Podcasts

Snake Oilers is a wholly sponsored podcast series we a few times a year here at Risky Biz HQ. The idea is we get a bunch of vendors together and they pitch their tech in a straightforward way. Less “stops advanced cyber threats” and more “here’s what our stuff does and how it works”.

You’re hearing this instead of a weekly show because I am currently on a beach somewhere tropical.

We’ve got two vendors in this edition of ‘Oilers: next-gen SIEM platform company Exabeam and email filtering giant Proofpoint.

Our sponsor guest from Proofpoint is Ryan Kalember. Ryan is the SVP of cybersecurity strategy at Proofpoint, and regular listeners would have heard him pop up here and there on other Risky Business podcasts.

Ryan knows an awful lot about email security and he’s joining us this week to talk about a few things. A big selling point he wants to hit home this week is that Proofpoint offers its clients dedicated IPs for their outbound mail servers. That means you won’t be blocked when someone else using the same IP for outbound mail starts sending spam. Believe it or not this is a thing that happens to users on other mail filtering platforms. From there Ryan spells out Proofpoint’s approach to combating credential phishing. Aaaaand we talk about other stuff too. We started off by talking about how some organisations are getting blocked because their filtering provider is sharing IPs between clients.

Exabeam also drops in to talk about what a next gen SIEM actually is. From day one Exabeam was a startup that meant business. As you’ll hear, they started off as a SIEM-helper, and they’ve gradually built out their product from there. Now they’re going after the established SIEM market – think Splunk, Arcsight, those types of products. Despite only being five years old, Exabeam has quickly established itself as a real player in the SIEM market.

And why not? They make a compelling argument that the most popular SIEM products have gone stale. Anu Yamanan is the VP of products at Exabeam and she’s here to explain the general pitch behind all next generation SIEM gear. The idea is to go beyond the event log and build a timeline of events that actually has context around it. SOC analysts, SIEM specialists and CSOs will be interested to hear what she has to say here.

On this week’s show we’re chatting with a PR pro who specialises in information security. Melanie Ensign currently works at Uber, but she also served as a security PR for Facebook and before that, AT&T. She drops in this week to talk about how you can work with the PR professionals in your organisation to help tell your security story to the wider world. She also has some great tips for infosec professionals who might be a bit nervous about dealing with journalists.

In this week’s sponsor interview we’re joined by Julian Fay, the CTO of Senetas.

Senetas has a long history of making layer 2 network encryptors, but they are branching out in all sorts of ways these days. One thing they’re doing now is working on approaches to network encryption that play nicely with software-defined WAN. The days of hauling all your network traffic back to a single choke point are numbered – Julian thinks in the near future you’ll have some sort of CPE device that actually implements different types of encryption on different types of traffic crossing your border. So, Senetas has actually built that gear and we’ll be hearing about why.

Adam Boileau joins the show to talk about the week’s security news:

• Some very cool LTE research
• Equifax manager charged with insider trading
• Ticketmaster’s bad week
• The US DoD’s very own app store
• Weird, maybe, possibly-but-probably-not OPM-related fraud
• MOAR Rowhammer stuff affecting ‘droid handsets

Links to everything are below, and you can follow Adam or Patrick on Twitter if that’s your thing.

No feature interview in this week’s show, we go long on news instead. Adam Boileau joins the podcast to talk through the week’s infosec news, including:

• Confusion reigns in David Sanger vs FireEye spat
• Reality Winner pleads guilty
• PEXA property settlement platform users fleeced
• US Supreme Court decides location info requires a warrant
• The Apple unlock bug that wasn’t

This week’s show is brought to you by Thinkst Canary. Thinkst’s very own Marco Slaviero joins us in this week’s sponsor segment to talk about how some vendors are derping out when it comes to creating needlessly complicated “deception platforms”.

Links to everything are below, and you can follow Adam or Patrick on Twitter if that’s your thing.

First up in this edition of Snake Oilers we speak with Rapid7. Listeners of the regular show would have heard me talk about their UserInsight software for years. That’s because I knew people who used it and they swore by it. UserInsight was user and entity behaviour analytics (UEBA) software that was massively ahead of its time. It was very good at spotting weird things happening on your network when it comes to dumped or compromised creds popping up in weird places.

Well, InsightIDR is basically where UserInsight wound up, and yeah, it’s morphed in to a product that’s half SIEM and half EDR.

Every Tom, Dick and Harriett seems to be offering EDR software these days, and every next-gen SIEM company is becoming more and more UEBA-centric, so what Rapid7 has created here is something in between. InsightIDR product manager Eric Sun will tell us all about it.

Next up we’ll hear the simplest pitch in this podcast, from Airlock Digital. They’re an Australian company that makes whitelisting software that’s actually useable. If your organisation has tried implementing whitelisting through Microsoft’s Applocker then you know how badly it sucks. These guys have created a simple but useable whitelisting solution.

I’ve been to the booth! I’ve seen the demo! Airlock Digital co-founder David Cottingham is our guest on their behalf. In addition to being a founder, David is also the author of the SANS course SEC480: which covers the ASD top 4 – number one on that list is whitelisting. He has experience in the federal government implementing whitelisting and after seeing just how badly other products suck, he and his mates founded Airlock Digital. So yeah, if you’re whitelist-curious or if you’re sick of dealing with Applocker, then you really, really should stick around for that one.

After that we’re checking in with Stephan Chenette of AttackIQ. They make attack simulation software, but in response to customer demand they’ve actually taken it to its logical extension - they’re now offering modules you can use to test your SOC staff, or, if you outsource, you can use these modules to test your MSSP. Throw some alerts at them and see what comes back – get scores for individual SOC operators. Hey, even if you ARE an MSSP you might want to use this software to see who to promote in your SOC. That’s interesting stuff.

On this week’s show we’re chatting with Alex Tilley. He’s with Secureworks in Australia these days, but before that he spent a big chunk of his career with the Australian Federal Police.

He did a presentation a few weeks back at the AusCERT conference all about what fraud crews are up to these days. He’ll be joining us to walk through how much damage West African crime groups are doing with compromised office 365 accounts. We also talk a bit about trends in money muling, because that game has really changed.

This week’s show is brought to you by Cylance, and in this week’s sponsor interview we’ll be chatting with Cylance’s very own Jim Walter about how ransomware hasn’t really gone anywhere, despite most of the tech press getting sick of writing about it.

Adam Boileau, as usual, joins us to talk about the week’s news, including:

• The Vault7 guy is totally screwed
• US Senate scuttles Trump’s plan to save ZTE
• Chinese pwning satellite comms, telcos
• Olympic Destroyer crew is back

Links to everything are below and you can follow Patrick and Adam on Twitter if that’s your thing.

You might have noticed North Korea’s been in the news over the last couple of days. Well, we’re sticking with the theme – we’ve got a great feature interview for you this week with Andrea Berger. She’s a senior research associate at the US-based James Martin Centre for Nonproliferation Studies and the co-host of the Arms Control Wonk podcast. This week she speaks with Risky Business contributor Hilary Louise about a report the centre did into North Korea’s IT industry.

Yep, they have one, and you’ll be surprised by its scope and reach. That’s this week’s feature interview.

This week’s sponsor interview is with Signal Sciences co-founder and CEO Andrew Peterson. Andrew was at a Gartner event in DC last week, and I grabbed some time with him to talk about what’s new in DevSecOps, how people are applying various DevSecOps tools, and what the general awareness of good DevSecOps practices is out there. Andrew’s prior career was in development, not security. He and Zane Lackey worked together at Etsy and Signal Sciences was very much inspired by the work they both did there. Andrew says analysts are starting to understand that web application security isn’t something you drop on to a network in an appliance and things are actually changing.

Mark “Pipes” Piper is this week’s news guest. All the show links are below and you can follow Patrick, Pipes or Hilary, if that floats your boat.

On this week’s show we chat with Peter Wesley. Peter’s well known around the Australian security scene, but a few years back he relocated to China, where security is booming. He did a presentation at the AusCERT conference on the Gold Coast last week all about the Chinese hacker scene and security industry. He joins us in this week’s feature interview to tell us about how the Chinese scene evolved and what its current relationship with the Chinese government looks like.

This week’s sponsor interview is a cracker. We’ll be joined by Ryan Kalember, Senior Vice President of Strategy with Proofpoint, the email filtering company. Ryan is along to talk about a phenomenon the Proofpointers are very interested in – we’ve all heard of VIPs, but he’s here to talk about VAPs – Very Attacked People.

So much attacker behaviour these days is driven by email-based attacks, and the people getting hit the most with this sort of stuff might not be the ones you expect. Ryan joins us later on for that conversation in this week’s sponsor interview, with thanks to Proofpoint.

The show notes/links are below, and you can follow Adam or Patrick on Twitter if that’s your thing.

On this week’s show we’ll be talking about a whole bunch of stuff – the FBI taking down a botnet in a very FBI way, we go deep on the Trisis malware popping up in the US following America’s withdrawal from the so-called Iran agreement. We look at the latest in the crypto debate, breaches, bugs and more!

We’ll hear from Tom Uren of Australia’s Strategic Policy Institute (ASPI) on the Trisis side of things. Tom worked in an interesting place in Australia’s defence department but these days spends his days think tanking for the Australian Strategic Policy Institute. He shares his thoughts on what it is Iran could be up to with Trisis.

This week’s show is brought to you by: Australia!

AustCYBER is a government-supported industry group here that is trying to get the Australian cybersecurity industry organised. There’s the VC-backed US model, the build a “cyber city” in the desert Israeli model, then there’s the Australia model, which is actually quite different. It’s much more about helping local startups win deals locally, then internationally, to get them on a path to profitability so they don’t have to sign the awful term sheets Australian VCs put in front of them.

Well, there’s more to it than that, but AustCYBER head honcho Michelle Price will be along in this week’s sponsor interview to walk us through what she’s trying to do for the Australian security industry and how foreign multinational companies can also benefit from that.

Soap Box is not our regular weekly show, it’s the monthly podcast here at Risky Biz HQ where vendors pay to come on to the show to talk about what it is they actually do.

Before EclecticIQ sponsored this edition, to be honest, I didn’t really know much about them. All I knew is that their positioning was very much around “threat intelligence,” which, as regular listeners would know, are two words that are usually followed by “derpa derpa” on the regular Risky Business podcast.

BUT! Here’s the thing. EclecticIQ don’t sell a “blinky light” box that receives a creaky feed of 12-month-old IOCs. They sell their solution to either massive organisations or very high risk organisations. They could be national cyber security centres, entire defence departments, very, very big enterprises; basically anyone that has an intelligence team and multiple constituent departments or agencies. They also play in ultra high risk sectors like defence contracting.

The EclecticIQ platform isn’t for small organisations. It really is for orgs that have dedicated, externally-focussed intelligence teams. Their play isn’t “we feed you threat intelligence,” it’s use our tooling to go get your own threat intelligence, develop a strategy for dealing with the resulting product then distributing the strategy that flows from that process out to the relevant people in your organisation. I like to think of this approach as “killing your own meat”. That’s what EclecticIQ is all about. They give you the shotgun and a map, the last known locations of the deer, a cool room and a bunch of cleavers. Delicious. Apologies to any vegetarians listening for that metaphor.

Joep Gommers is our guest. He is the founder and CEO of EclecticIQ. Prior to founding EclecticIQ, Joep served as Head of Global Collection and Global Intelligence Operations at iSIGHT Partners, which was, of course, acquired by FireEye. Joep joined me to talk about what it is that EclecticIQ actually does and the resulting conversation, I hope, will be interesting to anyone who wants to understand how Threat intelligence is developed and disseminated at scale.

There’s a link to EclecticIQ’s website below, and you can follow Joep Gommers on Twitter here.

In this week’s feature interview we’ll be chatting with Shubham Shah and his friend Lord Tuskington about continuous asset discovery’s impact on testing methodologies. Shubs has worked as both a pentester and as a very successful bug bounty hunter. In fact he’s built an entire asset discovery platform that he and his buddies have been using to rip crazy amounts of cash out of bounty programs over the last few years and he’s turning that platform into a product. So I wanted to talk to him about that, but I also wanted to get a pentester’s perspective on how this type of continuous asset discovery tech could change the testing industry.

This week’s show is brought to you by Exabeam, a next generation SIEM company! And it’s amazing how nicely this week’s feature and sponsor interviews dovetail actually, because Exabeam’s Steve Gailey will be along in this week’s sponsor interview to have a chat about how SIEM technology has changed much faster than SOC operations methodologies. Because basically everyone has structured their operations around three levels of response and the workflows are so ingrained, nobody seems to know know what to do with a next generation SIEM.

Adam Boileau is also along, like always, to talk about the week’s security news.

The show notes/news items are below, and you can follow Adam or Patrick on Twitter if that’s your thing.