In the leadership and communications section, Burnt out CISOs are a huge cyber risk, to build strategy, start with the future, 78% of Organizations Use More than 50 Cybersecurity Products to Address Security Issues, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/BSWEpisode174

As many organizations look to their "new normal," remote work will likely be a large piece of that strategy. Adler will dive into the impact this has on the SOC and why EDR should be top-of-mind.

To learn more about RSA Security, visit: https://securityweekly.com/RSAsecurity

To check out the RSA NetWitness Platform (SIEM and integrated EDR), visit: https://www.rsa.com/en-us/products/threat-detection-response

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/BSWEpisode174

The 2020 OSSRA report shows that 91% of commercial applications contain outdated or abandoned open source components. The report, produced by the Synopsys Cybersecurity Research Center (CyRC), examines the results of more than 1,250 audits of commercial codebases, performed by the Black Duck Audit Services team. The most concerning trend in this year’s analysis is the mounting security risk posed by unmanaged open source, with 75% of audited codebases containing open source components with known security vulnerabilities, up from 60% the previous year. Similarly, nearly half (49%) of the codebases contained high-risk vulnerabilities, compared to 40% just 12 months prior.

To learn more about Synopsys, visit: https://securityweekly.com/synopsys

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ASWEpisode108

Rate limiting can be used to protect against a number of modern web application and API attacks. We’ll discuss some of those attacks, including Object ID enumeration, in detail, will demo an attack and will show how using rate limiting in our solution can protect against these attacks.

To learn more about Signal Sciences, visit: https://securityweekly.com/signalsciences

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ASWEpisode108

In the Security News, Palo Alto Networks Patches Many Vulnerabilities in PAN-OS, Zerodium will no longer acquire certain types of iOS exploits due to surplus, New Ramsay Malware Can Steal Sensitive Documents from Air-Gapped Networks, vBulletin fixes critical vulnerability so patch immediately!, U.S. Cyber Command Shares More North Korean Malware Variants, and The Top 10 Most-Targeted Security Vulnerabilities!

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode651

We use terms such as Social Distancing, Quarantine, and Contact Tracing on a regular basis amid the current crisis. How do these apply to Information and Network Security?

To learn more about Edgewise Networks or to request a Demo, visit: https://securityweekly.com/edgewise

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode651

In this episode of Paul's Security Weekly, we will dive into the recently published MITRE ATT&CK second-round evaluation based on APT29. While MITRE does not declare a "winner," stressing that the results enable users to make informed decisions on what tools meet their needs, It's notable how many vendors claimed victory shortly after the results were published. We will discuss how organizations can interpret the results relative to their own security strategy using the free and open ATT&CK visualization dashboard developed by Elastic. And, since the ATT&CK framework is built to help defenders find the gaps in their security visibility, we will also cover the importance of looking at data beyond the endpoint to develop a comprehensive, extended detection and response position.

To learn more about Elastic Security, visit: https://securityweekly.com/elastic

To view the Elastic Dashboard of MITRE ATT&CK® Round 2 Evaluation Results, visit: https://ela.st/mitre-eval-rd2

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode651

Many companies hire external consultants to conduct incident response and remediation, which can add up quickly in cost. By providing these security consultants with network data in seconds as opposed to hours or days, we can drastically reduce remediation costs and speed breach containment.

To learn more about VIAVI Solutions, visit: https://securitweekly.com/viavi

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode183

Discuss approach to vulnerability management at Toyota Financials and benefits of a full life-cycle approach to vulnerability management.

To learn more about Qualys VMDR, visit: https://securityweekly.com/qualys

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode183

In the Enterprise Security News, how GitHub Code Scanning aims to prevent vulnerabilities in open source software, SlashNext Integrates with Palo Alto Networks Cortex XSOAR to Deliver Automated Phishing IR and Threat Hunting, Portshift Announces Extended Kubernetes Cluster Protection, Vigilant Ops InSight Platform V1 automatically generates device software bill of materials, and more!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode183

Security vs. Compliance: Where are the overlaps? Where are the differences?

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/SCWEpisode28

Security vs. Compliance: Where are the overlaps? Where are the differences?

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/SCWEpisode28

In the leadership and communications section, Top 5 Tactical Steps for a New CISO, Good Leadership Is About Communicating “Why”, 5, ok maybe only 4, CISO Priorities During the COVID-19 Response, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/BSWEpisode173

The coronavirus has focused the world’s attention on disease spread like never before. This discussion will draw out some of the parallels that can inform how we do our work in cybersecurity, and that are helpful in communicating with the people who pay the bills. All the new vocabulary around “social distancing”, “contact tracing”, and “flattening the curve” is useful for our discussions in cybersecurity.

To learn more about RedSeal, visit: https://securityweekly.com/redseal

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/BSWEpisode173

In the Application Security News, Cloud servers hacked via critical SaltStack vulnerabilities, Samsung Confirms Critical Security Issue For Millions: Every Galaxy After 2014 Affected, Mitigating vulnerabilities in endpoint network stacks, Microsoft Shells Out $100K for IoT Security, and Secure your team’s code with code scanning and secret scanning!

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ASWEpisode107

DevOps and Agile IT practices have been around for a while. However, security teams are just now catching up. We will discuss how security teams can stop being “showstoppers” for the developers and actually work with them, not against them. Focus will be around empowering the developers with open source secrets management, securing endpoints and cloud native apps, and embedding security in the development process as early as possible.

To learn more about CyberArk, visit: https://securityweekly.com/cyberark

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ASWEpisode107

In the Security News, Naikon APT Hid Five-Year Espionage Attack Under Radar, PoC Exploit Released for DoS Vulnerability in OpenSSL, 900,000 WordPress sites attacked via XSS vulnerabilities, Kaiji, a New Linux Malware Targets IoT Devices in the Wild, Another Stuxnet-Style Vulnerability Found in Schneider Electric Software, and remembering the ILOVEYOU virus!

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode650

Lots of IT and security professionals do not want to use the CLI, which has set them back. Fantastic exposes the same power as the CLI in an easy to use GUI that is more consistent and hopefully easier to navigate/use than the native GUI tools.

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode650

Public utilities are under fire from malicious actors now, more than ever. At the same time, authorities for National Guard units are expanding, allowing greater levels of support. However, this only works when relationships already exist.

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode650

Executing on a successful program and proving its efficacy is an impossibility for many security teams. Tune in as we discuss what steps you can take immediately to set more effective goals, track progress and share your success. You'll also have the opportunity to see how Rapid7's Vulnerability Management solution, InsightVM can help you create and contextualize metrics that your non-technical leadership and board—as well as your users—can understand.

To learn more about Rapid7, or to request a Demo, visit: https://securityweekly.com/rapid7

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode182

Broad shifts to remote access plus increased strain on budgets and resources make it a business imperative to accelerate cloud adoption, and do it securely. Network detection and response bridges the gap between security and network teams and enables scalable visibility and security for cloud and multicloud environments.

To learn more about ExtraHop, visit: https://securityweekly.com/extrahop

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode182

Microsoft is to buy Israeli cybersecurity startup CyberX, ExtraHop Data Shows Shifts in IoT Device Usage During COVID-19 Have Broad Security Implications, Immuta and Snowflake help customers share data with automated privacy protection, Code42 Integrates with Palo Alto Networks Cortex XSOAR to Speed and Automate Insider Threat Incident Response, and more!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode182

Security, Compliance, and Breach News!

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/SCWEpisode27

Today we will discuss the PCI DSS and some of its myths, misunderstandings, and misconceptions, including: Why most vendors don't understand how their products fit within PCI, The six overall goals of the PCI DSS, Why PCI is perceived as a check box program, and more!

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/SCWEpisode27

In the leadership and communications section, CISO position burnout causes high churn rate, 7 Rules for Staying Productive Long-Term, Now Is an Unprecedented Opportunity to Hire Great Talent, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/BSWEpisode172