Sign up to save your podcasts
Or
Share Snake Oilers 6 part 1: InsightIDR from Rapid7, whitelisting with Airlock Digital and testing your SOC personnel with AttackIQ
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Snake Oilers 6 part 1: InsightIDR from Rapid7, whitelisting with Airlock Digital and testing your SOC personnel with AttackIQ
First up in this edition of Snake Oilers we speak with Rapid7. Listeners of the regular show would have heard me talk about their UserInsight software for years. Thatâs because I knew people who used it and they swore by it. UserInsight was user and entity behaviour analytics (UEBA) software that was massively ahead of its time. It was very good at spotting weird things happening on your network when it comes to dumped or compromised creds popping up in weird places.
Well, InsightIDR is basically where UserInsight wound up, and yeah, itâs morphed in to a product thatâs half SIEM and half EDR.
Every Tom, Dick and Harriett seems to be offering EDR software these days, and every next-gen SIEM company is becoming more and more UEBA-centric, so what Rapid7 has created here is something in between. InsightIDR product manager Eric Sun will tell us all about it.
Next up weâll hear the simplest pitch in this podcast, from Airlock Digital. Theyâre an Australian company that makes whitelisting software thatâs actually useable. If your organisation has tried implementing whitelisting through Microsoftâs Applocker then you know how badly it sucks. These guys have created a simple but useable whitelisting solution.
Iâve been to the booth! Iâve seen the demo! Airlock Digital co-founder David Cottingham is our guest on their behalf. In addition to being a founder, David is also the author of the SANS course SEC480: which covers the ASD top 4 â number one on that list is whitelisting. He has experience in the federal government implementing whitelisting and after seeing just how badly other products suck, he and his mates founded Airlock Digital. So yeah, if youâre whitelist-curious or if youâre sick of dealing with Applocker, then you really, really should stick around for that one.
After that weâre checking in with Stephan Chenette of AttackIQ. They make attack simulation software, but in response to customer demand theyâve actually taken it to its logical extension - theyâre now offering modules you can use to test your SOC staff, or, if you outsource, you can use these modules to test your MSSP. Throw some alerts at them and see what comes back â get scores for individual SOC operators. Hey, even if you ARE an MSSP you might want to use this software to see who to promote in your SOC. Thatâs interesting stuff.
View all episodes
By Patrick Gray
4.6
352352 ratings
First up in this edition of Snake Oilers we speak with Rapid7. Listeners of the regular show would have heard me talk about their UserInsight software for years. Thatâs because I knew people who used it and they swore by it. UserInsight was user and entity behaviour analytics (UEBA) software that was massively ahead of its time. It was very good at spotting weird things happening on your network when it comes to dumped or compromised creds popping up in weird places.
Well, InsightIDR is basically where UserInsight wound up, and yeah, itâs morphed in to a product thatâs half SIEM and half EDR.
Every Tom, Dick and Harriett seems to be offering EDR software these days, and every next-gen SIEM company is becoming more and more UEBA-centric, so what Rapid7 has created here is something in between. InsightIDR product manager Eric Sun will tell us all about it.
Next up weâll hear the simplest pitch in this podcast, from Airlock Digital. Theyâre an Australian company that makes whitelisting software thatâs actually useable. If your organisation has tried implementing whitelisting through Microsoftâs Applocker then you know how badly it sucks. These guys have created a simple but useable whitelisting solution.
Iâve been to the booth! Iâve seen the demo! Airlock Digital co-founder David Cottingham is our guest on their behalf. In addition to being a founder, David is also the author of the SANS course SEC480: which covers the ASD top 4 â number one on that list is whitelisting. He has experience in the federal government implementing whitelisting and after seeing just how badly other products suck, he and his mates founded Airlock Digital. So yeah, if youâre whitelist-curious or if youâre sick of dealing with Applocker, then you really, really should stick around for that one.
After that weâre checking in with Stephan Chenette of AttackIQ. They make attack simulation software, but in response to customer demand theyâve actually taken it to its logical extension - theyâre now offering modules you can use to test your SOC staff, or, if you outsource, you can use these modules to test your MSSP. Throw some alerts at them and see what comes back â get scores for individual SOC operators. Hey, even if you ARE an MSSP you might want to use this software to see who to promote in your SOC. Thatâs interesting stuff.
More shows like Risky Business
View all
Security Now (Audio)
1,962 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
633 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
372 Listeners
Hacked
175 Listeners
CyberWire Daily
1,007 Listeners
Smashing Security
314 Listeners
Click Here
390 Listeners
Malicious Life
926 Listeners
Darknet Diaries
7,803 Listeners
Cybersecurity Today
141 Listeners
CISO Series Podcast
189 Listeners
Hacking Humans
312 Listeners
Defense in Depth
75 Listeners
Cyber Security Headlines
120 Listeners
Risky Bulletin
33 Listeners