Security Weekly Podcast Network (Video)

Identity Detection and Response (IDR) is a new security category that focuses on protecting credentials, privileges, cloud entitlements, and the systems that manage them across endpoints, Active Directory, and the Cloud through visibility and early detection of attacks targeting identities. Attackers consider enterprise identities as high-value targets and attempt to compromise them early in the attack to access the network and gain privileges to essential production assets. Current identity security focuses on safeguarding privileged credentials in PAM solutions or securing the authentication process with MFA and IAM solutions, but these measures leave gaps that attackers can exploit. While current security solutions like Endpoint Detection and Response (EDR), Extended Detection and Response (XDR), Network Detection and Response (NDR), and others provide specific functions for defending the network, they do not focus on identities. EDR focuses on preventing the initial compromise, while XDR and NDR try to detect attacks as they expand from the beachhead. Attacks targeting enterprise identities can evade detection from these security controls, but IDR solutions can bridge these detection gaps to identify such attacks. Join Joseph Salazar from Attivo Networks as he discusses the importance of IDR to modern enterprise security. Segment Resources: https://attivonetworks.com/documentation/Attivo_Networks-Identity_Detection_Response.pdf https://attivonetworks.com/what-is-identity-detection-and-response-idr/ https://attivonetworks.com/solutions/identity-security/ This segment is sponsored by Attivo Networks. Visit https://securityweekly.com/attivonetworks to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw244

No Man is an Island. Neither can a security program exist without interconnections and strong relationships to the rest of the business. Yet, over and over again I meet Security Leaders that thrive on designing security fiefdoms with large moats, and one bridge that they roll down only when they intend to roll out a new technology, initiative or need budget authority. There is no amount of authority or power that can provided to a CISO that makes he or she immunized against the need for communication, collaboration and diplomacy with peers, users and Senior Executives. Segment Resources: RevolutionCyber - www.revolutioncyber.com Juliet is speaking at InfoSec World 2021, register now and save 20%: https://securityweekly.com/isw2021 Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw244

Crowdsourcing and multi-sourcing focus on risk identification and reduction, and they seem to be effective... but my auditor doesn't understand what it is yet - Will it meet the requirements of security compliance standards? Jeff and Casey will dig into the hits and misses of plugging novel assurance approaches into established markets. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw88

Crowdsourcing and multi-sourcing focus on risk identification and reduction, and they seem to be effective... but my auditor doesn't understand what it is yet - Will it meet the requirements of security compliance standards? Jeff and Casey will dig into the hits and misses of plugging novel assurance approaches into established markets. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw88

This week in the Leadership and Communications section, Who actually owns cyber security: CISO vs. CIO, How to Say "No" After Saying "Yes", Decode different types of business interruption insurance, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw233

We often think "this would be so much better if done properly from the beginning", but the reality is, doing things from scratch comes with different challenges. Managing priorities, deciding what you tackle on from the absolute beginnings of a company in terms of security is a fun challenge. Segment Resources: Full session at the upcoming GoSec Conference: https://www.gosec.net/sessions/ Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw233

This week in the AppSec News: The Great Leak flaw in Exchange's auto discover feature, common flaws in VMware and Nagios, memory issues and SSRF in Apache's HTTP server, Chrome's plans for memory safety, State of DevOps report, OWASP's 20th anniversary, & more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw167

In its 2019 Hype Cycle for Application Security report, Gartner revealed a new, "high-priority" category called Application Security Orchestration and Correlation (ASOC). ASOC delivers three primary benefits to the AppSec process within organizations: efficiency, scalability, and accountability. We will take a closer look at these benefits and discuss it can help your DevSecOps team function better. This segment is sponsored by Synopsys. Visit https://securityweekly.com/synopsys to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw167

This week in the Security News: What to do with your old hardware, renting your phone, "persistently execute system software in the context of Windows", sensational headline: ransomware could cause a food shortage, could someone please schedule the year of the Linux desktop?, public-key crypto explained?, malware attacks Windows through Linux, Microsoft Exchange AutoDiscover bug leaks 100k creds, and toilets that can identify you, er, from the bottom... & more! Show Notes: https://securityweekly.com/psw711 Visit https://www.securityweekly.com/psw for all the latest episodes!

In this segment Paul and Larry attempt to confirm or deny that Nzyme performs intelligent device fingerprinting and behavioral analytics to detect rogue actors. Classic signature-based detection methods are just too easy to circumvent in WiFi environments. Show Notes: https://securityweekly.com/psw711 Visit https://www.securityweekly.com/psw for all the latest episodes!