Page 1

introduction paragraph compare and contrast essays 05 14

planning portal paper form help text 05 03

lookup function in report builder 08 21


evolution writers cut help 05 04

reportagem especial jornal da globo 05 09


evolution writers of pen as a writing tool 05 03

reporting a stolen car registration 05 17

reconstruction in the south essay topics 05 11



i 84 accident report idaho 05 12

evolution writers stuck in printer hp photosmart 05 05

writing a scientific paper introduction 05 04

needa the fearless movie review 05 08

biology evolution writers 6 may june 2018 mark scheme 05 03 2


infamous evolution writers trail part two walkthrough 05 04

english paper 2 tips leaving cert 05 03


paper jam help 05 03

infamous paper trail part 1 favorite recreational sport 05 03

ofda cred reported disasters 05 12

paper mario thousand year door help center guide 05 03



white boy dancing behind reporter amharic 05 12

nevrona rave reports download yahoo 05 09

ira wagler nightmare essay typer 05 13

my favorite country america essay 08 19

ib english hl evolution writers 1 guide 05 04


oblivion movie review plugged in online 05 13


essay on corruption in pakistan pdf 05 02



ioannis yannas phd thesis 05 17


looking for case study due soon 05 10


3 paragraph narrative essay outline 05 02

joining report letter for lecturer 05 13

apa research evolution writers headings and subheadings 05 05

how to write apa style evolution writers for college 05 04

the evolution writers of medical research writing from 1735 to 2018 05 04



apa style evolution writers research sample 05 03

New York School of Interior Design ​today's determined attackers easily bypass even the most advanced network defenses trying to ramp up staff to detect their backdoors can cost thousands of dollars and take months even years with active countermeasures AI hunter we enable junior analysts to detect even the most advanced backdoors in a matter of hours sign up for a demo and purchase our product today by visiting active countermeasures com /e SW active countermeasures make every analyst a hunter the greatest threat to businesses today isn't the outsider trying to get in it's the people you trust the ones who already have the keys your employees your contractors and privileged users sixty percent of online attacks are carried out by insiders to stop these insider threats you need to see what users are doing before an incident occurs observe it combats insider threats by detecting risk activity investigating in minutes effectively responding in stopping data lost give it a test drive at observe it calm forward-slash security weekly skeleton keys Golden Tickets forged packs DC sync DC Shadow the Active Directory attack surface is expanding faster than admins can keep up with securing your environment begins with implementing least privileged administrative models but does not end there many organizations send Active Directory syslog events to a sim platform however logs are noisy of limited scope in our time consuming to review and act upon after directory is secure when it's clean understood configured properly monitored closely and controlled tightly stealth bits technologies provide solutions that monitor secure and detect the latest threats against Active Directory visit them today at stealth bits comm to learn more are you looking for high performance data storage that's easy to use yet secure enough for the Department of Defense look no further rack top systems gives business software-defined data storage complete with embedded compliance security and data encryption don't let cyber threats regulatory demands or the complexity and growth of your data overwhelm your business rack tops high performance data management platform gives you the tools you need to address the most demanding data challenges think beyond storage to learn more visit rap top systems comm welcome back everyone to enterprise security weekly John strand and Chris Breton are here with me on the lines via Skype to talk about what with little news we let's start with something that I like oh but first an announcement make sure you go to security weekly comm four slash on demand the state of penetration testing the state of endpoint security are both there for you to go consume register for and consume so make sure you check that out myself John strand Michael sent Arcangelo collaborated on those various webcasts and they are there to understand where we are today the marketplace with those technologies and hear from some of our sponsors on their point of view of that problem I want to start with one of the few things I liked in the stories this week and that came from synopsis whose product Coverity talked about this approach that I really like and that is basically and I've heard this described before so I'm not quite sure it's a new feature but essentially if a developer gets notified that there's a vulnerability in their code this could be a static analysis tool maybe I may be a dynamic tool however that vulnerability is discovered there is then also accompanied without a training module that they can go learn about that particular vulnerability and then go fix the problem and I really liked this approach I think this is really how developers learn it doesn't require that they like not write code because as as Chris can in John can both attest to right you want developers writing code that's that's the goal right if they have to stop and go to training for a week to learn to learn stuff like that's good but they're not necessarily writing code when they're training so if you can do it in smaller increments I also think that's a better learning experience I rolled this vulnerability and I don't understand why it was a vulnerability I can go watch this training module and then and then go fix it and hopefully adjust my processes so I'm not reintroducing that vulnerability as I write more code what do you guys think yeah I this this sound this is one of those things that sounds like a fantastic idea you're like this is brilliant this is exactly its point you make a mistake we saw your the problem give you the solution the reality of this in Chris I'd like to get your impression of this as well sands for years has been trying to do secure development secure coding classes and they're a nightmare to teach I taught one 10-15 years ago and it doesn't matter what you're talking about you're like hey you shouldn't be using get ass or gets whatever you want to call it and you will always have someone in the class that disagrees with you and everybody has their own coding background everyone learned in college that this is the right way to do it or they learned it from somebody else this is the way to do it and they always disagree and they try to find ways around the problem all of the time so while training I think is great I'm a huge fan of it it's just one of those things where coding is almost like language and English writing if there's a lot of subjectivity to it and it just creates these huge fights so I think it's a fantastic idea I just see just total up arm up and arms developers arguing with every little point in this training so I

think it depends upon what you're using for a development process if you're still Waterfall based yeah you're gonna get a lot of pushback because a developer who worked on code three months ago never ever wants to touch that again I hope so back you know preferably within 15 minutes more likely it's going to be within about 12 hours it has value there the other reason I like the idea is because a lot of times if it's a let's say you've got a security person who went in and did a pen test and they found this vulnerability they know what the vulnerability is they know how to exploit it they don't necessarily know how to fix it in the code so now you've got a pen tester that knows the problems there but doesn't know how to fix it and you have a developer that's in the same boat to have some information to fall back on that could be really useful what would make this idea even better from my perspective is not only give them training give them unit testing you know in other words show them how to fix it yeah show them how to fix their code and then show them how to write a test to make sure that never breaks again that way you not only fix it this time you fix it every time going forward in Keith's know that now we're talking about this on application security weekly and it's uh there's an acronym for it but basically the suggestion is that you write the the test first before you go fix the code so you write the test for that condition yeah you test it in your code and you're like yep it's definitely finding it so my test is valid now I'm gonna go fix it and then I have the test to make sure that it's fixed and then I put that test in my automated test suite continuous integration testing and then it just continually tests for that yeah it's um if that's relevant yeah you can do a little bit with that it's hard to catch the security stuff typically what you end up doing is you write it you write a test that says it's gonna fail in its current state but once I implement the feature the way it's supposed to be now what goes through and passes you're not going to necessarily catch anything performance based or security based that way usually those come in when you go through and you start refactoring your code so let's talk about Splunk agrees to acquire Victor ops now this was one where I started reading the thing and I'm like oh my god like I'm reading things like increasingly turning towards artificial intelligence and machine learning to help them with critical customer experience in it just yeah so basically spunk bought this company called Victor ops as a whole what do they do you go to Victor ops website and I like this so much better they're great on their front page we make on-call suck less love it like you to die now I'm now I'm starting to get like what you do right and they talk about on-call management plus automated escalations plus centralized system information as three points that their messaging on um I call that that makes a whole lot more sense and it's a much more refreshing take on some of the marketing messages that that we see and basically they Neville DevOps teams to speed resolution and learn from past actions to make proactive recommendations that I also get and I like that too so though that was pretty cool I'm not quite sure how the marrying of the two between like house Blanc is playing in this like DevOps monitoring kind of role but I thought it was an interesting acquisition sounds like a ops center play yeah they're they're trying to be a more complete solution for any operation center yeah probably to compete with ServiceNow and other similar kind of solutions right so a ten Network's announces the ingress controller have no idea what they're talking about here it's automatically provision application delivery configuration policies and ties directly into the container lifecycle to automatically update application delivery configuration with the dynamism of a kubernetes environment I was like wow that is some interesting use of the English language what it really mean it sounds provocative I get especially dynamicism that was that was a good one is that even a word I don't think we could just be dynamic oh come on it's marketing does it matter if it's really a word this is true you know you know it's been a while Paul since we've really just tore into like these marketing write-ups you know we used to I think it was almost every single show I realized that we're spending 75% of our time and asking what is this garbage you haven't had one that bad in a while uh-oh so with device authority announces key scalar so this sounds like an IOT security play and it sounds like some of the trends we've been seeing where they're trying to provide IOT security to the provider level and I think this is primarily targeted at ISPs that want to maybe manage their customers routers although it could extend out into if you're a product company people are purchasing your IOT device and you want to manage those I'm seeing a lot more attraction in this space versus the enterprise space which is hey you've got a lot of IOT stuff on your network will help you identify and manage that so there's definitely two kind of newer spaces that are emerging in this area then I think have two very different goals I think it's great if we can hit it from the provider front but I think also enterprises need a solution as well do you think this is because providers are getting more and more concerned about liability if they can't actually push updates and patch and take care of security issues yes I absolutely think that's in you know I in terms of going after the device manufacturers themselves we've seen the FTC take some actions against those companies but I also think yeah it's a liability thing you know with ISPs and their customers so what else do we have in the news there was a lot of performance like network performance monitoring base stuff and again I think that's because Cisco lives conference was this week so riverbed made a product announcement that really looked like an IT operations performance monitoring thing managed engine also made an announcement about enhanced IT operations they talked

about hybrid IT but they really didn't define what hybrid IT really means which was kind of disappointing and net Scout talked about smart data but also didn't talk about like what what smart data was dumb data I was really hoping you would know what that was I I yeah I know I don't I'm sorry I don't know how your data I think it's what you do with the data that could be smart or maybe not so smart it matters more so it's I think it's data wrapped in XML shoved into a JSON message and you know thrown down a VPN pipe I don't know I'm just gonna throw words together like they are and hope it makes sense sounds great to fit also made some announcements on automating capabilities with our orchestration suite still look to me very much focused on the firewall aspect of it which is kind of interesting although they did announce support for firepower did I say that right yep yeah for firepower as well which is some of the complaints i've seen with some of these firewall management and orchestration suites is the ability to support some of those new capabilities that so called next-gen you know firewall providers or making available being able to keep pace with that technology so that was kind of interesting the one i want to talk about a little bit is ServiceNow has announced a new conversational bot and we've seen then there's both operations and security you know kind of released this thing where you interact with the product via this artificially intelligent bot that can provide you with with answers I don't know if I'm just like to traditional of a security person to really latch on to this idea I do understand that it can speak to the problem we spoke about earlier in the show where the people who aren't or junior level security people are not in the security group need to interact with the security solutions and maybe they do that through this conversational bomb although I guess I'm basing that on experiences I've had trying to talk to bots that pop up on people's websites and ask me if I have any questions is this a valid solution to interact with with various security products I think if you're a slow typer I think for most of us have been at this for a while I can input information in the keyboard faster than I can actually speak it and smoothly speak it clearly that something is going to be able to interpret what I say so I think for some folks may be helpful for a lot of us probably not I think it's gonna be the future one way or the other it's just not here yet no I completely agree so that was really it for the news there really was not much that news this week to really write home about to be to be quite honest with you unless unless you guys had anything no I got nothing else yeah same here awesome well thank you Chris thank you John for appearing on this episode of enterprise security weekly thank you everyone for listening and watching we'll see you next time CUNY School of Public Health.