DrZeroTrust
By Dr. Chase Cunningham
DrZeroTrustSep 20, 2021
Cyber GRC with Cypago
What is cyber GRC? Why do we need to concern ourselves with it? Can any business do this? How can a business achieve smart compliance? Does AI introduce risk to the process or benefit it? Lots of great stuff here with Cypago.
InfoBlox and Meerkats - What You Should Know
Meerkats are dangerous, I guess. Especially in DNS. Yeah, that Meerkat. Why should we know about this type of attack? How does China play in here? Where is the risk? Does this type of attack merit increased concern?
Xage and the future of ZTNA
Is the VPN a security technology? Should businesses still use that risky technology? How can an organization move off that old tech? Where do VPN's fit into Zero Trust? Xage Co-Founder gives some great insights here.
SafeliShare and safe LLM's
What is RAG and why does it apply to LLM's? Why should it be confidential? How does that work? Where can we do this? And what is the way forward for customers? SafeliShare's CEO shares some insights here. Check them out at RSA this week!
Weekly(ish) Cybersecurity and Zero Trust Market Analysis
A coach used a deepfake to frame one of his coworkers, signs of things to come? GPS is being messed with, should we worry and is it safe to fly? The White House released more requirements for the same stuff we already have requirements for? And does the United CEO's testimony hold water? Listen up!
Weekly(ish) Cybersecurity and Zero Trust Market Analysis
Mandiant says attacker dwell time is "going down" but how is that measured? Is that accurate? TIkTok finally get's the treatment it "deserves" with a proposed sale or ban, but is that going to make a difference? Another agency is created for cyber diplomacy, yeah (your tax dollars at work). And a known Russian cyber group attacks a town's water supply and floods nearby areas, doesn't that constitute some reciprocity?
Lumu AutoPilot
What is Lumu's AutoPilot? How can you use this? Why did they build it? Who is it for? Can you afford it? Lots of great insight in this one! Congrats to Lumu on a new, innovative offering! Meet them and learn more at RSA2024!
Weekly(ish) Cybersecurity and Zero Trust Market Analysis
Where does all our tax money go? Want to know about government waste, man this is nuts. How is the state of ransomware in the US, is it getting better? More on the Google Chrome incognito mode fiasco. And more on this episode!
Weekly(ish) Cybersecurity and Zero Trust Market Analysis
Should you worry about the FISA debate? Azure has internal passwords left exposed, whoops. Some reports on Zero Trust from big government, it's actually happening. Healthcare org is hit twice with ransomware, ouch. Mo' money in cyber, good thing or bad?
Weekly(ish) Cybersecurity and Zero Trust Market Analysis
Was Incognito mode from Google really "private"? Don't think so. What does the report from the fed say about Microsoft's issues with the China hack? Attacks are already bypassing "AI" solutions, shocker. More on the XZ Linux backdoor as well. Check out this episode and tell me what you think!
Weekly(ish) Cybersecurity and Zero Trust Market Analysis
Meta was caught with their hands in the trust cookie jar again. Nissan put out a notification of a breach. Citibank is refusing to pay for customers life savings that are stolen via cyber, ouch. CISA has more requirements for reporting on critical infrastructure hacks, but how bad is that problem? Those insights and more on this episode!
Weekly(ish) Cybersecurity and Zero Trust Market Analysis
How much money did Congress allocate for cyber? Was it enough and what agency got the lion's share? An Israeli nuclear facility has been hacked, that's no bueno. What does Talos tell us about Tiny Turla? A murder suspect gets released due to a cyber technicality, who is liable for that one? Those questions and more on this episode!
Weekly(ish) Cybersecurity and Zero Trust Market Analysis
The President and the White House have put out some new "requirements", do they actually matter? Are we seeing early attacks or testing going on as we run up to the election? WTF is Hugging Face and why should you know about them? How did the ransomware group BlackCat get into a mix about payments? And are companies complying with the new SEC rules? Can they even do so? Those thoughts and more on this one!
Weekly(ish) Cybersecurity and Zero Trust Market Analysis
POTUS has a TikTok account, why? Isn't that a problem (we just had congressional briefings on that exact issue.) How do we think about FUD in our marketing for cyber, and why should or shouldn't we use the data that we have in our GTM? There is a fundamental DNSSEC flaw in the internet, is it getting patched? And more on this one!
Weekly(ish) Cybersecurity and Zero Trust Market Analysis
Is the new AI leader the right choice for that role? How do we keep China out out of our critical infrastructure when it's so hackable? Who got deepfaked for 25 million dollars? And how does a cyber trade school help us address the shortfalls of human capital in our space?
Weekly(ish) Cybersecurity and Zero Trust Market Analysis
What happened when the social media CEO's went to congress? Should we be impressed? Is monitoring your kids social a good thing? If Taylor Swift isn't safe from deepfake attacks is anyone? Is there legislation that can help with deepfakes, or is it all fluff? Should you pay attention to the adversaries posting 3k comments about using GPT's for hacking? And more rhetorical questions on this one!
Weekly(ish) Cybersecurity and Zero Trust Market Analysis
Oh boy the ZScaler super ZT AI powered SD-WAN SASE blah blah. Wow. Some good research from Forescout on what you should prioritize from the attacker perspective. Key findings from 2023 that show us what the adversaries are focusing on. And the MOAB (Mother of All Breaches), should we be concerned. Enjoy this one.
Weekly(ish) Cybersecurity and Zero Trust Market Analysis
OpenAI removes it's ban on their products being used by the military and DoD, should we care? What do I think? The WEF says Zero Trust is needed, ok cool, so what? Google has issues with cookies and Oauth. IBM says the "Quantum Apocalypse" is coming, should you build your bunker yet? Those and more on this one!
A chat with Chris Steffen
Chris and I cover all kinds of items in this one. Why should we care that there is a ZT certification now from the Cloud Security Alliance? Is that a good thing? What about other certifications? Why is the industry still doing the same stuff and nothing changes? Do the big players muscle out the little guys to the detriment of us all? Those and more on this one!
Weekly(ish) Cybersecurity and Zero Trust Market Analysis
23andme tells us it's our fault they got pwnd. Yeah. Wickr is done, but why? ZeroFox won a big award, but what does that mean for the US government and identity? Some budget facts for 2024 thinking in cybersecurity. Another company refuses to pay their ransomware bounty, good or bad? Mandiant's X account got hacked and used for a crypto scam, lol.
Weekly(ish) Cybersecurity and Zero Trust Market Analysis
Is it time to finally deal with the China cyber threat? Has the back and forth with Ukraine and Russia shown what the future of cyberwarfare looks like? What does the Qualys report about vulnerabilities teach us about #notsuckingatpatching? SSH is in big trouble, what do we do, and how big is the problem? Almost Christmas y'all!
Weekly(ish) Cybersecurity and Zero Trust Market Analysis
What new things did I learn about the 23andme breach? Why are they changing their terms of service? Is a cyber Pearl Harbor a real thing, or should we think differently about the current state of attacks? Is reducing headcount for cyber a good idea, or even possible? How bad is Google data security? Those questions, comments, and more on this episode!
Weekly(ish) Cybersecurity and Zero Trust Market Analysis
What's up with the Okta fallout? What does Uber's former CISO say about the SEC and dealing with a hack? How hard is it to find a hackable water control system when the problem with it is published in the news? Do companies really use "ai" to write fake articles? Are you paying for it? Those points and more on this episode!
A chat with the Alludo CEO
How does a CEO of a tech company view security? How does she run a company that is totally remote? What does her relationship with her CISO look like? What should I tell my daughters about being a woman in tech based on her experience? And more on this one!
Weekly(ish) Cybersecurity and Zero Trust Market Analysis
Solarwinds fires back at the SEC! It's about to go down! Trustwave has some great insight on hacking medical devices, don't be tempted! The Okta breakdown of what happened and when. Github releases some "AI" to help with security "left of boom." And more on this episode!
Weekly(ish) Cybersecurity and Zero Trust Market Analysis
What statute is the SEC using to go after the CISO at Solarwinds and why should we worry about it? Or should we? What is a keyword search warrant and does that threaten our privacy and legal system? What is a .tk and why is that island chain the "global home of cybercrime?" The White House has another task force meeting on ransomware but it's just getting worse, why? Those points and more on this episode!
Weekly(ish) Cybersecurity and Zero Trust Market Analysis
Meta is in trouble for creating an addictive application for kids, but what does that say about us as parents? How do we solve that problem (it's simple). Flashpoint has some great data on threats, you should check it out. What about the insider threats and the NSA, Alaska Airlines, and others? How do we fix that problem? And Recorded Future analysts have found valid links between Iranian threat actors, Russia, and the Israeli conflict, wow! Check this one out!
Battlefield Cyber Book Conversation
You gotta listen to this one. Some hard hitting topics are discussed. What is China up to with their cyber ops? Is Russian playing in the field during the Israel conflict? Where do we go from here at the national level? Are we already losing the super power race via cyber?
Weekly(ish) Cybersecurity and Zero Trust Market Analysis
Home cybersecurity insurance? What's that all about. Some great research from Google on talking to the board about cybersecurity. Microsoft Defender "auto-secures" machines now. How viable is that? Some points on the conflict currently ongoing and cyberwarfare as well.
Weekly(ish) Cybersecurity and Zero Trust Market Analysis
What's the scariest sound you can hear in the middle of the night? It's not what you think. Microsoft and Bing have some "splaining" to do as their system is helping generate images of SpongeBob and other cartoons attack the World Trade Center. WithSecure has some really solid insights on the tactics and tools that bad guys use. Cisco Talos found that QakBot is back, shocker. And how will AI and deepfakes affect elections, ask Slovakia. Those points and more on this episode!
Weekly(ish) Cybersecurity and Zero Trust Market Analysis
How does a CEO of a unicorn company view cybersecurity? How does the board of such a company look at the risks of cyber threats? Does insurance make sense for those leaders? What about the big acquisition in recent days, does that affect the overall market? Those questions and more on this episode!
WTF is CNAPP and How Does It Apply to ZT
Rick Moy and I discuss ZT and the cloud. How developers can and should look at security (it's not how you think). Dealing with ethereal assets, 5G and a whole bunch of other great issues in this episode!
Weekly(ish) Cybersecurity and Zero Trust Market Analysis
Should executives ever be exempt from security standards and practices, the answer rhymes with bell no. MGM got his with ransomware via a third party and some social engineering, but they spend hundreds of millions on security. So what should we learn from that? CISA wants to offer free scans for utilities, is that a good or bad thing? Congress wants to legislate around deepfakes for elections, how will that work? And a major university was found to be fudging their self certification for compliance, whoops! Those and more on this one!
Surf Security and RBI
What is Surf's new RBI extension? How does this fit with Zero Trust strategically? Why is RBI now a "thing" in security? Is this just for enterprises or all businesses? How hard is it to configure this thing? What about third parties and developers, does this help them be more secure? Those questions and more on this one!
Weekly(ish) Cybersecurity and Zero Trust Market Analysis
Data from Blackberry points to the same methods of exploitation, shocker. Some recent revelations from the National Security Agency and #china threat. Additionally, more insights on some of the flaws in our #compliance and #regulatory #cyber spaces. SeeTickets gets hacked, again. What's up with that Dallas City hack? Those and more on this episode!
Weekly(ish) Cybersecurity and Zero Trust Market Analysis
Cyberpsychology and the hacker mindset, what should we think? Malwarebytes and their funding and layoffs, what does that indicate about the market? AI and LLM's aren't people, stop treating them like they are from MIT. Compliance does not equal security, say what? Phishing as a service get smarter according to Microsoft. The FBI "brought down" a massive botnet, they'll never come back right? And a very suspect claim from a vendor on their "response time". All that and more on this one!
Weekly(ish) Cybersecurity and Zero Trust Market Analysis
Thoughts on the recent RNC candidate debate where cybersecurity never came up, super. China is using Linkedin to recruit spies, how can you know when you are targeted? Trustwave published new research on BEC hacks, what do we get from that research? Two guys are arrested for laundering money via crypto, is that a treasonous act? MAC's get some new malware, hurray! Ransomware group deletes a providers entire customer base's data, whoops! Those and more on this one!
Weekly(ish) Cybersecurity and Zero Trust Market Analysis
How to defend from a "Zero Day" attack that is "not in any anti-virus" engine. Proxy wars from AT&T. Interesting data from Flashpoint on the underground market. Is CISA really enforcing effective controls if they rely on training? Irish police department have a data breach that might lead to terrorist targeting, yikes! And rethinking the terminology and understanding around cyberwar! Those points and more on this episode!
Weekly(ish) Cybersecurity and Zero Trust Market Analysis
Insider threats are a real thing, do you have the tools to detect malicious intent before it becomes a threat? How do we know if behavior equals threat? More data on ransomware and the insurance market. Companies selling insurance are considering "ratings" for premiums. Halcyon identifies "new" threat groups, or is the same one with a new fancy name? The new cyber workforce plan, good or bad? Those questions and more on this episode.
Weekly(ish) Cybersecurity and Zero Trust analysis
Does the Veterans Affairs Administration really do all it can for Veterans? I have a tale to tell about this one folks. Sophos released a report on the current state of ransomware for education, it's not encouraging. Ivanti has a bug that should be patched for mobile security customers. The FBI used a FISA database improperly, interesting. Cofense has some new data on phishing as a threat, guess what it's still a thing. And some thoughts on the 4 day rule from the SEC for disclosure of breach activity.
Weekly(ish) Cybersecurity and Zero Trust Analysis
SECOPs teams have faith in the their tools, but question if they will "miss" something? What? Administration releases plan for IoT security and labeling, how will it work? Top10 predictions for 2023 and security. That Zero Trust thing is still in there I hope. The upcoming election and the explosion of AI are already going bonkers, what is next? Those questions and more insights on this episode!
Weekly(ish) Cyber News and ZT Analysis
An AI girlfriend talked a kid into trying to kill the Queen of England with a crossbow, yeah. Fortinet vulnerability, how bad is it and are we patching fast enough? What is the number one avenue of exploit for cloud? Hint, it rhymes with bumans. Japan's largest port is under ransomware attack, uh oh. What CEO's really think about their security teams from the World Economic Forum, and more on this episode!
Weekly(ish) Cyber and ZT News Analysis
An event in NYC with BeyondIdentity made me sad for the state of the market, why? What happened with the Supreme Court and the 1st amendment via cyberstalking, huh? "Never before seen hacking tactics" from Chinese APT says Crowdstrike, you sure about that? A church brings "AI" to preach, did they just impact religion? Those points, some hard hitting questions and more on this episode!
Cytwist and their unique method for security analytics and threat hunting!
Is it possible to take a different approach to threat detection and do better? Why are endpoint security solutions missing the threats that we buy them to detect? Is a counter-terrorism method applicable to threat hunting? How does malware evade allow listing in some instances? What gaps in coverage are we seeing from methodologies for threat intelligence? Those questions and more on this episode!
Weekly(ish) Cyber and ZT News Analysis
Samsung is dealing with an insider threat that tried to copy their entire chip manufacturing plant, wow! CISA issued a "binding" directive for ZT, but how binding is it really? The top 10 from the Verizon DBIR, what does that tell us about the space? Another Presidential candidate uses a deepfake to target their adversaries, should we worry? A mother deals with a deepfake voice attack where her daughter is "kidnapped", does this bode well for our collective future if criminals are vectoring in on this type of attack? 99% of organizations expect an identity related compromise this year, jeez (#killthepassword already). Those points and more on this one!
Weekly(ish) Cyber and ZT News Analysis.
NSA released a guide on securing remote access, cool so what should we learn from it? ILTA has produced a study about law firms and their cybersecurity practices. Are they prepared for the threats they face? Deepfakes are showing up on TikTok with stories from dead kids asking for followers (seriously). Lumu published a blog on how MSSP's can adapt to better server their customers. What should we know about that? Forbes published an article about the "most cybersecure companies" in the USA, that's a great idea right? Those points and more on this episode!
Weekly(ish) Cyber and ZT News Analysis
Youtube flagged my content for PII violations, but what did I do to get put in the penalty box? CISO's plan on investing more for cybersecurity over the next few years, new research from Nuspire indicates the growing spending trend. Mitiga has found some configuration issues with Gdrive and Gsuite, what should businesses know to defend themselves? Armorblox says brand impersonation is increasing, how much of a threat is this type of attack? Gigabyte hardware and firmware has been found to be shipped with embedded back doors, uh oh. The IDSA has produced some new research on the status of iam and strategy, what can we learn from that? And G2 has unbiased reviews on security tooling and solutions, what can you learn from visiting that site. Those points and more on this episode!
Crowdsec and collective security conversation
Ever wanted to learn the difference between a Lama and an Alapaca, we talk about that here. Weird but interesting. Crowdsec discusses their approach to changing the way we handle malicious IP's and domains. Their approach to Zero Trust as part of a global network is innovative. We chat about how open source solutions can help businesses of all sizes better defend themselves. Some discussion on collective threat intelligence, and conversations about sharing information to dynamically defend the network.
DrZeroTrust Podcast for 5/24/2023
Should we be concerned that our leaders (and former leaders) are posting deepfakes onto social media? What can we learn from the Uber case and the final decision by the lawmakers? What did the general counsel do in that case, what about the CEO? How should we plan for a ransomware attack? Can we learn from the lessons that a CISO has been through and be better prepared (hint: yes). When is the best time to learn when to fight, before the event or during? And was I wrong about my thoughts on executive punishment for breaches, probably...
Weekly(ish) Cyber and ZT News Analysis 5/3/2023
Are K-12 organizations and universities prepared for the onslaught of cyber threats? How long does it take me to find a vulnerable school district, it ain't long? An appeals court has upheld Merck's claim in the the NotPetya case. What does that mean for cyber insurance, and why does this make me so happy? Iran is moving quickly into the realm of influence operations, are they mirroring the Russian operations and how will this affect the upcoming election cycle? ChatGPT had a breach issue, how much of a threat or problem is this? Should we have expected anything less? Phishing is getting worse, statistically speaking, but how is this possible with all of the training we get? Is there a technical alternative that works? Those questions and more on this episode!