Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Honeytokens or Canary tokens are decoy credentials that alert you when an intruder or hacker is trying to use them. This will alert you to their existence in your infrastructure! They are easy early warning systems. Here is a quick video explanation.

This week on the podcast, we cover two new publications out of CISA. First, we dive into CISA's guidance to manufacturers and customers on products that are secure-by-design and secure-by-default. Next, we discuss CISA's latest Zero Trust Maturity Model which any organization can use to gauge how far along they are on the ZTA path and where the should focus their efforts next. Finally, we end wit some research from Blaze Information Security on a series of vulnerabilities in a play-to-earn blockchain game.

Speakers: AJ Nurcombe (Corelight), Brandon Dunlop (ISC2) Threat hunting is a challenge to get right, with many potential pitfalls. There are twenty different definitions for threat hunting and ten different ways to do it. Organisations vary from having zero presence in their threat hunting program to multiple full-time hunters, but unfortunately, they often miss many critical pieces. This webinar will cover the common oversights that organisations fall foul of as well as emphasising the importance of network evidence in your threat hunting framework.

CrowdStrike Zero Trust Assessment (CrowdStrike ZTA) provides customers the ability to assess their endpoint security posture, allowing AWS Verified Access to provide conditional access to resources that comply with their organization’s device posture policies.

A few weeks ago, we had the pleasure of exchanging with Ezequiel Rabinovich, Lemontech's CTO, about how his teams use GitGuardian to protect their repositories. Lemontech is a company developing software for the legal industry based in Santiago, Chile. It serves more than 1,300 customers in Latin America. Ezequiel supervises a team of about 30 developers and 4 DevOps engineers for approximately 150 employees. They use GitHub for source control management, and their organization has 350 repos, 130 of which are active.

“I see Cato SASE as a tool for digital transformation promotion. We can use it to reorganize our entire security portfolio, reduce costs, and bring out the best in our students, professors, and administrators. Being able to work productively and securely anywhere gives a great boost to all our digital transformation initiatives.” - Hitoshi Kusunoki, Information Planning Department, Waseda University.

In our first partner spotlight episode we interview Bryon Blohm from PwC to learn about their Leader Insights offering which combines rich Tanium data with analytics for "at the ready" executive reporting.