise Security Weekly (Video)

1
I SIEM, you SIEM, we all SIEM for a Data Security Strategy - Colby DeRodeff - ESW #402 35:43

לפני 7 weeks35:43

35:43

We wanted security data? We got it! Now, what the heck do we DO with all of it? The core challenge of security operations, incident response, and even compliance is still a data management and analysis problem. Which is why we’re seeing companies like Abstract Security pop up to address some of these challenges. Abstract just released a comprehensive eBook on security data strategy, linked below, and you don’t even need to give up an email address to read it! In this interview, we’ll talk through some of the highlights: Challenges Myths Pillars of a data security strategy Understanding the tools available Segment Resources A Leader’s Guide to Security Data Strategy eBook Show Notes: https://securityweekly.com/esw-402…

Enterprise Security Weekly (Video)

1
Best of Cyber April Fools, Tons of Free Tools, runZero positioned to disrupt? - ESW #401 49:54

לפני 8 weeks49:54

49:54

This week, in the enterprise security news, we check the vibes we check the funding we check runZero’s latest release notes tons of free tools! the latest TTPs supply chain threats certs won’t save you GRC needs disruption the latest Rippling/Deel drama All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-401…

ברוכים הבאים אל Player FM!

Player FM סורק את האינטרנט עבור פודקאסטים באיכות גבוהה בשבילכם כדי שתהנו מהם כרגע. זה יישום הפודקאסט הטוב ביותר והוא עובד על אנדרואיד, iPhone ואינטרנט. הירשמו לסנכרון מנויים במכשירים שונים.