PSW #667 | SC Media
DevOps, IOT, Firewall

PSW #667

September 18, 2020

Sponsored By

sponsor
Visit https://securityweekly.com/synopsys for more information!

BSIMM11, the latest version of the Building Security In Maturity Model (BSIMM), was created to help organizations plan, execute, measure, and improve their Application Security program/initiatives. BSIMM11 reflects the software security practices observed across 130 firms from industries such as finserv, independent software vendors, cloud and healthcare.

This segment is sponsored by Synopsys.

Visit https://securityweekly.com/synopsys to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes!

Full Episode Show Notes

Key Findings From The Newly Released BSIMM11 Report

https://www.bsimm.com/download.html?cmp=pr-sig&utm_medium=referral

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Joff Thyer

Joff Thyer – Security Analyst

Larry Pesce

Larry Pesce – Senior Managing Consultant and Director of Research

Lee Neely

Lee Neely – Senior Cyber Analyst

Paul Asadoorian

Paul Asadoorian – Founder & CTO

Tyler Robinson

Tyler Robinson – Managing Director of Network Operations

Guests

Mike Ware

Mike Ware – Senior Director of Technology

Announcements

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

Sponsored By

sponsor
Visit https://securityweekly.com/elastic for more information!

Following the release of our detection engine, Elastic opened up a new GitHub repo of our public detection rules. See: https://github.com/elastic/detection-rules. This is where our security intelligence and analytics team develops rules, creates issues, manages PR’s – and by making the repo public we’re inviting external contributors into the workflow. This gives contributors visibility into our development process and a clear path for rules to be released with the detection engine. If time allows, James can also talk about the preview we recently released of Event Query Language (EQL) in Elasticsearch. This is the correlation query language that Elastic adopted through the acquisition of Endgame last year to support threat hunting and threat detection use cases. It’s a feature that users have been asking for for years and an exciting step toward natively integrating EQL into the Stack.

This segment is sponsored by Elastic.

Visit https://securityweekly.com/elastic to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes!

Full Episode Show Notes

Elastic Security Opens Public Detections Rules Repo

None

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Joff Thyer

Joff Thyer – Security Analyst

Larry Pesce

Larry Pesce – Senior Managing Consultant and Director of Research

Lee Neely

Lee Neely – Senior Cyber Analyst

Paul Asadoorian

Paul Asadoorian – Founder & CTO

Tyler Robinson

Tyler Robinson – Managing Director of Network Operations

Guests

James Spiteri

James Spiteri – Solutions Architect, Cyber Security Specialist Global Solutions Lead

Announcements

  • BSides Boston is back in action for their 10 year anniversary! The conference will be held on Saturday, September 26th & tickets are only $10! You can get yours at https://bsidesbos.org! Some of the Security Weekly team will be in our own channel on the BSides Boston Discord server answering questions and possibly doing some contests!

Three Cybersecurity Lessons from a 1970s KGB Key Logger, MFA Bypass Bugs Opened Microsoft 365 to Attack, How Hackers Can Pick Your LocksJust By Listening, U.S. House Passes IoT Cybersecurity Bill, Most compliance requirements are completely absurd, Windows TCPIP Finger Command – C2 Channel and Bypassing Security Software, and more! Visit https://www.securityweekly.com/psw for all the latest episodes!

Full Episode Show Notes

Zerologon Attack, CrimeOps, & BLESA Bluetooth Flaw

None

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Joff Thyer

Joff Thyer – Security Analyst

Larry Pesce

Larry Pesce – Senior Managing Consultant and Director of Research

Lee Neely

Lee Neely – Senior Cyber Analyst

Paul Asadoorian

Paul Asadoorian – Founder & CTO

Tyler Robinson

Tyler Robinson – Managing Director of Network Operations

Announcements

  • Join the Security Weekly Mailing List for webcast/virtual training announcements and to receive your personal invite to our Discord server by visiting https://securityweekly.com/subscribe and clicking the button to join the list!

  • Security Weekly is ramping up our webcast/technical training schedule for the rest of 2020! In our next webcast you will learn how to reduce the blast radius of your cloud infrastructure! Visit https://securityweekly.com/webcasts to see what we have coming up! Or visit securityweekly.com/ondemand to view our previously recorded webcasts!

prestitial ad