Created with Sketch.
Security Intelligence Podcast
26 minutes | 7 months ago
Developing a Cloud Security Strategy
“Every cloud conversation should be also a security conversation,” says Anna Van Wassenaer, Cloud Business Development Leader, Europe, for IBM Security Services. Abhijit Chakravorty, Partner & Cloud Security Competency Leader for IBM Security, joins Van Wassenaer for a conversation about why cloud strategy should go hand-in-hand with a security strategy. The conversation covers the cloud threat landscape; balancing CISO, CIO and developer objectives for cloud migration; and advice on where to start when developing a cloud security strategy. For more on cloud security, visit the SecurityIntelligence blog: https://securityintelligence.com/category/cloud-protection/
32 minutes | 9 months ago
Training with Chaos Engineering
"The idea of chaos engineering is essentially to help test resilience before an accident happens," says Itzik Kotler, co-founder and CTO of SafeBreach. Kotler joins Matthew Dobbs, Chief Integration Architect for the IBM Security Command Center, for a conversation about the value of testing systems and people through "dynamic but controlled chaos." They discuss training for the shifting adversary landscape and TTPs, who benefits from chaos engineering training, and what makes for a good simulation experience. Read more about chaos engineering on the Security Intelligence blog: https://securityintelligence.com/posts/chaos-engineering-security-simulation-exercises-dynamic-threat-environments/
24 minutes | 9 months ago
Time Is (Still) Money and Other Findings from the 2020 Cost of a Data Breach Report
What are the top findings from the Cost of a Data Breach Report 2020? Charles DeBeck, a cyber threat intelligence expert with IBM X‑Force IRIS, talks about what drives costs higher for some organizations. "We observed a growing divide between organizations that were well prepared and organizations that weren't," DeBeck says. DeBeck covers more highlights from the report, including top root causes such as cloud misconfiguration and compromised credentials. He also shares what the study found were the most successful security measures for mitigating costs: security automation and incident response readiness. View highlights and download the report: https://www.ibm.com/security/digital-assets/cost-data-breach-report/
15 minutes | 10 months ago
Security Highlights from IBM Think Digital 2020
The threat landscape has changed as a result of the global pandemic. What does that mean for organizations and their employees? How can leaders "manage through chaos" successfully? Hosts Pam Cobb and David Moulton reflect on these questions by drawing on insights from speakers at IBM Think Digital 2020. See the full sessions referenced in the episode: Address New Cybersecurity Risks - https://www.ibm.com/events/think/watch/replay/126550847/ Detect & Respond to Accelerating Threats - https://www.ibm.com/events/think/watch/replay/126499081/ Virtually Extend Your Security Team and Quickly Add Expertise - https://www.ibm.com/events/think/watch/replay/126497278/
27 minutes | 10 months ago
Contextualizing Zero Trust
As digital transformation accelerates, so does the importance of verification. "I think it's become more important right now to ensure the right person has access to the right data and apps at the right time under the right circumstances," says Aarti Borkar, Vice President, OM, for IBM Security. "And to me that's Zero Trust." Borkar returns to the podcast to explore the connection between verification, context and successful applications of Zero Trust — or in other words, "Never trust, always verify." The conversation covers why the demands of remote work call for a Zero Trust philosophy; how Zero Trust goes hand in hand with innovation; and who on the leadership team can help apply context plus verification to an organization's security strategy. Read the full episode transcript on the SecurityIntelligence blog: https://securityintelligence.com/media/contextualizing-zero-trust/
18 minutes | a year ago
Recent Activity from ITG16, a North Korean Threat Group
"APT groups jump at the chance to take advantage of people's emotions," says Ryan Castillo, an analyst on the threat hunt and discovery team within IBM X‑Force IRIS. One such advanced persistent threat (APT) group has recently been detected mining the "treasure trove of COVID-19 lures" activated by overall uncertainty and misinformation in the face of the global pandemic. Castillo and Joshua Chung, a strategic cyber intel analyst for IBM X-Force IRIS, join the hosts to discuss recent activity from ITG16, a North Korean government state‑sponsored threat group. The conversation covers the threat group's targets and tactics and how they anticipate ITG16 to evolve their operations in the future. Read the full episode transcript on the SecurityIntelligence blog: https://securityintelligence.com/media/recent-activity-from-itg16-a-north-korean-threat-group/
35 minutes | a year ago
Verify To Simplify: Demystifying Zero Trust
Nearly a decade ago, Forrester championed the concept of "Zero Trust." Fast forward to today, and the industry is seeing a confluence of technology and strategy that has pushed Zero Trust from the theoretical realm into the practical. In brief terms, Zero Trust boils down to "never trust, always verify." Forrester analyst Chase Cunningham joins the podcast to dig into the depths behind that definition, including how the concept evolved, why the journey towards Zero Trust needs to begin with devices and users, why organizations benefit from a simplified security portfolio and how to coach the next generation on identity best practices. Plus, Pam and David discuss their resolutions for the new year and consider a line of security merch. For more security stories, visit SecurityIntelligence.com or follow IBM Security on Twitter and LinkedIn. Read the full episode transcript: https://ibm.biz/BdqRFU
32 minutes | 2 years ago
Ransomware and Operating Under Maximum Pressure
Recovering from a ransomware attack isn't like paying your electric bill; there's no guarantee that the lights suddenly come back on. How, then, should organizations like municipalities and hospitals plan to remediate in the case of a ransomware attack — or better yet, take preventative security measures? Matthew DeFir and Robert Gates, both members of the IBM X-Force IRIS team, share their advice on how organizations can prevent ransomware attacks. They discuss why attackers choose moments when they can apply maximum pressure, the importance of backing up systems, insights into taxpayers' views on ransomware, and why organizations should not pay the ransom. Plus, Pam and David discuss how ransomware has impacted the cities they live in. For more security stories, visit SecurityIntelligence.com or follow IBM Security on Twitter and LinkedIn.
35 minutes | 2 years ago
Cloud Security and the Road to Transformation
Cloud is not the ultimate destination; it's the path to an end goal. "The idea of cloud is to get you a modern architecture," says Vikram Chhabra, who leads product management for IBM Security Services with a focus on cloud and infrastructure security. "The destination is transformation to help you innovate and drive modern experiences for your end customers." Chhabra identifies multiple challenges as CISOs steer their businesses down this path to a modern architecture: talent, cloud controls, centralized strategy, compliance. Security — beginning with automation — can act as an enabler in light of these challenges. Chhabra chats with David about types of cloud models, who the CISO should partner with on cloud migration, and how to manage threats and prove continuous compliance in a cloud environment. Plus, Pam and David discuss their opinions on pineapple pizza (it's relevant, promise). For more security stories, visit SecurityIntelligence.com or follow IBM Security on Twitter and LinkedIn.
35 minutes | 2 years ago
Reducing Third Party Risk
"We, as CISOs, and as risk management practitioners, and as risk executives, have to be aware that a risk rating vendor isn't the entire answer to our risk posture," says Shamla Naidoo, a Managing Partner at IBM Security who was most recently the global CISO for IBM. "It is a part of the answer, not the entire answer." Naidoo joins David to discuss taking a 360 degree view of third party risk. They explore why risk rating reports are the beginning of risk management but not the end; why trust and transparency is critical in relationships among all parties; and the value in taking an objective approach to testing risk postures. For more security stories, visit SecurityIntelligence.com or follow IBM Security on Twitter and LinkedIn.
30 minutes | 2 years ago
Development Agility and Open Source Vulnerability Prioritization
"Open source is increasingly being acknowledged as an indispensable means for promoting and driving innovation," says Rami Elron, Senior Director of Product Management at WhiteSource. But at the same time, there's been a proliferation in open source security vulnerabilities. Elron attributes the phenomenon to both increased adoption of open source and increased attention following publicized data breaches. He joins David to discuss the challenges in prioritizing open source vulnerabilities, the importance of agile DevSecOps practices, and approaches to dealing effectively with the growing number of open source security vulnerabilities. For more security stories, visit SecurityIntelligence.com or follow IBM Security on Twitter and LinkedIn.
Terms of Service
Do Not Sell My Personal Information
© Stitcher 2021