Sign up to save your podcasts
Or
Share Stopping 0day Exploits Doesn't Require AI or Superhuman Speed - Rob Allen - ESW #386
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Stopping 0day Exploits Doesn't Require AI or Superhuman Speed - Rob Allen - ESW #386
When focused on cybersecurity through a vulnerability management lens, it's tempting to see the problem as a race between exploit development and patching speed. This is a false narrative, however. While there are hundreds of thousands of vulnerabilities, each requiring unique exploits, the number of post-exploit actions is finite. Small, even.
Although Log4j was seemingly ubiquitous and easy to exploit, we discovered the Log4Shell attack wasn't particularly useful when organizations had strong outbound filters in place.
Today, we'll discuss an often overlooked advantage defenders have: mitigating controls like traffic filtering and application control that can prevent a wide range of attack techniques.
This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them!
Show Notes: https://securityweekly.com/esw-386
View all episodes
By Security Weekly Productions
4.7
33 ratings
When focused on cybersecurity through a vulnerability management lens, it's tempting to see the problem as a race between exploit development and patching speed. This is a false narrative, however. While there are hundreds of thousands of vulnerabilities, each requiring unique exploits, the number of post-exploit actions is finite. Small, even.
Although Log4j was seemingly ubiquitous and easy to exploit, we discovered the Log4Shell attack wasn't particularly useful when organizations had strong outbound filters in place.
Today, we'll discuss an often overlooked advantage defenders have: mitigating controls like traffic filtering and application control that can prevent a wide range of attack techniques.
This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them!
Show Notes: https://securityweekly.com/esw-386
More shows like Enterprise Security Weekly (Video)
View all
Risky Business
365 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
626 Listeners
Grumpy Old Geeks
6,020 Listeners
Hacked
176 Listeners
CyberWire Daily
1,009 Listeners
Paul's Security Weekly (Audio)
16 Listeners
Smashing Security
312 Listeners
Darknet Diaries
7,879 Listeners
Cybersecurity Today
166 Listeners
CISO Series Podcast
189 Listeners
![Talkin' About [Infosec] News, Powered by Black Hills Information Security by Black Hills Information Security](https://podcast-api-images.s3.amazonaws.com/corona/show/516141/logo_300x300.jpeg){kind=logo}
Talkin' About [Infosec] News, Powered by Black Hills Information Security
91 Listeners
Defense in Depth
74 Listeners
Paul's Security Weekly (Video)
2 Listeners
Cloud Security Podcast
58 Listeners
Cyber Security Headlines
127 Listeners