Artwork

Contenuto fornito da Chris Parker. Tutti i contenuti dei podcast, inclusi episodi, grafica e descrizioni dei podcast, vengono caricati e forniti direttamente da Chris Parker o dal partner della piattaforma podcast. Se ritieni che qualcuno stia utilizzando la tua opera protetta da copyright senza la tua autorizzazione, puoi seguire la procedura descritta qui https://it.player.fm/legal.
Player FM - App Podcast
Vai offline con l'app Player FM !

Threat Emulation with Andrew Costis

45:38
 
Condividi
 

Manage episode 439322069 series 2774802
Contenuto fornito da Chris Parker. Tutti i contenuti dei podcast, inclusi episodi, grafica e descrizioni dei podcast, vengono caricati e forniti direttamente da Chris Parker o dal partner della piattaforma podcast. Se ritieni che qualcuno stia utilizzando la tua opera protetta da copyright senza la tua autorizzazione, puoi seguire la procedura descritta qui https://it.player.fm/legal.

Security risks are dynamic. Projects, employees, change, tools, and configurations are modified. Many companies utilize PEN testers on an annual basis, but as quickly as systems are revised, you may need to implement threat emulation for regular monitoring.

Today’s guest is Andrew Costis. Andrew is the Chapter Lead of the Adversary Research Team at Attack IQ. He has over 22 years of professional industry experience and previously worked in the Threat Analysis Unit Team at Firmware, Carbon Black, and Logrhythm Labs, performing security research, reverse engineering malware, and tracking and discovering new campaigns and threats. Andrew has delivered various talks at DefCon, Adversary Village, Black Hat, B Side, Cyber Risk Alliance, Security Weekly, IT Pro, Bright Talk, SE Magazine, and others.

Show Notes:
  • [1:14] - Andrew shares his background and what he currently does in his career at Attack IQ.
  • [3:49] - At the time of this recording, there has been a major global security panic.
  • [6:06] - There are many programs that we use on a regular basis that we don’t always consider the security of.
  • [8:09] - Historically, companies would pay for an external pen test. Andrew describes the purpose of this and how they usually went.
  • [9:33] - Pen tests and threat emulation do not need to be limited to just once a year.
  • [10:45] - Andrew’s team is in the business of testing post-breached systems. But they preach prevention.
  • [11:55] - Attackers are lazy in the sense that they will reuse the same strategies over and over again.
  • [14:13] - Many programs we use may be caught in the crosshairs of attacks and vulnerabilities in other companies.
  • [16:41] - Andrew discusses the frequency of really critical CVEs.
  • [19:01] - What do attackers go after when they’ve breached a system?
  • [21:04] - The priority for attackers is to get in quickly and make the victim’s data unavailable.
  • [22:24] - A lot of people are under the impression of vulnerability testers. “Fire and forget it” is not a beneficial mindset.
  • [24:56] - If we run every test, the amount of data will be overwhelming.
  • [27:03] - In his experience, there has been client testing that has been overwhelmingly easy to breach.
  • [29:07] - There are also organizations that have done a fantastic job. However, vulnerabilities will still be found.
  • [30:18] - The red team is not going to be able to cover your entire organization.
  • [32:15] - Threat emulation and pen testing are technically the same thing. Andrew explains how she sees the difference.
  • [33:50] - How are vulnerabilities and tests prioritized?
  • [36:19] - Andrew describes the things his team works on and their objectives for customers and clients.
  • [38:34] - The outage at the time of this recording had a big impact. It gave a really good idea of what could happen if it were a real security breach.
  • [41:37] - There are a ton of free resources out there. The primary resource at Attack IQ is the free Attack IQ Academy.

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.

Links and Resources:
  continue reading

245 episodi

Artwork

Threat Emulation with Andrew Costis

Easy Prey

57 subscribers

published

iconCondividi
 
Manage episode 439322069 series 2774802
Contenuto fornito da Chris Parker. Tutti i contenuti dei podcast, inclusi episodi, grafica e descrizioni dei podcast, vengono caricati e forniti direttamente da Chris Parker o dal partner della piattaforma podcast. Se ritieni che qualcuno stia utilizzando la tua opera protetta da copyright senza la tua autorizzazione, puoi seguire la procedura descritta qui https://it.player.fm/legal.

Security risks are dynamic. Projects, employees, change, tools, and configurations are modified. Many companies utilize PEN testers on an annual basis, but as quickly as systems are revised, you may need to implement threat emulation for regular monitoring.

Today’s guest is Andrew Costis. Andrew is the Chapter Lead of the Adversary Research Team at Attack IQ. He has over 22 years of professional industry experience and previously worked in the Threat Analysis Unit Team at Firmware, Carbon Black, and Logrhythm Labs, performing security research, reverse engineering malware, and tracking and discovering new campaigns and threats. Andrew has delivered various talks at DefCon, Adversary Village, Black Hat, B Side, Cyber Risk Alliance, Security Weekly, IT Pro, Bright Talk, SE Magazine, and others.

Show Notes:
  • [1:14] - Andrew shares his background and what he currently does in his career at Attack IQ.
  • [3:49] - At the time of this recording, there has been a major global security panic.
  • [6:06] - There are many programs that we use on a regular basis that we don’t always consider the security of.
  • [8:09] - Historically, companies would pay for an external pen test. Andrew describes the purpose of this and how they usually went.
  • [9:33] - Pen tests and threat emulation do not need to be limited to just once a year.
  • [10:45] - Andrew’s team is in the business of testing post-breached systems. But they preach prevention.
  • [11:55] - Attackers are lazy in the sense that they will reuse the same strategies over and over again.
  • [14:13] - Many programs we use may be caught in the crosshairs of attacks and vulnerabilities in other companies.
  • [16:41] - Andrew discusses the frequency of really critical CVEs.
  • [19:01] - What do attackers go after when they’ve breached a system?
  • [21:04] - The priority for attackers is to get in quickly and make the victim’s data unavailable.
  • [22:24] - A lot of people are under the impression of vulnerability testers. “Fire and forget it” is not a beneficial mindset.
  • [24:56] - If we run every test, the amount of data will be overwhelming.
  • [27:03] - In his experience, there has been client testing that has been overwhelmingly easy to breach.
  • [29:07] - There are also organizations that have done a fantastic job. However, vulnerabilities will still be found.
  • [30:18] - The red team is not going to be able to cover your entire organization.
  • [32:15] - Threat emulation and pen testing are technically the same thing. Andrew explains how she sees the difference.
  • [33:50] - How are vulnerabilities and tests prioritized?
  • [36:19] - Andrew describes the things his team works on and their objectives for customers and clients.
  • [38:34] - The outage at the time of this recording had a big impact. It gave a really good idea of what could happen if it were a real security breach.
  • [41:37] - There are a ton of free resources out there. The primary resource at Attack IQ is the free Attack IQ Academy.

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.

Links and Resources:
  continue reading

245 episodi

Tutti gli episodi

×
 
Loading …

Benvenuto su Player FM!

Player FM ricerca sul web podcast di alta qualità che tu possa goderti adesso. È la migliore app di podcast e funziona su Android, iPhone e web. Registrati per sincronizzare le iscrizioni su tutti i tuoi dispositivi.

 

Guida rapida