Cybersecurity has too many distractions and can the White House fix BGP? – Harish Peri, Harry Wilson, Darren Guccione – ESW #375
Full Audio
View Show IndexSegments
1. Cybersecurity has too many distractions and can the White House fix BGP? – ESW #375
This week, in the enterprise security news,
- Cribl, Zafran, and US states raise funding
- Cisco, Check Point, Salesforce, and Absolute Software acquire cybersecurity startups
- AI Security products are picking up steam
- You probably shouldn’t be too worried about Yubikey cloning
- Instead, you should be more worried about malicious npm packages!
- The White House wants to fix BGP
- SolarWinds has shady stuff in its source code, AGAIN
- The challenge of bringing security to small business
- Scams are getting quicker and more effective
- how not to run a phishing test
- and AI assistants rickroll paying customers!
Hosts
- 1. FUNDINGS: Cribl, Zafran, and US States (wut?) raise funding
- 2. ACQUISITIONS: Cisco/Robust Intelligence, Check Point/Cyberint, Salesforce/Own, Absolute/Syxsense
This week's acquisitions:
- Mastercard just spent $2.65 billion to beef up security
- Fortifying the future of Security for AI: Cisco Announces intent to acquire Robust Intelligence
- Check Point Software to Acquire Cyberint to Transform Security Operations and Expand Managed Threat Intelligence Solutions
- Salesforce Signs Definitive Agreement to Acquire Own Company
- Absolute Security to Acquire Syxsense
- 3. NEW PRODUCTS: Prompt Security helps organizations monitor data shared with Microsoft 365 Copilot – Help Net Security
- 4. NEW PRODUCTS: Wiz moves into securing CI/CD pipelines
As mentioned by Tyler on the show
- 5. ATTACKS: YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel
The attacks require about $11,000 worth of equipment and a sophisticated understanding of electrical and cryptographic engineering. The difficulty of the attack means it would likely be carried out only by nation-states or other entities with comparable resources and then only in highly targeted scenarios. The likelihood of such an attack being used widely in the wild is extremely low. Roche said that two-factor-authentication and one-time password functionalities aren't affected: because they don't use the vulnerable part of the library.
- 6. ATTACKS: Malicious npm Packages Mimicking ‘noblox.js’ Compromise Roblox Developers’ Systems
- 7. INTERNET WORLD POLICE: White House publishes roadmap to secure internet routing
- 8. VULNS: SolarWinds left hardcoded credentials in helpdesk product
- 9. REPORTS: TL;DR: Every AI Talk from BSidesLV, Black Hat, and DEF CON 2024
- 10. ESSAYS: Lifting the world out of the cybersecurity poverty
As Darwin mentioned during the podcast - Bitdefender's Security for Content Creators
- 11. TRENDS: Online scam cycles are getting shorter and more effective, Chainalysis finds
- 12. WHOOPSIES: Uni phishing test based on fake Ebola scare prompts apology
- 13. SQUIRREL: Lindy, a commercial AI assistant, rickrolls its customers
2. Oktane 2024 and the Current State of Identity Security – Harish Peri – ESW #375
We are a month away from Oktane -- the biggest identity event of the year. Okta is bringing thousands of identity industry thought leaders, IT and security executives, and other tech leaders together on October 15-17 to discuss the changing landscape for security and identity, how organizations are putting identity first, new Okta products, and more. Harish Peri, Senior Vice President of Product Marketing, joins Enterprise Security Weekly to discuss what people should expect from Oktane this year, the conversations that will take place at the event and why it’s important for security professionals to attend/tune in.
This segment is sponsored by Oktane. Visit https://securityweekly.com/oktane2024 and use discount code OKTNSC24 to pay only $100 for your full conference pass!
Sponsored By
Guest
Harish Peri is the Senior Vice President of Product Marketing at Okta. He is responsible for messaging, positioning, GTM strategy, and overall success of Okta’s key products in the market. He has over 20 years of experience in enterprise technology across multiple industries ranging from financial services to human capital technology and CRM. He has held leadership roles in product management, customer success, sales, and marketing.
Host
3. Cybersecurity at the speed of Formula One – Darren Guccione, Harry Wilson – ESW #375
Ever wondered what it's like to be responsible for the cybersecurity of a sports team? How about when that sports team is one of the world's most successful Formula One teams? I can't describe how excited we are to share this interview. This interview is basically two huge F1 nerds who happen to also be cybersecurity veterans asking everything they've always wanted to know about what it takes to secure an F1 team.
For the folks out there that aren't familiar with this sport, Formula One is arguably the fastest, most watched, and most international automotive racing sport today. In the 2024 season, the racing series will feature ten teams traveling to 24 race tracks located in 21 different countries. Also, did you know that only two countries get more than one race? Italy gets to host two Grand Prix, and the United States gets to host three.
A HUGE thanks to Keeper Security and Darren Guccione for making this interview possible. This isn't a sponsored interview, but it was Keeper's PR team that pitched the idea for this interview to us, and as F1 fans, we're super grateful they did!
Segment Resources:
- Keeper Press Release on the Partnership
- Williams Press Release on the Partnership
- Some more details from Keeper on why they chose to sponsor automotive racing
Guests
Darren Guccione is the CEO and co-founder of Keeper Security, a leading provider of cloud-based zero-trust and zero-knowledge cybersecurity software designed to protect passwords, passkeys, secrets, connections and privileged access.
Darren drives the product vision, global strategy, customer experience, marketing and business development at Keeper. Under his leadership, the company has solidified its position as a market leader, advanced its enterprise and consumer product offerings and achieved significant global growth. Keeper’s FedRAMP and StateRAMP Authorizations enable it to effectively serve public sector organizations alongside commercial enterprises and consumers.
Darren has co-founded other successful ventures and advised industry-leading companies. In addition to Keeper, he co-founded Callpod, Inc. and OnlyWire, LLC. He also served as an advisor to NinthDecimal, formerly known as JiWire, the leading media and technology service provider for the Wi-Fi industry and as CFO and co-founder of Apollo Solutions, Inc., (acquired by CNET Networks; now CBS Interactive). Darren holds a master’s degree from the Kellstadt Graduate School of Business at DePaul University and a Bachelor of Science in Industrial and Mechanical Engineering from the University of Illinois at Urbana-Champaign.
Harry is the Head of Information Security at Williams Grand Prix Engineering. He is responsible for the design, build and operation of the cybersecurity programme covering the Williams Formula 1 and E-sports teams as well as the Williams heritage department and e-commerce platform.
Before joining Williams, Harry was the Group IT Director at a global retail and manufacturing company.
Hosts
