Black Hat USA 2016 – WindowsTechs.com

Measuring IT security health with GreySpark

Posted on September 6, 2016 by Mirko Zorz

In this podcast recorded at Black Hat USA 2016, Brit Wanick, Vice President of Sales, FourV Sytems, talks about measuring IT security health with GreySpark. GreySpark identifies and measures risk factors by normalizing and evaluating threat, vulnerability, and operational events from an organization’s sensors and systems. The calculated risk factors drive simple risk indices and provide a continuous view of IT security risk trends and IT security operation’s performance. GreySpark Cyber integrates with workflow management … More → Continue reading Measuring IT security health with GreySpark→

SimpleRisk: Enterprise risk management simplified

Posted on August 31, 2016 by Mirko Zorz

In this podcast recorded at Black Hat USA 2016, Josh Sokol, creator of SimpleRisk, talks about his risk management tool, which he presented at the Black Hat Arsenal. Written in PHP, with a MySQL database back-end, SimpleRisk was created in order to make risk management obtainable to all security practitioners, not just the ones with money to buy a GRC platform. Due to it’s intuitive interface, this tool has actually been selected over the big … More → Continue reading SimpleRisk: Enterprise risk management simplified→

Data protection for any cloud, anywhere

Posted on August 29, 2016 by Mirko Zorz

In this podcast recorded at Black Hat USA 2016, Jeff Schilling, CSO at Armor, talks about Armor Anywhere, which provides user-friendly managed security, with visibility and controls to ensure the protection of workloads, assets and applications. Compatible with popular cloud platforms, including AWS and Azure, Armor Anywhere secures data 24/7 while providing visibility across a multi-cloud infrastructure. For each CORE service, see details, status and actions to take presented in a filterable, sortable server list … More → Continue reading Data protection for any cloud, anywhere→

Key elements for successfully prioritizing vulnerability remediation

Posted on August 23, 2016 by Mirko Zorz

New vulnerabilities are disclosed every day, amounting to thousands per year. Naturally, not all vulnerabilities are created equal. In this podcast recorded at Black Hat USA 2016, Tim White, Director of Product Management at Qualys, talks about Qualys ThreatPROTECT, a cloud-based solution that helps IT professionals automatically prioritize the vulnerabilities that pose the greatest risk to their organization. How? By correlating active threats against your vulnerabilities. Live Threat Intelligence Feed ThreatPROTECT also includes a Live … More → Continue reading Key elements for successfully prioritizing vulnerability remediation→

A closer look at IT risk management and measurement

Posted on August 22, 2016 by Mirko Zorz

In this podcast recorded at Black Hat USA 2016, Casey Corcoran, Partner, FourV Systems, talks about the most significant trends cyber security and risk management. He discusses the credibility of the CISO, a new breed of security tools, as well as insurance companies trying to get into the risk management space. Modern businesses use data to make more informed decisions. FourV Systems use machine learning and statistical analytics to calculate Cyber Risk Indicators from existing … More → Continue reading A closer look at IT risk management and measurement→

Continuous security in the web application space

Posted on August 17, 2016 by Mirko Zorz

What we’re seeing in the market right now is increased consolidation among vendors. They’re buying each other, more products covering another vendor’s territory are being introduced, and this is all creating confusion for anyone trying to put together a security program. In this podcast recorded at Black Hat USA 2016, Jason Kent, VP of Product Management, Web Application Security, Qualys, talks about what continuous security means, how you can use it to identify all of … More → Continue reading Continuous security in the web application space→

What’s your security strategy?

Posted on August 15, 2016 by Mirko Zorz

In this podcast recorded at Black Hat USA 2016 in Las Vegas, Chris Drake, CEO at Armor, talks about how corporate IT is being stretched thin. They have to tackle the corporate network, endpoints, BYOD, cloud security, and much more. The big question organizations have to ask themselves if they have the resources to properly protect their data. Drake encourages organizations to be flexible and think about the importance of different types of data, because … More → Continue reading What’s your security strategy?→

Multi-layered phishing mitigation

Posted on August 12, 2016 by Mirko Zorz

In this podcast recorded at Black Hat USA 2016, Eyal Benishti, CEO at IRONSCALES, talks about their multi-layered phishing mitigation solution, which brings together human intelligence and machine learning in a way that allows automated phishing incident response. IRONSCALES recently released Federation, a product that will automatically and anonymously share phishing attack intelligence with organizations worldwide. This employee-based intrusion prevention system is the first phishing solution with an automatic one-click mitigation response. This functionality makes … More → Continue reading Multi-layered phishing mitigation→

CRIME, TIME, BREACH and HEIST: A brief history of compression oracle attacks on HTTPS

Posted on August 11, 2016 by Help Net Security

The HEIST vulnerability was presented at Black Hat USA 2016 by Mathy Vanhoef and Tom Van Goethem. In this presentation, new techniques were presented that enhanced previously presented padding oracle attacks on HTTPS, making them more practical. In a padding oracle attack, the attacker has partial control of part of a message that contains secret information, and is compressed, then encrypted before being sent over the network. An example of this is a web page … More → Continue reading CRIME, TIME, BREACH and HEIST: A brief history of compression oracle attacks on HTTPS→

Bringing security into IT and application infrastructures

Posted on August 9, 2016 by Mirko Zorz

In this podcast recorded at Black Hat USA 2016, Chris Carlson, VP of Product Management, Cloud Agent Platform at Qualys, talks about a new trend in bringing security into IT and application infrastructures, as well as working with the DevOps team for increased security. A lot of security is built on security in-depth, layers of security, bringing the end prevention capabilities. Since the threat landscape, techniques and adversaries are changing quickly, sometimes prevention doesn’t work … More → Continue reading Bringing security into IT and application infrastructures→