For security folks, Active Directory is often a proverbial thorn in the paw. It presents an unusual security challenge in that compromise means the potential disruption and unavailability of an organization’s entire electronic and possibly physical infrastructure. Business can grind to a halt.

Firms are outsourcing more and more, but the one thing they can’t outsource is responsibility. The motivation of malicious hackers has moved beyond notoriety and a quick buck to obstruction of business, reputational damage, and infrastructure/resource theft – all of which has forced a reset in how management and boards approach risk.

Pretend for a moment that you are crushing it on Sunset Blvd. on one of those electric scooters that are all over the place in Los Angeles. You're minding your own business, enjoying yet another sunny day, going wherever you want to go, and nobody needs to know about it. Right? Wrong. The Los Angeles Department of Transportation (LADOT) is on the scene. Apparently, they really want to know what you're up to—or at least what your scooter is up to. There’s more to this story though.

In this podcast I’m joined by Larry Link & Shreyans Mehta from Cequence, a silicon valley startup who is applying real-time network analysis, machine learning, threat intelligence, and behavioral analytics to accurately detect and mitigate bot attacks without affecting legitimate user traffic.

During RSA Conference 2019 in San Francisco, Sean Martin stops by the Edgescan booth to chat with the company’s co-founders, Eoin Keary, and Rahim Jina. The conversation was driven mainly by their latest vulnerability stats report which was just released.

Once upon a time, security for computers was a physical key to access the machine in the room. Soon, however, we had to authenticate the user to access what was on the machine, not just the machine itself, so we started with passwords. This wasn’t much of an issue until computers got connected to the Internet and we needed to manage multiple accounts to access multiple things.

Imagine if you were told that your organization must demonstrably adopt a cybersecurity framework and show compliance in order to secure new business or, perhaps more frustratingly, retain a contract you’ve already won. Scary stuff.

Imagine leveraging the infrastructure you already have to protect you from unknown threats. Sound far-fetched? Perhaps, but Juniper Networks’ Samantha Madrid makes a compelling case for how this can be accomplished.

Only 3% of security attacks leverage technical weakness, while the remaining 97% are driven by exploiting people. Lucy Security enables organizations to take on the role of an attacker and uncover existing gaps in both technical infrastructure and staff knowledge and eliminate them through a comprehensive e-learning program. Employee responses to daily hazards like phishing are both monitored, as well as taught so that employees more accurately recognize threats and respond appropriately.

Today’s topic looks at the life of a hacker and the challenges they face from both a liability and legal perspective. We also look at how organizations deal with the research activities they encounter from both cybercriminals and ethical hackers alike.