7 Minute Security22 Huhti 2021

7MS #464: Interview with Christopher Fielder of Arctic Wolf

Today our friend Christopher Fielder of Arctic Wolf joins us on the show again (check out his first appearance in episode #444 - this time to talk about the security journey, and how to start out in your "security diapers" and mature towards a stronger infosec program. Specifically, we talk about:

When the company has one person in charge of IT/security, how can you start taking security seriously without burning this person out? First, it's probably a good idea to take note of what you have as far as people, tools and technology to help you meet your security goals.
Early in this process, you should inventory what you have (see CIS controls) so you know what you need to protect. A few tools to help you get started:
- Nmap
- Rumble
- LanSweeper
- Witnessme
As you go about any phase of your security journey, don't ever think "I'm good, I'm secure!"
Quarterly/yearly vulnerability scans just won't cut it in today's threat landscape - especially your external network. Consider scanning it nightly to catch show-stoppers like Hafnium early)
Limiting administrative privileges is SUPER important - but don't take our word for it, check out this report from Beyond Trust for some important stats like "...enforcing least privilege and removing admin rights eliminates 56% of critical Microsoft vulnerabilities."
Install LAPS, because if an attacker gets local admin access everywhere, that's in many ways just as good as Domain Admin!
Train your users on relevant security topics. Then train them again. Then....again. And after that? Again.
There are many ways to conduct tabletop exercises. They don't have to be crazy technical. Start with the internal tech teams, practice some scenarios and get everybody loosened up. Then add the executives to those meetings so that everybody is more at ease.
How do you know when it's time to ask for help from an outside security resource?
Not sure what kind of shape your company's security posture is in? Check out Arctic Wolf's free security maturity assessment.

Tämä jakso on lisätty Podme-palveluun avoimen RSS-syötteen kautta eikä se ole Podmen omaa tuotantoa. Siksi jakso saattaa sisältää mainontaa.

Jaksot(722)

7MS #377: DIY Pentest Dropbox Tips

Today's episode is brought to you by ITProTV. It's never too late to start a new career in IT or move up the ladder, and ITProTV has you covered - from CompTIA and Cisco to EC-Council and VMWare. Get ...

16 Elo 201928min

7MS #376: Tales of SQL Injection Pwnage

12 Elo 201938min

7MS #375: Tales of Pentest Fail #3

I swear this program isn't turning into the Dr. Phil show, but I have to say that sharing tales of fail is extremely therapeutic for me, and based on your comments, it sounds like many of you feel the...

2 Elo 201940min

7MS #374: Tales of Internal Pentest Pwnage - Part 6

SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent...

24 Heinä 20191h 12min

7MS #373: Tales of Pentest Fail #2

19 Heinä 201934min

7MS #372: Tales of Internal Pentest Pwnage - Part 5

15 Heinä 201943min

7MS #371: Tales of Internal Pentest Pwnage - Part 4

12 Heinä 201944min

7MS #370: Happy Secure 4th!

Hey folks, happy secure 4th o' July! In today's seven minute episode (Wha? Gasp! Yep...it's seven minutes!) I kick back a bit, give you some updates and tease/prepare you for some cool full episodes t...

3 Heinä 20197min