Sign up to save your podcasts
Or
Share You Down with ATP? Yeah, You Know Me
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
You Down with ATP? Yeah, You Know Me
Jesse Trucks is the Minister of Magic at Splunk, where he consults on security and compliance program designs and develops Splunk architectures for security use cases, among other things. He brings more than 20 years of experience in tech to this role, having previously worked as director of security and compliance at Peak Hosting, a staff member at freenode, a cybersecurity engineer at Oak Ridge National Laboratory, and a systems engineer at D.E. Shaw Research, among several other positions. Of course, Jesse is also the host of Meanwhile in Security, the podcast about better cloud security you’re about to listen to.
Show Notes:
Links:
- ABT1 Report: https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf
- Securing Your Cloud Transformation Journey: https://onwireco.com/2021/06/08/securing-your-cloud-transformation-journey/
- TeamTNT Strikes Again: A Wake-Up Call to Start Securing Cloud Entitlements: https://securityboulevard.com/2021/06/teamtnt-strikes-again-a-wake-up-call-to-start-securing-cloud-entitlements/
- Secure Access Trade-offs for DevSecOps Teams: https://beta.darkreading.com/vulnerabilities-threats/secure-access-trade-offs-for-devsecops-teams?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple
- Cyber Gangs: Who are they in 2021 and what do they Want?: https://securityintelligence.com/articles/cyber-crime-gangs-who-are-they-today/
- Required MFA is not Sufficient for Strong Security: A Report: https://www.darkreading.com/cloud/required-mfa-is-not-sufficient-for-strong-security-report/d/d-id/1341263
- With Cloud, CDO and CISO Concerns are Equally Important: https://www.itsecuritynews.info/with-cloud-cdo-and-ciso-concerns-are-equally-important/
- Colonial Pipeline CEO: Ransomware Attack Started via Pilfered ‘Legacy’ VPN Account: https://beta.darkreading.com/attacks-breaches/colonial-pipeline-ceo-ransomware-attack-started-via-pilfered-legacy-vpn-account
- Cloud Security: Why Being Intentional in Encryption Matters: https://securityintelligence.com/articles/cloud-security-intentional-encryption/
- CSPM explained: Filling the gaps in cloud security: https://www.csoonline.com/article/3620049/cspm-explained-filling-the-gaps-in-cloud-security.html
- Five worthy reads: Confidential computing–the way forward in cloud security: https://securityboulevard.com/2021/06/five-worthy-reads-confidential-computing-the-way-forward-in-cloud-security/
- Data Protection in the K-12 Cloud: https://securityboulevard.com/2021/06/data-protection-in-the-k-12-cloud/
- Cybersecurity Executive Order 2021: What it Means for Cloud and SaaS Security: https://thehackernews.com/2021/06/cybersecurity-executive-order-2021-what.html
- Hackers Can Exploit Samsung Pre-Installed Apps to Spy On Users: https://thehackernews.com/2021/06/hackers-can-exploit-samsung-pre.html
- Top 10 security items to improve in your AWS account: https://aws.amazon.com/blogs/security/top-10-security-items-to-improve-in-your-aws-account/
Transcript
Jesse: Welcome to Meanwhile in Security where I, your host Jesse Trucks, guides you to better security in the cloud.
Announcer: Are you building cloud applications with a distributed team? Check out Teleport, an open-source identity-aware access proxy for cloud resources. Teleport provides secure access for anything running somewhere behind NAT SSH servers, Kubernetes clusters, internal web apps, and databases. Teleport gives engineers superpowers. Get access to everything via single sign-on with multi-factor authentication, list and see all SSH servers, Kubernetes clusters, or databases available to you, and get instant access to them using tools you already have. Teleport ensures best security practices like role-based access, preventing data exfiltration, providing visibility, and ensuring compliance. And best of all, Teleport doesn’t get in the way. Download Teleport at goteleport.com. That’s goteleport.com.
Jesse: Us security people and the general news media like talking about APT this and APT that however, like most things with cybersecurity, the term isn’t even explained. The term is Advanced Persistent Threat—or APT—and it came from Kevin Mandia, founder of Mandiant, a security company, in the famous ABT1 Report as it’s called, released in early 2013, is a fascinating read. Well, maybe some of us love reading these things.
There’s a lot of hype around APTs and what it all means. An APT is essentially a well-funded hacking group, usually with nation-state backing. This means some government is funding and/or training and otherwise supporting the efforts of what amounts to a criminal enterprise attacking assets. Most of us shouldn’t care much about APTs though, as long as we secure our cloud accounts and use properly configured multi-factor authentication, or MFA.
Meanwhile, in the news. Securing Your Cloud Transformation Journey. Plan, build, run, repeat. Plan, build, run, repeat. It’s so simple, however, the details are complex and varied at every one of these stages to reduce the possibility of something catastrophic happening.
TeamTNT Strikes Again: A Wake-Up Call to Start Securing Cloud Entitlements. If you don’t secure your IAM credentials for cloud services, the keys to your kingdom will be shared about by nefarious actors. I’ve recently pointed out that this ABT group, the TeamTNT, was harvesting easy-to-obtain credentials. I love a chance to hammer on basic protocols a...
View all episodes
By Jesse Trucks
3.7
33 ratings
Jesse Trucks is the Minister of Magic at Splunk, where he consults on security and compliance program designs and develops Splunk architectures for security use cases, among other things. He brings more than 20 years of experience in tech to this role, having previously worked as director of security and compliance at Peak Hosting, a staff member at freenode, a cybersecurity engineer at Oak Ridge National Laboratory, and a systems engineer at D.E. Shaw Research, among several other positions. Of course, Jesse is also the host of Meanwhile in Security, the podcast about better cloud security you’re about to listen to.
Show Notes:
Links:
- ABT1 Report: https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf
- Securing Your Cloud Transformation Journey: https://onwireco.com/2021/06/08/securing-your-cloud-transformation-journey/
- TeamTNT Strikes Again: A Wake-Up Call to Start Securing Cloud Entitlements: https://securityboulevard.com/2021/06/teamtnt-strikes-again-a-wake-up-call-to-start-securing-cloud-entitlements/
- Secure Access Trade-offs for DevSecOps Teams: https://beta.darkreading.com/vulnerabilities-threats/secure-access-trade-offs-for-devsecops-teams?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple
- Cyber Gangs: Who are they in 2021 and what do they Want?: https://securityintelligence.com/articles/cyber-crime-gangs-who-are-they-today/
- Required MFA is not Sufficient for Strong Security: A Report: https://www.darkreading.com/cloud/required-mfa-is-not-sufficient-for-strong-security-report/d/d-id/1341263
- With Cloud, CDO and CISO Concerns are Equally Important: https://www.itsecuritynews.info/with-cloud-cdo-and-ciso-concerns-are-equally-important/
- Colonial Pipeline CEO: Ransomware Attack Started via Pilfered ‘Legacy’ VPN Account: https://beta.darkreading.com/attacks-breaches/colonial-pipeline-ceo-ransomware-attack-started-via-pilfered-legacy-vpn-account
- Cloud Security: Why Being Intentional in Encryption Matters: https://securityintelligence.com/articles/cloud-security-intentional-encryption/
- CSPM explained: Filling the gaps in cloud security: https://www.csoonline.com/article/3620049/cspm-explained-filling-the-gaps-in-cloud-security.html
- Five worthy reads: Confidential computing–the way forward in cloud security: https://securityboulevard.com/2021/06/five-worthy-reads-confidential-computing-the-way-forward-in-cloud-security/
- Data Protection in the K-12 Cloud: https://securityboulevard.com/2021/06/data-protection-in-the-k-12-cloud/
- Cybersecurity Executive Order 2021: What it Means for Cloud and SaaS Security: https://thehackernews.com/2021/06/cybersecurity-executive-order-2021-what.html
- Hackers Can Exploit Samsung Pre-Installed Apps to Spy On Users: https://thehackernews.com/2021/06/hackers-can-exploit-samsung-pre.html
- Top 10 security items to improve in your AWS account: https://aws.amazon.com/blogs/security/top-10-security-items-to-improve-in-your-aws-account/
Transcript
Jesse: Welcome to Meanwhile in Security where I, your host Jesse Trucks, guides you to better security in the cloud.
Announcer: Are you building cloud applications with a distributed team? Check out Teleport, an open-source identity-aware access proxy for cloud resources. Teleport provides secure access for anything running somewhere behind NAT SSH servers, Kubernetes clusters, internal web apps, and databases. Teleport gives engineers superpowers. Get access to everything via single sign-on with multi-factor authentication, list and see all SSH servers, Kubernetes clusters, or databases available to you, and get instant access to them using tools you already have. Teleport ensures best security practices like role-based access, preventing data exfiltration, providing visibility, and ensuring compliance. And best of all, Teleport doesn’t get in the way. Download Teleport at goteleport.com. That’s goteleport.com.
Jesse: Us security people and the general news media like talking about APT this and APT that however, like most things with cybersecurity, the term isn’t even explained. The term is Advanced Persistent Threat—or APT—and it came from Kevin Mandia, founder of Mandiant, a security company, in the famous ABT1 Report as it’s called, released in early 2013, is a fascinating read. Well, maybe some of us love reading these things.
There’s a lot of hype around APTs and what it all means. An APT is essentially a well-funded hacking group, usually with nation-state backing. This means some government is funding and/or training and otherwise supporting the efforts of what amounts to a criminal enterprise attacking assets. Most of us shouldn’t care much about APTs though, as long as we secure our cloud accounts and use properly configured multi-factor authentication, or MFA.
Meanwhile, in the news. Securing Your Cloud Transformation Journey. Plan, build, run, repeat. Plan, build, run, repeat. It’s so simple, however, the details are complex and varied at every one of these stages to reduce the possibility of something catastrophic happening.
TeamTNT Strikes Again: A Wake-Up Call to Start Securing Cloud Entitlements. If you don’t secure your IAM credentials for cloud services, the keys to your kingdom will be shared about by nefarious actors. I’ve recently pointed out that this ABT group, the TeamTNT, was harvesting easy-to-obtain credentials. I love a chance to hammer on basic protocols a...