With the relentless advancements in technology and a workforce more digitally-enabled than ever before, businesses today face an unprecedented challenge of protecting their sensitive information from cybercriminals. Infostealer malware, often disguised as innocuous files or hidden within legitimate-looking emails, stealthily infiltrate employee and contractor devices – managed and unmanaged – exfiltrating all manner of data for the purposes of executing follow-on attacks including ransomware. The data at risk includes customer details, financial information, intellectual property, and R&D plans stolen from compromised applications that were accessed from infostealer-exfiltrated authentication data like credentials and active session cookies/tokens. This episode digs into the proliferation of infostealers and provides actionable steps for businesses of any size or industry to mitigate the threat. In this episode of CyberWire-X, N2K’s CSO, Chief Analyst, and Senior Fellow, Rick Howard, is joined in the first half by Hash Table member Rick Doten to discuss the early days of incident response and the current thinking of post-infection remediation (PIR) actions. In the second half of the show, CyberWire podcast host Dave Bittner talks with our episode sponsor SpyCloud’s Director of Security Research, Trevor Hilligoss. They chat about the challenges for enterprises and security leaders to identify what was stolen from malware-infected devices and how proper post-infection remediation implemented into existing incident response workflows can help prevent this data from causing ransomware. Trevor shares highlights from an industry report of over 300+ security leaders from North America and the UK on where they stand on malware identification and remediation, and what additional work can be done to minimize cybercriminals' access and impact.
In this episode of CyberWire-X, the CyberWire’s Rick Howard and Dave Bittner explore modern approaches for applying and enforcing policy and access controls to sensitive data which inevitably leaves your possession but still deserves just as much security as the data that you possess internally. Rick and Dave are joined by guests Bill Newhouse, Cybersecurity Engineer at National Institute of Standards and Technology (NIST) National Cybersecurity Center of Excellence (NCCoE), and Dana Morris, Senior Vice President for Product and Engineering of our episode sponsor Virtru.
Penetration testing is a vital part of a robust security program, but the traditional pentesting model is in a rut. Assessments happen infrequently, the scope is often very broad, and the report is usually overwhelming. What if you could increase the overall ROI of your pentesting program and avoid these limitations? Every penetration test should have specific goals. Coverage of the MITRE ATT&CK framework or the OWASP Top Ten is a great start, but a pentest could provide exponential value by applying a more strategic approach. In this episode of CyberWire-X, the CyberWire’s Rick Howard and Dave Bittner discuss what it means to "shift left" with your penetration testing by working on a threat-informed test plan with guests and Hash Table members Bob Turner, the Field CSO of Fortinet, Etay Maor, the Senior Director for Security Strategy at Cato Networks, and Dan DeCloss, the Founder and CEO of our episode sponsor PlexTrac.
The public web data domain is a fancy way to say that there is a lot of information sitting on websites around the world that is freely available to anybody who has the initiative to collect it and use it for some purpose. When you do that collection, intelligence groups typically refer to it as open source intelligence, or OSINT. Intelligence groups have been conducting OSINT operations for over a century if you consider books and newspapers to be one source of this kind of information. In the modern day, hackers conduct OSINT operations in order to recon their potential victims by collecting email addresses, personal information, IP addresses, software versions, network configurations, and, if they are lucky, login credentials for websites and social media platforms. The question is, how can the good guys use these techniques to improve their security posture or maybe help the business in some kind of material way? On this episode of CyberWire-X, the CyberWire’s Rick Howard and Dave Bittner discuss OSINT operations to improve your security posture with guests Steve Winterfeld, Hash Table member and Advisory CISO for Akamai, and Or Lenchner, CEO at our episode sponsor Bright Data.
With a recession looming, many business leaders are looking for ways to cut spending wherever possible. And while tool bloat affects many security teams, it can be a challenging problem to tackle for a couple of reasons. First, there’s the fear that security will be lost if a tool is removed. Second, there’s the daunting task of unraveling complex systems. And finally, there’s the perennial talent shortage. Like all challenges in security, they’re made even worse by the fact that there’s not enough people able to tackle them. During this CyberWire-X episode, host Rick Howard, the CyberWire’s CISO, Chief Analyst and Senior Fellow, speaks with Hash Table member Ted Wagner, the CSO of SAP National Security Services, and host Dave Bittner speaks with sponsor ExtraHop Senior Technical Marketing Manager Jamie Moles. They discuss solutions to help business and security leaders to not just address these challenges, but to get more out of their tooling as they do. They discuss strategies for how to determine which tools you actually need and which you can get rid of, as well as the step-change benefits that can be realized when you consolidate, automate, and integrate your security solutions.