Security Weekly Podcast Network (Video)

How do you protect your assets commensurate with their value if you lack situational awareness of everything communicating on your network thanks to IoT, rogue cloud instances, and shadow IT? If we can agree that EDR doesn't give the full picture, what can the security industry do to combat this challenge both from a technological and a process/culture perspective? Jeff will discuss how asset and risk management is changing and open up a conversation around how the CIA Triad has and is evolving. For more information, visit: https://securityweekly.com.extrahop Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode167

Static application security testing (SAST) is critical for uncovering and eliminating issues in proprietary code. However, over 60% of the code in an average application today is composed of open source components. SAST isn't designed to find open source vulnerabilities (CVEs) or identify open source licenses. And manually maintaining a repository of approved open source components for developers is inefficient and time-consuming. That's where software composition analysis (SCA) comes in. Introducing a new functionality within the Code Sight IDE plugin that combines SAST and SCA in one place to enable secure development. For more information, visit: https://securityweekly.com/synopsys Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode101

Singularity is a container runtime that was built from the ground up to live in multi-user environments where POSIX permissions must be respected. In addition to a novel runtime approach, the Singularity Image Format (SIF) differs significantly from other container image formats, with built-in support for full image encryption as well as digital signatures. For more information, visit: http://sylabs.io/ Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode101

SANS Penetration Testing | Microsoft SMBv3.11 Vulnerability and Patch CVE-20200796 Explained, Drobo 5N2 4.1.1 - Remote Command Injection, $100K Paid Out for Google Cloud Shell Root Compromise, WordPress, Apache Struts Attract the Most Bug Exploits, Run Docker nginx as Non-Root-User. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode644

Acunetix: Automation as a Solution for Web Application Security - Mark Ralls - RSAC 2020 Mark Ralls, President and Chief Operating Officer at Acunetix, discusses web security challenges in small and medium enterprises and how automation can help fill the skills gap. To schedule a demo with Acunetix, visit: https://securityweekly.com/acunetix Netsparker: How to Scale Web Application Security - Kevin Gallagher - RSAC 2020 Kevin Gallagher, Chief Revenue Officer at Netsparker, discusses how to scale web application security including asset discovery, application scanning, prioritization of results, and more! To get a demo of NetSparker, please visit: https://securityweekly.com/netsparker Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode176

Struggling with how to get your logs from the cloud? Have no fear, Corey and the Security Weekly crew talk about how to configure your logs in the cloud, use cloud-native services to handle the shuffling of logs in and out of the cloud, and control your costs! We conclude by talking a bit about Windows Event logs and overcoming some gotchas. Visit https://www.securityweekly.com/psw for all the latest episodes! To learn more about Gravwell, visit: https://securityweekly.com/gravwell Show Notes: https://wiki.securityweekly.com/PSWEpisode644

SaltStack: Managing Configuration & Patches with SaltStack - Mehul Revankar - RSAC 2020 Offering open-source and commercial solutions for configuration, patch, and vulnerability management, SaltStack is a must-have! Mehul Ravankar provides us with details about the various products and new features including the ability to import vulnerability scan data and remediate! To request a demo with SaltStack, visit: https://securityweekly.com/saltstack Synopsys: Enabling Developers Without Negatively Impacting Their Velocity - Utsav Sanghani - RSAC 2020 Utsav Sanghani, Senior Product Manager from Synopsys, discusses the latest efforts to enable developers in ensuring that software security is accounted for in their work without negatively impacting their velocity. To get a demo of Synopsys, please visit: https://securityweekly.com/synopsys Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode176

The challenges and differentiated values of desktop and laptop protection and administrative tool control (e.g., Powershell, SSH) for remote users and administrators to work securely. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode644

Fortinet Introduces Self-Learning AI Appliance for Sub-Second Threat Detection Enterprise IT World, GreatHorn Offers Free Email Protection for 60 Days, ZeroNorth raises $10M to further expand engineering, customer support and sales, WordPress to get automatic updates for plugins and themes, and more!! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode176

Compliance requirements and SecOps frameworks like NIST - checking boxes rather than a 'holistic' view? The vendor eco-system feeding on checking boxes (of which we are one, we HAVE to be.) RSA's theme this year: 'the human factor'. Are CFOs driving technical decisions that put SecOps teams underwater? Investing in Protect vs. Detect vs. Responding tools/resources Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode21