Podcasts

Experience Matters for Security Startups – Venture Capital Series Part 1

The level of venture capital financing has hit new heights with increasing investments in information security. Some venture capitalists (VCs) specialize in finding and funding startups in security, which is a unique segment within technology.

What does this mean for security startups? And how does an investor’s perspective impact Chief Information Security Officers?

In part one of a three-part series, Security Current’s Vic Wheatman speaks with Robert Ackerman, founder and managing director of Allegis Capital about the current state of VC funding and the burgeoning security field.

Operational Effectiveness of Security Analytics with Anton Chuvakin

How effective are Security Analytics tools and how do you compare their operational effectiveness?

After spending months researching this subject, Gartner’s Dr. Anton Chuvakin says the long and short is that they just don’t know how well the tools work as there isn’t much data on the operational effectiveness of security analytics.

He points out that for analytics tools, many of the vendors have just 5-10 customers that have some data but it isn’t enough. He tells Security Current’s Vic Wheatman that a lot of stuff is very anecdotal and we only hear the success stories. So, he says it is hard to say, which type of a tool, model and statistics are working well. Listen to hear what you should do.

DataStealth from Datex, Inc. – Transforming Sensitive Information Securely

It no longer is if an intruder will gain access to your network, it is just a matter of when they will gain access.

Cybersecurity company Datex, Inc. says employees will make mistakes, user credentials will be compromised, data theft will happen and compliance mandates will not be met.

DataStealth services addresses these and other issues by inspecting network traffic, extracting sensitive information and substituting spurious data for the original information, transforming that information into secure and usable fragments to allow applications to securely do their jobs.

In this sponsored podcast with Security Current’s Vic Wheatman, Ross Morley of Datex, Inc. describes how the service works, its benefits and provides real-world use cases.

Cloud SIEM Doesn’t Really Exist – Yet

SIEM stands for Security Information and Event Management.

SIEM is continuing to grow in usage, but where does it stand in terms of cloud deployments and what is its cloud-based marketshare?

Gartner’s Dr. Anton Chuvakin challenges the idea that one can compute market share for “Cloud SIEM” products because they actually don’t quite exist, yet.

While he acknowledges that there are some “almost” SaaS (Software as a Service) SIEM products and services, true cloud-based SIEM solutions are not available.

In conversation with Security Current’s Vic Wheatman Dr. Chuvakin provides a taxonomy for SIEM and describes the reasons for the definitional differences.

Using User Behavior Intelligence To Identify Account Takeovers

Massive database breaches have resulted in millions of user identification and authentication profiles being compromised. Identifying unauthorized attempts to access systems or accounts is a basic requirement for financial institutions, etailers, retailers, healthcare providers and other enterprises.

Knowing the difference between employee and attacker behavior is key to avoiding security alert fatigue and requiring scarce resources to parse the good from the bad access attempts.

Further, collecting information about rogue takeovers for forensic purposes is a good idea. Security Current’s Vic Wheatman speaks on these issues and others with Mark Seward, Vice President of Marketing for Exabeam in this sponsored podcast.

Changing User Behavior Through Security Education

With experts citing employees being compromised by attackers as a primary cause of security breaches, many enterprises are seeking new training methods.

Spun out of Carnegie Mellon University, Wombat Security takes what it says is a different approach that applies learning science principles. Gone are traditional classrooms and videos, replaced by an interactive more engaging approach based on research on how people best learn new things.

In this sponsored podcast, Security Current’s Vic Wheatman speaks with Joe Ferrara, President and CEO of Wombat Security about how his company’s training programs are improving the security posture of today’s enterprises.

Overcoming Silos Between Security and Privacy

For organizations to achieve maximum privacy and security the two need to go hand-in-hand but unfortunately they are often siloed within organizations. So how are organizations evolving to incorporate privacy, risk and compliance to address information security requirements?

Finding the balance between holding what may be sensitive information about individuals and partners among others with regulations and laws protecting that information has become critical.

Security Current’s Vic Wheatman speaks with internationally-acclaimed, Professor Daniel Solove of the George Washington Law School, and CEO and Founder of training company TeachPrivacy about these issues and a groundbreaking conference being held in October 2015 that bridges the silos between privacy and security.

Gartner’s Anton Chuvakin on the Failure of Security Policies

Many security policies are aspirations, doomed to fail because they are unrealistic. Not only can they be unachievable, but may in fact encourage people to disregard policies because, after all, “we can’t really do that.”

Further, enterprises may not be able to collect on cyber insurance policy payouts because they didn’t meet their own, internal standards. These and other issues surrounding information security policies are discussed in this conversation between Security Current’s Vic Wheatman and Gartner’s Dr. Anton Chuvakin.

Augmenting the Past with Network Forensics

Most “new” security technologies use functions and features developed years ago. Network Forensics applies machine learning, automating detection functions via machine-based analytics to decode and visualize relevant metadata.

Accordingly, Network Forensics represents an evolutionary trend in security. Who is providing these tools and capabilities? Gartner Research Director Lawrence Pingree answers the questions in this interview with Security Current’s Vic Wheatman.

A CISO’s Deep Thoughts

In this interview with an information security officer who prefers to remain anonymous we discuss the definitions of security intelligence, what it takes to be a CISO and the toughest part about heading up security at an enterprise.

He also discusses how network complexity grows as new systems are built on top of existing infrastructure leading to potential problems. The interview, conducted by Security Current’s Vic Wheatman, was recorded at the RSA Conference.