Security Weekly
Enterprise Security WeeklySubscribe
Careers, Data security, Leadership, Application security

Large Stacks – ESW #241

This week, first up, we welcome, Philippe Lafoucrière Distinguished Security Engineer GitLab Inc, to talk about Transparency in Large Supply Chains! Then, John Smith, Principal Engineer of Security at ExtraHop, joins to discuss Putting the "R" in the NDR! Finally, in the Enterprise News, "inertia in cybersecurity strategy", Check Point acquires Avanan, Absolute DataExplorer, BreachQuest Launches with $4.4m in seed funding, Acronym Bingo, and more!

Segment Resources:

https://about.gitlab.com/handbook/values/#transparency

Visit https://securityweekly.com/gitlab to learn more about them!

Visit https://securityweekly.com/extrahop to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

View Show Index

Full Audio

Segments

1. Transparency in Large Supply Chains – Philippe Lafoucrière – ESW #241

GitLab is unique in many ways, but our transparency value is pushing us to mature our Security posture faster than attackers. Discover how GitLab iterates quickly to adapt to a world where everyone can contribute.

Segment Resources:
https://about.gitlab.com/handbook/values/#transparency

This segment is sponsored by GitLab.

Visit https://securityweekly.com/gitlab to learn more about them!

Sponsored By

GitLab

Announcements

  • InfoSec World 2021 is proud to announce its keynote lineup for this year’s event! Hear from Robert Herjavec plus heads of security at the NFL, TikTok, U.S. Department of Homeland Security, Stanford University, and more… Plus, Security Weekly listeners save 20% on Digital Pass registration! Visit https://securityweekly.com/isw2021 to register now!

Guest

Philippe Lafoucrière
Philippe Lafoucrière
Distinguished Security Engineer at GitLab Inc.

Philippe Lafoucriere is a Distinguished Security Engineer at GitLab.
Before joining GitLab, Philippe was the founder and CEO of Gemnasium, a SaaS company that helped developers mitigate security vulnerabilities in open source code. Gemnasium was acquired by GitLab to implement robust security scanning functionality natively into GitLab’s CI/CD pipelines.

Hosts

Paul Asadoorian
Paul Asadoorian
Founder at Security Weekly
Adrian Sanabria
Adrian Sanabria
Director of Product Marketing at Valence Security
Lee Neely
Lee Neely
Information Assurance APL at Lawrence Livermore National Laboratory

2. Putting the “R” in the NDR – John Smith – ESW #241

It's time to think more broadly about the R in NDR. Incident responders need a full spectrum of response–from hunting and investigations to remediation–not just another alert cannon. While blocking and containment are important steps, complete incident response is about gathering forensic evidence, sharing it across teams to establish root cause, pulling together an actionable plan, and eradicating the risk or vulnerability from the organization’s environment. ExtraHop's Principal Engineer John Smith joins Security Weekly to discuss.

Segment Resources:

- ExtraHop Extends Response and Forensics Capabilities with Deep Threat Insights for Hybrid Cloud

https://www.extrahop.com/company/press-releases/2021/revealx-360-innovations/?uniqueid=FJ07532845&utm_source=security-weekly&utm_medium=podcast&utm_campaign=2021-q3-security-weekly-pr-resource&utm_content=press-release&utm_term=no-term&utm_region=global&utm_product=security&utm_funnelstage=top&utm_version=no-version

- ExtraHop free and interactive demo

https://www.extrahop.com/demo/?uniqueid=AN07532846&utm_source=security-weekly&utm_medium=podcast&utm_campaign=2021-q3-security-weekly-demo&utm_content=demo&utm_term=no-term&utm_region=global&utm_product=security&utm_funnelstage=top&utm_version=no-version

This segment is sponsored by ExtraHop Networks.

Visit https://securityweekly.com/extrahop to learn more about them!

Sponsored By

ExtraHop Networks

Announcements

  • In an overabundance of caution, we have decided to flip this year’s SW Unlocked to a virtual format. The safety of our listeners and hosts is our number one priority. We will miss seeing you all in person, but we hope you can still join us at Security Weekly Unlocked Virtual! The event will now take place on Thursday, Dec 16 from 9am-6pm ET. You can still register for free at https://securityweekly.com/unlocked.

Guest

John Smith
John Smith
Principal Engineer, Security at Extrahop

John Smith has over twenty years’ experience in IT and Security, including eighteen years as a practitioner before joining ExtraHop. John is a frequent speaker on podcasts and webinars, and has delivered talks at conferences like RSAC and multiple B-Sides events. His experience includes securing and architecting the US Centers for Disease Control’s Pandemic Response and Telework solution in 2007 and pioneering data-driven analytics and investigations.

Hosts

Paul Asadoorian
Paul Asadoorian
Founder at Security Weekly
Adrian Sanabria
Adrian Sanabria
Director of Product Marketing at Valence Security
Lee Neely
Lee Neely
Information Assurance APL at Lawrence Livermore National Laboratory

3. “Lift & Drag”, BeyondTrust, Absolute DataExplorer, & RDP Exploits – ESW #241

This week in the Enterprise News, "inertia in cybersecurity strategy", Check Point acquires Avanan, Absolute DataExplorer, BreachQuest Launches with $4.4m in seed funding, Acronym Bingo, & More!!!

Announcements

  • Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!

  • Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.

Hosts

Paul Asadoorian
Paul Asadoorian
Founder at Security Weekly
  1. 1. ThycoticCentrify Enhances DevOps Security with Certificate-Based Authentication and Configurable Time-to-Live for All Cloud Platforms
    " The latest version offers certificate-based authentication and the ability to configure Time-to-Live (TTL) for secrets, leading to even tighter DevOps security and easier management."
  2. 2. LogPoint Acquires SecBI to Add SOAR and XDR Platforms
    "LogPoint, a provider of security information event management (SIEM) platform and user behavior analytics tools, today revealed it has acquired SecBI, a provider of an integrated security orchestration and automated response (SOAR) and extended detection and response (XDR) platform." - Check the boxes on acronym bingo.
  3. 3. D3 Security raises $10M to accelerate advancement of its next-generation SOAR platform
    "D3’s SOAR platform helps many of the world’s most sophisticated security teams integrate their security tools, eliminate time-consuming tasks via automation, and orchestrate lightning-fast responses to threats."
  4. 4. Query.AI’s enhancements drive efficiencies in cybersecurity investigations
    "The Query.AI platform serves as a connective tissue that delivers federated search to conduct investigations across data silos and eliminates the antiquated approach of universal data centralization."
  5. 5. Absolute Software : Announces General Availability of Absolute DataExplorer
    Kinda neat how it lives in firmware, we always talk about bad things that could live in firmware, this is a legit tool that lives in firmware: "Anchored by its firmware-embedded Persistence® capabilities residing in more than 500 million endpoints, Absolute provides an undeletable digital tether to every device - enabling customers to maintain enhanced visibility across their device fleets and reliably monitor critical hardware and software information."
  6. 6. Privileged Remote Access Version 21.2 Introduces BYOT for SSH, UI Enhancements, & More
    "With this release, Privileged Remote Access enables organizations to properly manage and inject credentials managed by Azure AD Domain Services. Administrators can now leverage the Secure Remote Access Vault to rotate account credentials managed by Azure Active Directory Domain Services"
  7. 7. BeyondTrust Labs Report Demonstrates Removing Admin Rights and Implementing Application Controls Highly Effective in Preventing Malware
    "Removal of admin rights and implementation of pragmatic application control are two of the most effective security controls for preventing and mitigating the most common malware threats." - Agree?
  8. 8. Lift and drag: confronting complacency and disrupting inertia in cybersecurity strategy
    "Psychological inertia, as it is known in medical literature, is prevalent in workplace change management because committing to the changes necessary to achieve higher-level objectives causes individuals to feel anxiety and fear. So, even though the workforce acknowledges the security benefits of a Zero Trust model, they resist the necessary changes in their daily routine." - This is so common! "In fact, most wildly successful organizations can point to one or more significant disruptions that served as the catalyst to overcome status quo bias and drive innovation." - I've always said you have to scramble a few eggs to make an omelet...
  9. 9. Exploiting CVE-2018-13379 – A Case Study
    "Successfully authenticated user credentials were saved, in plaintext, to this file. Any unauthenticated visitor could exploit the vulnerability to retrieve this file and collect plaintext credentials." - Why can't we just patch this? Did we not know it existed or we knew and got pushback? "The primary method of access and lateral movement was through the VPN and Remote Desktop Protocol (RDP)." - Curious if MFA could be implemented system-wide for RDP connections as I believe this is possible, not expensive, and not a huge inconvenience. "Four months into the incident, PsExec was run from a VPN source IP to create a scheduled task on domain controllers." - This should generate an alert, also curious how common this is for legitimate admins or software to create a scheduled task on a domain controller...
Adrian Sanabria
Adrian Sanabria
Director of Product Marketing at Valence Security
  1. 1. Comcast Business to Acquire Masergy, a Pioneer in Software-Defined Networking and Cloud Platforms
  2. 2. Elastic and Cmd Join Forces to Help Customers Take Command of Their Cloud Workloads
  3. 3. Incident Response Firm BreachQuest Launches With $4.4 Million in Seed Funding
  4. 4. IronNet Completes Business Combination with LGL Systems Acquisition Corp.
  5. 5. Check Point Software Technologies Acquires Avanan, the fastest growing cloud email and collaboration security company, to redefine security for cloud email
Lee Neely
Lee Neely
Information Assurance APL at Lawrence Livermore National Laboratory

Related

Careers
The Reasons Why CISOs Should Report to CEOs – Jeff Pollard – BSW #298

When CISOs report into CEOs it gives them more autonomy, empowers them with more decision making authority, and eliminates the inherent conflict of interest present when CISOs report into IT leaders like the CIO. Segment Resources: https://www.forrester.com/blogs/five-reasons-why-cisos-should-report-to-ceos
Careers
The Rise of the Chief Product Security Officer – Jason Christman – CSP #113

Cybersecurity is becoming a #1 business risk for many organizations. For CISOs to effectively manage this risk, proper strategy, adequate resourcing, and leadership support are all essential, but not enough. CISOs need a trusted partner on the supplier side, a product CISO, known within industry as a Chief Product Security Officer, who understand...
prestitial ad