Preston and I interviewed Ryan Benson, Senior Threat Researcher at Exabeam about Security Information and Event Management (SIEM) software. We discussed what SIEM software is, what it does for a company, how it protects your network, and how to evaluate a SIEM suite.
Preston and I also agree that a SIEM suite should offer more than simple log aggregation and log scraping. There are less expensive and less cumbersome tools that can handle that functionality if that’s all you need. We also agree that SIEM companies need to bake some intelligence into their products that allow them to be automated, to respond automatically to threats, and to include advanced analytics so that you can optionally find out what’s going on and going wrong on your network.
Ryan gives us some insight into what’s going on in SIEM software and why you should care. Before you purchase a SIEM solution, take his advice offered in the podcast.
Length: 22:35 minutes. Format: MP3. Rating: G for all audiences.
Preston and I interviewed Senior Fellow, James Scott from the Institute for Critical Infrastructure Technology about the serious threat to individuals from their webcams. You might think that because your camera is in your house and turned off that your safe from prying eyes, but you’re not. James gives us some insight as to what the problem is and how to solve it.
The unsecured cameras on PCs and mobile devices pose a serious threat to the private sector, to individual users, and to national security. No other exploit is as vicious or expedient with its results as camera activation malware which can be used by malicious threat actors to surveil and spy on unsuspecting users.
In our most recent publication, entitled “America Exposed: Who’s Watching You Through Your Computer’s Camera?”, ICIT provides an in-depth analysis of this underreported threat by discussing:
The evolution of surveillance capabilities in computing devices
Examples of malware used by malicious actors to gain access to cameras and microphones
“Webcam Gate” and creepy gaming surveillance technology
Strategies on how to mitigate mass camera-based surveillance
Length: 26:59 minutes. Format: MP3. Rating: G for all audiences.
Preston and I had the pleasure of speaking with, Dr. Jerald “Jerry” Dawkins, the CEO and founder of True Digital Security, the premier local security company here in Tulsa, Oklahoma. For this one, I stayed behind the scenes (literally) and Preston took the solo spotlight for this rare interview with Dr. Dawkins. This podcast is actually the audio extract from the video (Coming soon) we captured during the interview. True Digital Security is headquartered in Tulsa but has offices in Tulsa and Oklahoma City and cover clients globally.
Jerry and Preston discuss passwords, compliance issues, security pain points, and how to engage True Digital Security for your corporate security needs. This is a special focus on a growing company of security experts who are ready to help you navigate HIPAA, PCI, FFIEC, NERC CIP, and your other corporate security requirements and needs.
I think you’ll agree that after listening to this interview that Dr. Dawkins and his team knows security. You’ll also agree that this discussion is far too short. We hope to have Jerry and other True Digital Security folks on the show in the future so that you can get to know the whole team.
Length: 22:12 minutes. Format: MP3. Rating: G for all audiences.
The old saying goes, “Give a man a fish and he feasts for a day; teach him to phish and he becomes a rich cybercriminal who retires at 30.” OK, so maybe it doesn’t go exactly like that, but I think you get the idea that phishing is bad for the majority of us who aren’t making a profit from other people’s pains. Phishing is the act of sending out email messages that look legitimate but whose only purpose is to get your banking, credit card, social media, or other online credentials in order to steal money from you.
Markus Jakobssen, a researcher at Agari, gives us his perspective on this trend that can cost larger companies millions of dollars. Markus tells us why phishing scams are so successful and what we can do to protect ourselves from this criminal trespass into our personal accounts and online identities. If you’ve been the victim of a phishing attack, you know how expensive it can be in trying to repair the damage that a single email message can have. Listen carefully to the podcast to find out what you can do to fight against this growing threat.
Length: 17:54 minutes. Format: MP3. Rating: G for all audiences.
If you have an idea for a podcast or someone who’d like to be on the show, use the Contact Form and we’ll be glad to discuss.
Preston and I visited our favorite Tuesday landing for this May overview where we briefly discuss what to do after you discover a breach, a compromise, a hack, or a ransomware infection on your network. My advice is “Don’t Panic.” Preston has more, and probably better, advice. One of the things you need to do is know what’s on your network, know what’s supposed to be on your network, and to establish a security baseline.
A security baseline is a starting point from which you will judge your systems from now on. Scan everything with anti-malware scanners. Clean up any infections. Plug security holes. Update your systems. And that is your baseline–a clean, uninfected, uncompromised network. It will be easier in the future to discover breaches if you know what’s going on now and keep track along the way. This short podcast is a topic of a longer, more in-depth future podcast.
Length: 6:42. Format: MP3. Rating: G for all audiences.
All podcasts are Safe for Work and school and are licensed CC BY.
It isn’t often that Preston and I have the opportunity to discuss a positive aspect of government regulation. Fortunately, neither of us is a paranoid who believes the government is out to get us so we can approach these topics with open minds. GDPR is one such topic. GDPR has to do with privacy and keeping private data private. It places control of one’s data back into the owner’s hands, where it should be. Right now, this GDPR edict only affects the European Union, but Preston and I agree that this is one regulation that we can live with. Additionally, we believe that GDPR is, or should be, a requirement of doing business online, regardless of your location.
Lacy Gruen, a Director at RES, gives us an overview of the positive aspects of GDPR and what it can do for your business. Admittedly, I was a little skeptical at first but Lacy put my mind at ease about what GDPR brings to the table. I think you’ll find her perspective fresh and enlightening. Government regulations don’t always have to be a financial burden or a pain. This one is actually good for you and your customers. A rarity to be sure.
Length: 17:52 minutes. Format: MP3. Rating: G for all audiences and ages.
Preston and I had the rare honor of speaking with SSH Communications founder, Tatu Ylönen about IoT device security. For those of you who don’t know, Tatu Ylönen is the inventor and original programmer of the SSH protocol. There’s absolutely no one in the world more qualified to speak on security than Tatu.
He single-handedly protected us all from plain text transmissions and essentially destroyed the old Telnet protocol for good. In this podcast, we discuss the importance of IoT security. IoT security has traditionally been ignored because the few devices that existed weren’t particularly vulnerable to hacking either because no one cared or no one had access to the hardware and software to do so. That’s no longer true. Everyone has access to exploitation tools and the time for focusing on a more secure IoT has arrived.
For IoT manufacturers, you should listen carefully to Tatu’s advice and insights. Some of these devices and networks carry high-value data, including possibly personal data and that needs to be protected.
Length: 14:43 minutes. Format: MP3. Rating: G for all audiences.
A special thanks to Tatu Ylönen and to the Nadel Phelan agency for connecting us.