RSAC 2021 #3

Against the ubiquitous backdrop of Zero Trust initiatives, we have all come to accept the motto of "Verify, then trust". Yet, here we are building an entire stack of Zero Trust enabled technologies, upon a broken implicit-trust foundation. Nowhere is this risk more apparent, than at the device and firmware level. Indeed this is why both nation-state and criminal actors have converged upon a strategy that combines supply chain attack dynamics, with readily exploitable devices. This allows them to impart maximum impact against victim organizations, and even those victim’s downstream partners and customers. In order to address this evolving threat, organizations must take back security control of their devices, and stop trusting the fox that has quite frankly, become the hen house.

https://eclypsium.com/firmware-threat-report/

https://eclypsium.com/2020/07/21/device-integrity-and-the-zero-trust-framework/ https://eclypsium.com/2021/01/14/assessing-enterprise-firmware-security-risk-in-2021/

This segment is sponsored by Eclypsium.

Visit https://securityweekly.com/eclypsium to learn more about them!

Organizations continue to struggle understanding what Zero Trust is, how they move towards it, and ultimately how they implement it. There's been a lot of co-opting of the term and practitioners are so tired of it and sometimes react in disgust or think that it's marketing noise. I'd like to talk about the history of Zero Trust and where organizations can focus their efforts to start and/or continue their journey towards ZT.

So what is Zero Trust really? Can organizations buy Zero Trust? How do organizations get started implementing Zero Trust? What kind of skills does an organization need to implement Zero Trust Where does XDR, EDR, NAV, pick your technology fit in the Zero Trust narrative?

Segment Resources:

https://go.forrester.com/blogs/zero-trust-is-not-a-security-solution-it-is-a-strategy/ https://go.forrester.com/blogs/degree-requirements-are-poisoning-your-cybersecurity-talent-pool/ https://csrc.nist.gov/publications/detail/sp/800-207/final

Threat hunters are under increased pressure to rapidly analyze, classify, detect and respond to malicious files. ReversingLabs is stepping forward to address these needs with its new Malware Lab Solution. The ReversingLabs Malware Lab solution powers the next generation of threat hunting by delivering a unique combination of static and dynamic analysis capabilities at scale to identify malicious files including those in the software supply chain.

Porous perimeters, remote workers, and highly targeted attacks such as Sunburst are challenging traditional security infrastructures, processes, and organizational structures, requiring leaders to introduce new malware analysis capabilities that centralize the analysis and investigation of suspected unknown and emergent threats to quickly determine the appropriate response.

A recent ReversingLabs survey of information security professionals validated this need with nearly 40 percent of respondents agreeing their organization could improve security with a more formalized threat hunting and malware lab program. ReversingLabs is addressing this with the ReversingLabs Malware Lab solution that equips threat hunting experts with the industry’s only unified threat analysis engine and console to rapidly analyze, classify, detect and respond to malicious files.

This segment is sponsored by Reversing Labs.

Visit https://securityweekly.com/ReversingLabs to learn more about them!

Press Release: https://blog.reversinglabs.com/newsroom/press-releases/reversinglabs-new-malware-lab-solution-enables-next-generation-of-threat-hunting

ReversingLabs Web Site https://www.reversinglabs.com/

RSA Microsite:
https://register.reversinglabs.com/rsa-2021

Why is third-party risk still such a challenge? Are companies using recent risk events (pandemic, solar winds, Colonial pipeline) as an opportunity to get better at risk management? How can firms better prepare for attacks to their third-party ecosystem?

Segment Resources:

https://go.forrester.com/blogs/make-covid-19-the-supply-chains-final-cautionary-tale/

The shift away from web application security, caused by the pandemic and the focus on remote workforces, resulted in an increased number of web vulnerabilities. In this segment, Mark talks about the best starting point for organizations to get back on track and prioritize your web app security.

https://www.acunetix.com/white-papers/acunetix-web-application-vulnerability-report-2021/

This segment is sponsored by Acunetix.

Visit https://securityweekly.com/acunetix to learn more about them!