Remote access, DevOps, Cloud Security, Patch Management

PSW #666

September 11, 2020

 

 

Sponsored By

 

sponsor
Visit https://securityweekly.com/vicarius for more information!

 

Every time you deploy a patch nothing has ever gone wrong, right? Most of us have been burned by deploying a patch, causing downtime in your environment, getting in trouble with users and management for causing an outage and having to back out a patch, then re-deploy. The team at Vicarious has a way to apply in-memory virtual patches that mitigate exploitation and do not require binaries to be altered. Tune-in for the full description and demo! This segment is sponsored by Vicarius.

Visit https://securityweekly.com/vicarius to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes!

Full Episode Show Notes

The Patchless Horseman – Roi Cohen & David Asraf

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Larry Pesce

Larry Pesce – Senior Managing Consultant and Director of Research

Paul Asadoorian

Paul Asadoorian – Founder & CTO

Tyler Robinson

Tyler Robinson – Managing Director of Network Operations

Guests

David Asraf

David Asraf – C++ developer

Roi Cohen

Roi Cohen – Co-Founder & VP Sales

Announcements

  • Join the Security Weekly Mailing List for webcast/virtual training announcements and to receive your personal invite to our Discord server by visiting https://securityweekly.com/subscribe and clicking the button to join the list!

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

Sponsored By

sponsor
Visit https://securityweekly.com/qualys for more information!

DevOps has gained momentum over the years as its methods have been used by teams worldwide to accelerate application delivery. But where we continue to struggle is in integrating security into this workflow. In this discussion, Sumedh Thakar, president and chief product officer at Qualys, will talk with the Security Weekly Team about the importance of building security into the CI/CD pipeline to ensure the quality of code and to protect the application and data infrastructure. He’ll talk about Qualys’ own DevOps strategy and the lessons learned as his team built out the DevOps toolchain and how it integrated security best practices within the DevOps lifecycle. This segment is sponsored by Qualys.

Visit https://securityweekly.com/qualys to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes!

Full Episode Show Notes

Building Security Into the DevOps Lifecycle

DevOps solutions: https://www.qualys.com/solutions/devops/

Qualys Security Conference, Feb 2020: https://www.qualys.com/qsc/2020/san-francisco/

“Ancestry: On the Vanguard of DevOps Security” Blog Post: https://blog.qualys.com/news/2019/04/10/reducing-aws-risk-footprint-through-the-use-of-amis-at-ancestry

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Joff Thyer

Joff Thyer – Security Analyst

Larry Pesce

Larry Pesce – Senior Managing Consultant and Director of Research

Paul Asadoorian

Paul Asadoorian – Founder & CTO

Tyler Robinson

Tyler Robinson – Managing Director of Network Operations

Guests

Sumedh Thakar

Sumedh Thakar – President and Chief Product Officer

Announcements

  • Security Weekly is ramping up our webcast/technical training schedule for the rest of 2020! In September you can Find out Why Traditional Data Security Can’t Be Zero Trust, and Learn how to reduce the blast radius of your cloud infrastructure. Visit https://securityweekly.com/webcasts to see what we have coming up! Or visit securityweekly.com/ondemand to view our previously recorded webcasts!

We welcome special guest Lea Snyder, BSides Boston Organizer, to talk all things BSides Boston 2020 for its 10 year anniversary! In the Security News, Cisco Patches Critical Vulnerability in Jabber for Windows, Expert found multiple critical issues in MoFi routers, TeamTNT Gains Full Remote Takeover of Cloud Instances, Bluetooth Bug Opens Devices to Man-in-the-Middle Attacks, Former NSA chief General Keith Alexander is now on Amazon’s board, and the Legality of Security Research is to be Decided in a US Supreme Court Case! Visit https://www.securityweekly.com/psw for all the latest episodes!

Full Episode Show Notes

Chrome Sandbox Exploit, Cisco Jabber CVE, & Lea Snyder w/ BSides Boston

None

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Joff Thyer

Joff Thyer – Security Analyst

Larry Pesce

Larry Pesce – Senior Managing Consultant and Director of Research

Paul Asadoorian

Paul Asadoorian – Founder & CTO

Tyler Robinson

Tyler Robinson – Managing Director of Network Operations

Guests

Lea Snyder

Lea Snyder – BSides Boston Organizer

Announcements

  • BSides Boston is back in action for their 10 year anniversary! The conference will be held on Saturday, September 26th & tickets are only $10! You can get yours at https://bsidesbos.org! Some of the Security Weekly team will be in our own channel on the BSides Boston Discord server answering questions and possibly doing some contests!

prestitial ad