- CISO Series Newsletter
- Posts
- 04-21-20 - Let's Just Dump On Zoom's Security and Offer No Solutions
04-21-20 - Let's Just Dump On Zoom's Security and Offer No Solutions
Let's Just Dump On Zoom's Security and Offer No Solutions
This week's episode of CISO/Security Vendor Relationship Podcast
Let's Just Dump On Zoom's Security and Offer No Solutions
is hosted by me, David Spark, producer of CISO Series and Mike Johnson. sponsored guest is Brian Johnson, CEO and co-founder, DivvyCloud. The three of us discussed:
If you believe "we're all in this together," act that way.
The tearing down of Zoom's security flaws indicated that the security community is more a fan of exposing when others are doing something wrong than they are trying to fix a severe security problem. While we point out bad behavior on our show, we go out of our way to balance it out with a positive response or recommendation. We want situations to improve, not just to stay the same.
Many breaches are our fault.
According to the Verizon DBIR, 21 percent of breaches are due to errors, such as configuration mistakes, that make a malicious or even accidental breach a simple exercise.
Identity access management (IAM) in the cloud is a bear.
The number of changes happening in the cloud and the number of people touching that data has grown astronomically in the cloud. Applying on-premise-style IAM in the cloud simply does not work. A roles-based solution doesn't work either. Behavior is far too dynamic. You need a way, usually some type of artificial intelligence, to start understanding when cloud access behavior goes sideways.
We need more people-focused security professionals.
A very socially adept college student is eager to get into cybersecurity, but fears the field is not for her since she's less of a technician. It just so happens that her people-oriented cybersecurity skills are in high demand. That kind of focus will be very welcome.
Special thanks to this week's podcast sponsor, DivvyCloud.
DivvyCloud provides continuous security and compliance across all CSPs and containers, including AWS, GCP, Azure, Ailibaba, and Kubernetes, providing a comprehensive view of what’s in your cloud, along with the tools and automation you need to manage it today, tomorrow, and into the future as your business grows and changes.
TWO CISO Series Video Chats This FRIDAY [4-24-20] Hacking the Modern Workforce
Please join us on April 24th, 2020 at 10 AM Pacific for the next installment of the CISO Series Video Chats, "Hacking the Modern Workforce: An hour of critical thinking about managing access in a dynamic workplace”.Watch this video which outlines the highlights of our discussion.
Next FRIDAY [5-1-20] Hacking the Security Stack
Join us for “Hacking the Security Stack: An hour of critical thinking about what will disappear and what you’ll introduce in the security program of the future”.It’s happening on Friday, May 1st, 2020 at 10 AM Pacific/1 PM Eastern.REGISTER
What will the next generation of your security program, or technically, the security stack look like? A stack is not just layers of security, but an integrated set of services that are communicating openly with each other thus providing greater value than they are able to do in silos.
For those companies that are not “cloud first,” evolving their security stack is something they have no choice but to consider. Security programs must transform. What are we going to phase out? What will be required of the new security program?
I'll lead this conversation with Gary Harbison, vp, global CISO, Bayer and Jason Clark, chief strategy and marketing officer, Netskope.Special thanks to Netskope for sponsoring this video chat.
Preventing Attacks Even When You Don’t Know What They Are
At its most base level, cybersecurity is about preventing attacks. The marketplace is filled with solutions that can make attacks visible or let you know if there are intruders in your system. But that's really just a gateway to hopeful prevention or at least knowing that you've been hacked and now you have to contain and/or remediate.At Cybertech 2020 in Tel Aviv, I spoke with Ronen Yehoshua, CEO, Morphisec about how their solution is actually preventing attacks even when they don’t know what the attack is. Their defense targets the payload/application that comes in, maybe through a phishing campaign, and essentially "morphs" or alters the malicious file it so it’s not capable of even executing.Yehoshua said the company has been growing dramatically and that will hopefully be even bigger with their new partnership with Microsoft’Windows Defender to offer a one-stop security management solution.
Thanks to our video sponsor, Morphisec.
Detection-based security technologies are by definition reactive, responding to threats after they’ve hit. Morphisec takes an offensive strategy to advanced attacks, dismantling the attack pathways to prevent an attack from ever landing. No detection, no hunting, no clean-up. Watch the on-demand webinar to see how it works. More at www.morphisec.com.
SUBSCRIBE TO BOTH PODCASTS
Go ahead and click on any of these links to subscribe to the podcast feed of your favorite podcast catcher.
If you're already a subscriber, THANK YOU! If you like either or both shows, please tell all your friends on social media and write a review on iTunes.