Enterprise Security WeeklySubscribe
Cloud Security, Incident Response, Network Security, Breach, Security Program Controls/Technologies, Supply chain, AI/ML, Endpoint/Device Security

Exploring the Intersection of Security for Edge Computing and Endpoint – Theresa Lanowitz, Mani Keerthi Nagothu – ESW #340

Full Audio

View Show Index

Segments

1. Exploring the Intersection of Security for Edge Computing and Endpoint – Theresa Lanowitz, Mani Keerthi Nagothu – ESW #340

Once again, Theresa Lanowitz joins us to discuss Edge Computing, but with a twist this time, as Mani Keerthi Nagotu from SentinelOne joins us as well! As a field CISO, Mani knows all too well the struggles security leaders are going through, given the current market and threat landscape:

  • Maybe not less budget, but more pressure to produce results and justify spending
  • Security leaders being held personally accountable for performance
  • Potential layoffs, and the need to achieve the same goals with less labor and tool overhead

Segment Resources

This segment is sponsored by AT&T Cybersecurity. Visit https://securityweekly.com/attcybersecurity to learn more about them!

Sponsored By

AT&T Cybersecurity

Announcements

  • Join our cybersecurity community on Discord! Connect directly with our expert hosts, join discussions with fellow audience members, and customize your notifications to receive alerts every time an episode of your favorite show publishes. Get your invite at securityweekly.com/discord!

Guests

Chief Evangelist at LevelBlue

Theresa Lanowitz is the Chief Cybersecurity Evangelist at LevelBlue, a strategic alliance between AT&T and WillJam Ventures, that simplifies cybersecurity for the businesses fueling our global economy.

With a distinguished career in the technology industry, she has held influential roles at companies including Gartner, Borland, Taligent, and Sun Microsystems, significantly impacting application security and emerging technologies.

Theresa is a globally respected leader known for her deep and diverse experience in cybersecurity. Theresa frequently speaks at major industry conferences, sharing her insights on high tech trends, AI integration, and the evolving threat landscape.

Theresa holds a Bachelor of Science in Computer Science from the University of Pittsburgh, Pittsburgh, PA.

Field CISO at SentinelOne

Mani Keerthi Nagothu is a cybersecurity professional with global work experience. Her expertise includes cybersecurity strategy, incident response, and risk management. She has been a speaker at various conferences, including RSA Conference 2023, Evanta, Infosec World, (ISC)2 Security Congress, Cloud Security Alliance, and many more. She is passionate about sharing knowledge with others, and most recently, her LinkedIn course – Insider Threat Risk Management, was published

Hosts

Principal Researcher at The Defenders Initiative
Product Marketer and Content Strategist at OX Security

2. Five Lessons Learned From Okta’s Customer Support System Breach – ESW #340

We regularly cover significant breaches on this podcast, but it is rare that we have enough information about a major breach to cover in enough detail to devote an entire segment to. Today, we dive into lessons learned from the breach of Okta's customer support system that targeted some other major security vendors.

This is part of a troubling trend, where the target of an attack only serves as a jumping off point to other organizations. China's 2023 attack of Microsoft is an example of this. It was easier to attack Microsoft 365, one of the world's largest business SaaS platforms, than to go after each of the 25 individual targets these Chinese actors needed access to.

Traditionally, we've thought of lateral movement as something that happens within a network segment, or even within a single organization. Now, we're seeing lateral movement between SaaS platforms, between clouds, from third party vendors to customer, and even from open source project to open source adopters.

In this segment, we'll cover five key lessons learned from Okta's breach, from information shared by Okta and three of its customers: 1Password, Cloudflare, and BeyondTrust.

  1. Protect Your Session Tokens
  2. Monitor for Unusual Behavior
  3. SaaS Vendors Are Common Targets
  4. Zero Trust Principles Work
  5. MFA Isn't a Binary (on or off) Control

Segment Resources

Hosts

Principal Researcher at The Defenders Initiative
Product Marketer and Content Strategist at OX Security
VP Traceable.ai, Cyber Angel Investor and Advisor at 90 Degree Ventures

3. New security startups, Stamos and Krebs go to SentinelOne, NY takes cyber seriously – ESW #340

Finally, in the enterprise security news,

  1. Lots of new security startups with early stage funding
  2. SentinelOne picks up Chris Krebs and Alex Stamos’s consulting firm
  3. PE firm picks up ActiveState - a company I haven’t thought about since I last downloaded ActiveState Perl 1000 years ago
  4. Microsoft announces the limited release of Security Copilot
  5. Semgrep releases a secrets scanner
  6. AGI predicted to come much sooner than you might expect
  7. NY State doubles down on cybersecurity regulations to protect its hospitals
  8. the young hackers behind Mirai, one of the biggest botnets ever
  9. Ransomware groups snitch on businesses to the SEC

Hosts

Principal Researcher at The Defenders Initiative
  1. 1. FUNDING: Vulcan Cyber Closes $55 Million Series B with Additional $34 Million to Solidify Position as a Leader in Cyber Risk Management
  2. 2. FUNDING: Securing Our Vision: The $6.4M Seed Funding Milestone
  3. 3. FUNDING: Risk Ledger Secures £6.25M to Prevent Cyber Attacks on the Supply Chains of Nation’s Largest Enterprises
  4. 4. FUNDING: Myrror Security Raises $6M in Seed Funding
  5. 5. FUNDING: Tidal Cyber Raises $5M in Seed Funding
  6. 6. FUNDING: HydroX AI: Building a One-Stop Platform for LLM Security and Privacy
  7. 7. FUNDING: Protecto Raises $4M in Seed Funding
  8. 8. FUNDING: Attack Surface Management Technology Provider Cavelo Announces CAD$5M Funding Round
  9. 9. ACQUISITIONS: SentinelOne® Launches PinnacleOne Strategic Advisory Group

    SentinelOne picks up Chris Krebs and Alex Stamos's consulting firm, Krebs Stamos Group LLC, rebranding it as PinnacleOne (redundant?) Strategic Advisory Group

  10. 10. ACQUISITIONS: Vertu Capital Acquires Secure Open Source Integration Platform Company, ActiveState
  11. 11. DIVESTITURES: ThreatDown: A new chapter for Malwarebytes
  12. 12. NEW PRODUCTS: Microsoft unveils expansion of AI for security and security for AI at Microsoft Ignite
  13. 13. NEW PRODUCTS: Introducing Semgrep Secrets
  14. 14. ESSAYS: Why We’ll Have AGI by 2025-2028

    TL;DR - Daniel's theory is that AGI won't first emerge as a single packaged product, but will be the product of many smaller AI products integrated together.

  15. 15. ESSAYS: As cars hoover up more and more drivers’ data, is it time to regulate the industry?
  16. 16. REGULATIONS: New York State Cybersecurity Strategy
  17. 17. REGULATIONS: New York State Cybersecurity Requirements for Financial Services Companies
  18. 18. REGULATIONS: Governor Hochul Announces Proposed Cybersecurity Regulations for Hospitals Throughout New York State
  19. 19. INVESTIGATIONS: The Mirai Confessions: Three Young Hackers Who Built a Web-Killing Monster Finally Tell Their Story
  20. 20. VULNERABILITIES: In a first, cryptographic keys protecting SSH connections stolen in new attack
  21. 21. SQUIRREL: Are ransomware groups using the SEC as leverage now?

    Ransomware group hacks public company... then turns them into the SEC for not reporting the breach within the new required timelimit???

Product Marketer and Content Strategist at OX Security
VP Traceable.ai, Cyber Angel Investor and Advisor at 90 Degree Ventures

Related