ESW #208 | SC Media
Container security, DevOps, SOC

ESW #208

November 25, 2020

This week, Why Companies Should Outsource Cybersecurity During COVID and Beyond, Sectigo Adds Five PKI DevOps Integrations, a Drupal vulnerability press statement from ExtraHop, Palo Alto Networks launches Industry’s first 5G-Native Security offering, And Passwords exposed for almost 50,000 vulnerable Fortinet VPNs! Visit https://www.securityweekly.com/esw for all the latest episodes!

Full Episode Show Notes

Drupal Vulnerability, Sectigo DevOps Integrations, & Vulnerable Fortinet VPNs

None

Hosts

Adrian Sanabria

Adrian Sanabria – Senior Research Engineer

Paul Asadoorian

Paul Asadoorian – Founder & CTO

Announcements

  • Do you always end up missing our live streams? Need somewhere to flag Security Weekly podcasts that you want to listen to? Subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, and join our Discord Server to stay in the loop on all things Security Weekly! Visit: https://securityweekly.com/subscribe

It’s widely-accepted that multifactor is a best practice for authentication, but there are a variety of implementations (e.g., smart cards, push notifications, OTPs). We’ll talk through the benefits and drawbacks of each and explore why Microsoft ‘s director of identity security just published a blog post about abandoning text messages for Office365/Azure authentication. Visit https://www.securityweekly.com/esw for all the latest episodes!

Full Episode Show Notes

Which Multifactor Authentication is the Right One?

https://techcommunity.microsoft.com/t5/azure-active-directory-identity/it-s-time-to-hang-up-on-phone-transports-for-authentication/ba-p/1751752

Hosts

Adrian Sanabria

Adrian Sanabria – Senior Research Engineer

Paul Asadoorian

Paul Asadoorian – Founder & CTO

Guests

Matt Barnett

Matt Barnett – Chief Strategist

Announcements

  • In our upcoming webcasts & technical trainings, you will learn how to build a risk-based vulnerability management program, how to prevent phishing scams, and how to move beyond vulnerability scan to vulnerability fix! Visit https://securityweekly.com/webcasts to see what we have coming up, or visit securityweekly.com/ondemand to view our previously recorded webcasts!

Sponsored By

sponsor
Visit https://securityweekly.com/vicarius for more information!

Vulnerability prioritization has traditionally relied on CVSS scores and other subjective measurements (e.g. asset tagging) that don’t factor in internal context. A new approach integrates asset context and application activity to derive rich, internal data.

This segment is sponsored by Vicarius.

Visit https://securityweekly.com/vicarius to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes!

Full Episode Show Notes

Beyond Subjectivity: Sharpening CVSS with Asset Context

Blog post: https://www.vicarius.io/blog/beyond-subjectivity-sharpening-cvss-with-asset-context

Hosts

Adrian Sanabria

Adrian Sanabria – Senior Research Engineer

Paul Asadoorian

Paul Asadoorian – Founder & CTO

Guests

Clayton Fields

Clayton Fields – Advisor

Michael Assraf

Michael Assraf – CEO & Co-Founder

Announcements

  • Security Weekly, in partnership with CyberRisk Alliance, is excited to present Security Weekly Unlocked on December 10, 2020. This 1 day virtual event wraps up with the 15th anniversary edition of Paul’s Security Weekly live on Youtube! Visit https://securityweekly.com/unlocked to view the agenda and register for free!

prestitial ad