7MS #402: Interview with Matt Duench of Arctic Wolf
7 Minute Security26 Helmi 2020

7MS #402: Interview with Matt Duench of Arctic Wolf

Today I'm joined by Matt Duench (LinkedIn / Twitter), who has a broad background in technology and security - from traveling to over 40 countries around the world working with telecom services, to his current role at Arctic Wolf where he leads product marketing for their managed risk solution.

Matt chatted with me over Skype about a wide variety of security topics, including:

  • Corporate conversations around security have changed drastically in such a short time - specifically, security is generally no longer perceived as a cost center. So why are so many organizations basically still in security diapers as far as their maturity?

  • Why is it still so hard to find “bad stuff” on the network?

  • What are some common security mistakes you wish you could wave a magic wand and fix for all companies?

  • The beauty of the CIS Top 20 and how following even the top 5 controls can stop 85% of attacks.

  • Low-hanging hacker fruit that all organizations should consider addressing, such as:

    • Disabling IPv6
    • Using a password manager
    • Turning on multi-factor authentication
    • Don’t write down your passwords!
    • Have a mail transport rule that marks external mail as “EXTERNAL” so it jumps out to people
    • Consider an additional rule to stop display name spoofing (h/t to Rob on Slack!)

  • Why you should be concerned about corporate account takeover, and how to better protect yourself and your company against this attack vector

I also asked Matt a slew of questions that many of you submitted via Slack:

More info under the show notes for this episode at 7ms.us!

Jaksot(682)

7MS #34: The Hacker Playbook (audio)

7MS #34: The Hacker Playbook (audio)

I found a great bit of reading that walks you through the “plays” of hacking – enumeration, exploitation, post-exploitation, etc. It’s a great (and affordable) book called The Hacker Playbook. Cheggitowt! Download: 7MS #34: The Hacker Playbook (audio)

14 Marras 20147min

7MS #33: ProXPN (audio)

7MS #33: ProXPN (audio)

This episode’s all about a cool product called ProXPN that I use to encrypt/anonymize my traffic for various reasons. Not a sponsored episode or anything like that, but I am a fan of this service :-). Download: 7MS #33: ProXPN (audio)

7 Marras 20147min

7MS #32: OSCP – part 3 (audio)

7MS #32: OSCP – part 3 (audio)

Been a while since I shared an update on OSCP progress. It’s going good but…slow. However, I do have one (maybe obvious) tip to share that I hope will save you a ton of time. Download: 7MS #32: OSCP – part 3 (audio)

1 Marras 20147min

7MS #31: Network Detective (audio)

7MS #31: Network Detective (audio)

Network Detective is a tool we’ve been using as kind of an addendum to our full security assessment. It gives some nice, plain-English Excel spreadsheets and Word docs that report on AD health and structure, PC inventory and open ports, AV clients that aren’t working right, and a whole lot more. Download: 7MS #31: Network Detective…

25 Loka 20147min

7MS #30: Managing Privileged Accounts (audio)

7MS #30: Managing Privileged Accounts (audio)

Most organizations I talk to have no idea where their privileged accounts are used across the network. I recently saw a demo of a solution called CyberArk, which seems to address that problem. Download: 7MS #30: Managing Privileged Accounts (audio)

18 Loka 20147min

7MS #29: Follow Up Then (audio)

7MS #29: Follow Up Then (audio)

This isn’t necessarily related to security, but it’s about one of my favorite tools to keep my todos organized: FollowUp Then! Download: 7MS #29: Follow Up Then (audio)

11 Loka 20147min

7MS #28: Infosec for Kids? (audio)

7MS #28: Infosec for Kids? (audio)

This is more of a random, wondering aloud type of episode as I think about raising my kids with infosec in mind. Specifically, what’s life going to be like for them growing up in an Internet-soaked world where there are constantly text/video/photos of them going online – to stay forever? Download: 7MS #28: Infosec for Kids?…

27 Syys 20147min

7MS #27: Backing Up with CrashPlan (audio)

7MS #27: Backing Up with CrashPlan (audio)

Hey, when it comes to backups…uh…you should have them! This is a NON-endorsed/sponsored episode about my personal favorite backup service called CrashPlan. Download: 7MS #27: Backing Up with Crashplan (audio)

20 Syys 20147min

Suosittua kategoriassa Politiikka ja uutiset

rss-podme-livebox
ootsa-kuullut-tasta-2
aikalisa
et-sa-noin-voi-sanoo-esittaa
otetaan-yhdet
politiikan-puskaradio
rss-vaalirankkurit-podcast
rikosmyytit
aihe
the-ulkopolitist
rss-mina-ukkola
rss-tasta-on-kyse-ivan-puopolo-verkkouutiset
rss-hyvaa-huomenta-bryssel
rss-kyselytunti
rss-aijat-hopottaa-podcast
rss-kovin-paikka
rss-suoraan-asiaan
rss-kaikki-paskaksi-ystavat
rss-tyolinjalla-pekka-sauri
rss-raha-talous-ja-politiikka