Hacking Naked & Not Afraid – PSW #663
This week, we welcome back Harry Sverdlove, Founder and CTO of Edgewise, and Dan Perkins, Principal Product Manager at ZScaler, to talk about Protecting Critical Infrastructure and Workloads In Hybrid Clouds! In our second segment, it's the Security News! We'll be talking about how New Microsoft Defender ATP Capability Blocks Malicious Behaviors, Voice Phishers Targeting Corporate VPNs, IBM finds vulnerability in IoT chips present in billions of devices, Marriott faces London lawsuit over vast data breach, US firm accused of secretly installing location tracking SDK in mobile apps, and Disrupting a power grid with cheap equipment hidden in a coffee cup! In our final segment, we air two pre recorded interviews from Security Weekly's Virtual Hacker Summer Camp, with Corey Thuen, Co-Founder of Gravwell, and Deral Heiland, Principal Security Researcher for IoT at Rapid7!
Visit https://securityweekly.com/edgewise to learn more about them! To learn more, visit: https://www.gravwell.io/summercamp2020 Visit https://securityweekly.com/rapid7 to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Full Audio
Segments
1. Protecting Critical Infrastructure In Hybrid Clouds – Dan Perkins, Harry Sverdlove – PSW #663
Customers are concerned about protecting critical services such as Active Directory from compromise. It's game over if AD is compromised. AD environments can be heterogeneous; public cloud, on-prem data centers, clients, servers. It is operationally complex to protect this environment while ensuring smooth business operations How do you deal with changes in the environment? New apps? App updates? New systems? Harry will demo key points of Edgewise's answer to use software identity for microsegmentation and cloud workload protection.
This segment is sponsored by Edgewise Networks. Visit https://securityweekly.com/edgewise to learn more about them!
Announcements
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
Guests

Harry Sverdlove, Chief Technologist for Secure Workload Communication, Zscaler, Inc. (formerly Co-Founder and Chief Technology Officer of Edgewise Networks), was previously CTO of Carbon Black, where he was the key driving force behind their endpoint security platform. Earlier in his career, Harry was principal research scientist for McAfee, Inc. (formerly Chief Scientist of SiteAdvisor), where he supervised the architecture of crawlers, spam detectors and link analyzers. Prior to that, Harry was director of engineering at Compuware Corporation (formerly NuMega), and principal architect for Rational Software, where he designed the core automation engine for Rational Robot.

Dan is the product manager focused on building the Zscaler Workload Protection (Edgewise) platform into the best microsegmentation control on the market. His background is in virtualization systems, storage, and cybersecurity.
Hosts



2. Voice Phishers, ‘SpiKey’ Lock Picking, & Coffee Cup Hackers – PSW #663
New Microsoft Defender ATP Capability Blocks Malicious Behaviors, Voice Phishers Targeting Corporate VPNs, IBM finds vulnerability in IoT chips present in billions of devices, The Sounds a Key Make Can Produce 3D-Printed Replica, US firm accused of secretly installing location tracking SDK in mobile apps, and Disrupting a power grid with cheap equipment hidden in a coffee cup!
Announcements
Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
Hosts




3. SWVHSC Micro Interviews: Gravwell & Rapid7 – Corey Thuen, Deral Heiland – PSW #663
What use cases are addressed by Threat Hunting Platforms and SIEMs? Where is the overlap and where are the differences? Corey Thuen, Founder of Gravwell, covers the high level and low-level tech that drives these differences. This segment is sponsored by Gravwell. Visit https://securityweekly.com/gravwell to learn more about them!
Gravwell is a threat hunting platform built for ingest and search of logs and binary data sources at scale. To learn more, visit: https://www.gravwell.io/summercamp2020
Deral Heiland, Principal Security Research IoT at Rapid7 will focus on the subject of IoT security and hacking, IoT testing and testing methods and related research topics. This segment is sponsored by Rapid7. Visit https://securityweekly.com/rapid7 to learn more about them!
Rapid7 Segment Resources: https://www.rapid7.com/research/%0D%0Ahttps://blog.rapid7.com/author/deral-heiland/
To gain access to our latest research (i.e. 2020 Q1 Threat Report, NICER and Under the Hoodie 2020 visit: https://www.rapid7.com/research/
Guests

Corey Thuen is a founder of Gravwell and has spent over a decade doing cybersecurity at places like Department of Energy national labs, Digital Bond, and IOActive. That experience is now driving development of a full-stack analytics platform built to alleviate pain points he personally experienced from inflexible tools.

Deral Heiland, CISSP, has over 20 years of experience in IT. Over the last 8+ years, he has focused on security research, security assessments, pen testing, and consulting.
Hosts
