I spoke with Exabeam‘s Chief Security Strategist, Steve Moore, about post-breach cleanup, specifically related to the healthcare industry. Steve and I discussed why the healthcare industry is a prime target for hackers, what steps to take after a breach, and some preventative steps. Post-breach cleanup can seem daunting and as we say in the podcast, “How do you know what’s clean?” The problem with breaches is that you don’t know what’s clean nor do you always know to what depth the breach has penetrated. I think it’s best to wipe a system clean and reimage it from scratch rather than trying to poke and prod your way through the maze of malware, backdoors, fake user accounts, and other persistent threats that remain after a breach. Opinions differ in this area but the peace of mind that comes with installing fresh is far more valuable and often less time-consuming that individually examining thousands of files, filesystems, and backups for elusive infections.
Length: 23:53 mins. Format: MP3. Rating: G for all audiences and venues.
Copyright 2018 The SecuritNOW Podcast Show. License: CC BY.
Ken “The Virus Doctor” Dwight and I sat down at SpiceWorld 2017 to discuss ransomware and other malware threats to you and your security. Ken Dwight has been in the cybersecurity business for as long as cybersecurity has been a thing and long before anyone coined the term, cybersecurity.
Ken also offers his book and a Virus Remediation class from his website. He has helped many companies recover from virus infestations, ransomware attacks, and various malware infections. He is a consultant, a speaker, and a practitioner in the dark art of virus killing.
It was a pleasure to speak with Mr. Dwight on camera at SpiceWorld 2017.
Copyright 2017 The SecurityNOW Show. License: CC BY.
Recurring guest Richard Henderson (Global Security Strategist for Absolute) and I discuss what we think are the greatest threats to security in 2018. We ponder ransomware, standard threats, cryptocurrencies, and other advanced persistent threats. Richard and I agree that 2018 will be another significant security threat year. One thing to note is that while attackers are more persistent, there are some threats that are actually waning such as certain types of ransomware, viruses, and malware that’s easily stopped by smarter browsers, host-based firewalls, and operating system security. That said, we don’t expect attacks to decrease in 2018.
As always, our podcasts are licensed CC BY and are rated G for all audiences and venues.
Length: 29:07 minutes. Format: MP3. Rating: G.
Please contact us for sponsorships, sponsored posts, and videocasts.
In this podcast, Preston, our guest John Michelsen, CPO of Zimperium, and I discuss mobile security and extrapolate what’s happening in that space to what’s happening, and about to happen, with IoT security. We touch on monitoring, general security, costs, and the bigger problem of security implementation on devices that until recently were used based on an “air of trust.”
April is our “Month of Preventing Surprises” and this podcast kicks off that topic for The SecurityNOW Show. How awkward would it be to move headlong into a large IoT implementation only to realize that someone has easily hacked your devices and siphoned off your data? Surprise!
Mobile security has come a long way in the past two years with the adoption of higher security measures from vendors and third parties, such as per-app VPN, two-factor authentication, and containerization. IoT vendors will have to step up and enable encryption, use multi-factor authentication, and wipe or brick devices that have been compromised or moved. The Internet of Things may very well be security’s biggest challenge yet, not only because of the sheer numbers of devices but also because of device diversity.
Preston, John, and I just touch the surface of these topics in this podcast but stay tuned for more from all three of us on IoT security.
Length: 20:45 minutes. Format: MP3. Rating: G for all audiences.
Preston and I had the pleasure of speaking with Infocyte founder Chris Gerritz about how companies can actually be hacked and not know it. It’s shocking to think that a company and its resources can be exposed for three, six, or more months and never have a clue. In fact, new reports tell us that your company probably has been hacked already, whether or not you have safeguards in place. Infocyte’s HUNT product searches for and finds malware infections.
Companies need to take the threat of compromise seriously. Anti-virus and anti-malware software isn’t enough nor is it always effective.
It’s clear that current real-time security processes are simply ineffective at detecting post-compromise activity, especially as time passes after the initial breach.
Infocyte HUNT approaches threat detection from a completely new perspective – by presuming endpoints are already compromised. It provides an easy-to-use, yet powerful solution to limit risk and manage the breach detection gap by enabling an organization’s own IT and security professionals to proactively discover malware and persistent threats, active or dormant, that have successfully evaded existing defenses and established a beachhead within the network.
Advanced persistent threats (APTs), hackers, malware, viruses, phishing schemes, and over-the-network hacks are a constant and a continuous threat. The only way to know if you’ve been hacked is with a thorough search for rootkits, Trojan horses, viruses, and other malware infections and signs of hacking.
In this 19 minute podcast, Chris Gerritz gives you an overview of the problem and his Infocyte HUNT product as a solution to finding threats on your network.
Length: 19:10 minutes. Format: MP3. Rating: G for all audiences.
Remember to stay secure.
Please retweet us and tell everyone you know about the SecurityNOW show. #SecurityNOW
Preston and I had the pleasure of speaking with Dana Simberkoff, Chief Compliance and Risk Officer at AvePoint. Dana, Preston, and I discuss the cybersecurity threats to voting polls and how voters can keep their own information safe.
Format: MP3. Length: 20:01 mins. Rating: G for all audiences.