Security Weekly Podcast Network (Audio)

Illuminating Data Blind Spots, Topic, Enterprise News - Tony Kelly - ESW #437

Listen Later
Interview Segment: Tony Kelly

Illuminating Data Blind Spots

As data sprawls across clouds and collaboration tools, shadow data and fragmented controls have become some of the biggest blind spots in enterprise security. In this segment, we’ll unpack how Data Security Posture Management (DSPM) helps organizations regain visibility and control over their most sensitive assets.

Our guest will break down how DSPM differs from adjacent technologies like DLP, CSPM, and DSP, and how it integrates into broader Zero Trust and cloud security strategies. We’ll also explore how compliance and regulatory pressures are shaping the next evolution of the DSPM market—and what security leaders should be doing now to prepare.

Segment Resources:

https://static.fortra.com/corporate/pdfs/brochure/fta-corp-fortra-dspm-br.pdf

This segment is sponsored by Fortra. Visit https://securityweekly.com/fortra to learn more about them!

Topic Segment: We've got passkeys, now what?

Over this year on this podcast, we've talked a lot about infostealers. Passkeys are a clear solution to implementing phishing and theft-resistant authentication, but what about all these infostealers stealing OAuth keys and refresh tokens? As long as session hijacking is as simple as moving a cookie from one machine to another, securing authentication seems like solving only half the problem. Locking the front door, but leaving a side door unlocked.

After doing some research, it appears that there has been some work on this front, including a few standards that have been introduced:

  1. DBSC (Device Bound Session Credentials) for browsers
  2. DPoP (Demonstrating Proof of Possession) for OAuth applications

We'll address a few key questions in this segment: 1. how do these new standards help stop token theft? 2. how broadly have they been adopted?

Segment Resources:

  • FIDO Alliance White Paper: DBSC/DPOP as Complementary Technologies to FIDO Authentication
News Segment

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw-437

...more
View all episodesView all episodes
Download on the App Store
Security Weekly Podcast Network (Audio)By Security Weekly Productions
  • 4.4
  • 4.4
  • 4.4
  • 4.4
  • 4.4

4.4

208 ratings

More shows like Security Weekly Podcast Network (Audio)

View all
Security Now (Audio) by TWiT

Security Now (Audio)

2,011 Listeners

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec by Jerry Bell and Andrew Kalat

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

373 Listeners

Risky Business by Patrick Gray

Risky Business

374 Listeners

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

655 Listeners

CyberWire Daily by N2K Networks

CyberWire Daily

1,023 Listeners

Smashing Security by Graham Cluley

Smashing Security

318 Listeners

Click Here by Recorded Future News

Click Here

418 Listeners

Darknet Diaries by Jack Rhysider

Darknet Diaries

8,041 Listeners

Cybersecurity Today by Jim Love

Cybersecurity Today

181 Listeners

Hacking Humans by N2K Networks

Hacking Humans

315 Listeners

CISO Series Podcast by David Spark, Mike Johnson, and Andy Ellis

CISO Series Podcast

189 Listeners

Defense in Depth by David Spark, Steve Zalewski, Geoff Belknap

Defense in Depth

74 Listeners

Cyber Security Headlines by CISO Series

Cyber Security Headlines

138 Listeners

Risky Bulletin by risky.biz

Risky Bulletin

44 Listeners

Hacker And The Fed by Chris Tarbell & Hector Monsegur

Hacker And The Fed

169 Listeners