IOT, Threat hunting, Threat modeling

ESW #159

October 31, 2019

 

 

Paul and Matt talk about Deployment, Practice, and Reporting concerning Vulnerability Management.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

Vulnerability Management Evaluation Guide

Deployment

  • Cloud vs. On-Prem
  • Authenticated scanning – agents or other?
  • Local scanners?
  • Integrations – Ticketing systems and reporting

Practice

  • Usability
  • Ability to define roles – Should be a tool all of IT can use
  • Coverage of vulnerabilities
  • Does it fit into DevOps and other practices and procedures?
  • Will it automatically, through integrations or natively, just apply the patches?
  • Other functionality:
    • Web scanning
    • Configuration auditing
    • Asset management
    • FIM
  • How does it fit into operations?
    • Ticketing
    • Remediation priority and tracking

Reporting

  • How customizable is the reporting and processes to support remediation?
  • Priorities
  • Compensating controls
  • Executive reports and trending

Hosts

Matt Alderman

Matt Alderman – CEO

Paul Asadoorian

Paul Asadoorian – Founder & CTO

Guests

Announcements

  • We have exciting news about the Security Weekly webcast program: We are now partnered with (ISC)2 as an official CPE provider! If you attend any of our webcasts, you will be receiving 1 CPE credit per webcast! Register for one of our upcoming webcast with Zane Lackey of Signal Sciences, Ian McShane from Endgame, or Stephen Smith and Jeff Braucher of LogRhythm (or all 3!) by going to securityweekly.com/webcasts If you have missed any of our previously recorded webcasts, you can find our on-demand library at securityweekly.com/ondemand

 

 

In the Enterprise News, discussing how IaaS cloud vulnerabilities are expected to increase 50% over 2018 figures, examining security process maturity in 400 organizations, Snow Software Unveils Risk Monitor to Combat Security and Compliance Threats, and some funding and acquisition updates from Aviatrix and enSilo!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

Enterprise News

  1. IaaS cloud vulnerabilities expected to increase 50% over 2018 figures – Help Net Security
  2. Respond Software adds web filtering investigation and discovery capabilities to its Respond Analyst solution – Help Net Security
  3. Examining security process maturity in 400 organizations – Help Net Security
  4. BlackBerry Announces Availability of CylancePROTECT for Mobile
  5. Snow Software Unveils Risk Monitor to Combat Security and Compliance Threats
  6. Cloud Networking and Security Firm Aviatrix Raises $40 Million | SecurityWeek.Com
  7. Fortinet acquires enSilo to strengthen its endpoint and network security solutions – Help Net Security

Hosts

Matt Alderman

Matt Alderman – CEO

Paul Asadoorian

Paul Asadoorian – Founder & CTO

Guests

Announcements

  • We have exciting news about the Security Weekly webcast program: We are now partnered with (ISC)2 as an official CPE provider! If you attend any of our webcasts, you will be receiving 1 CPE credit per webcast! Register for one of our upcoming webcast with Zane Lackey of Signal Sciences, Ian McShane from Endgame, or Stephen Smith and Jeff Braucher of LogRhythm (or all 3!) by going to securityweekly.com/webcasts If you have missed any of our previously recorded webcasts, you can find our on-demand library at securityweekly.com/ondemand

Carter Manucy is the Cybersecurity Manager at Municipal Power Agency. Fireside chat around the differences in IT and OT cybersecurity, challenges finding the right folks, challenges facing securing OT specific equipment, workforce development.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

Hosts

Matt Alderman

Matt Alderman – CEO

Paul Asadoorian

Paul Asadoorian – Founder & CTO

Guests

Announcements

  • We have exciting news about the Security Weekly webcast program: We are now partnered with (ISC)2 as an official CPE provider! If you attend any of our webcasts, you will be receiving 1 CPE credit per webcast! Register for one of our upcoming webcast with Zane Lackey of Signal Sciences, Ian McShane from Endgame, or Stephen Smith and Jeff Braucher of LogRhythm (or all 3!) by going to securityweekly.com/webcasts If you have missed any of our previously recorded webcasts, you can find our on-demand library at securityweekly.com/ondemand
prestitial ad