7MS #402: Interview with Matt Duench of Arctic Wolf
7 Minute Security26 Feb 2020

7MS #402: Interview with Matt Duench of Arctic Wolf

Today I'm joined by Matt Duench (LinkedIn / Twitter), who has a broad background in technology and security - from traveling to over 40 countries around the world working with telecom services, to his current role at Arctic Wolf where he leads product marketing for their managed risk solution.

Matt chatted with me over Skype about a wide variety of security topics, including:

  • Corporate conversations around security have changed drastically in such a short time - specifically, security is generally no longer perceived as a cost center. So why are so many organizations basically still in security diapers as far as their maturity?

  • Why is it still so hard to find “bad stuff” on the network?

  • What are some common security mistakes you wish you could wave a magic wand and fix for all companies?

  • The beauty of the CIS Top 20 and how following even the top 5 controls can stop 85% of attacks.

  • Low-hanging hacker fruit that all organizations should consider addressing, such as:

    • Disabling IPv6
    • Using a password manager
    • Turning on multi-factor authentication
    • Don’t write down your passwords!
    • Have a mail transport rule that marks external mail as “EXTERNAL” so it jumps out to people
    • Consider an additional rule to stop display name spoofing (h/t to Rob on Slack!)

  • Why you should be concerned about corporate account takeover, and how to better protect yourself and your company against this attack vector

I also asked Matt a slew of questions that many of you submitted via Slack:

More info under the show notes for this episode at 7ms.us!

Avsnitt(683)

7MS #11: Overtraining your iPhone Touch ID (video)

7MS #11: Overtraining your iPhone Touch ID (video)

In this episode I totally throw my subscribers for a loop and do a VIDEO podcast about overtraining your Touch ID on your iPhone. Download: 7MS #11: Overtraining your iPhone Touch ID (video) Show notes: I first read about this from Steve Gibson of GRC at https://www.grc.com/sn/sn-440.htm. But I was listening to the audio-only version…

12 Apr 20143min

7MS #10: Information Security for the Whole Family – part 2 (audio)

7MS #10: Information Security for the Whole Family – part 2 (audio)

In this episode I talk more about some infosec-y things I’m doing on the home front to nurture a security culture (if you will) with my wife and kids. Download: Episode 10: Information Security for the Whole Family – part 2 (audio) Show notes: If you have kids and are considering a tablet for them,…

5 Apr 20147min

7MS #9: Information Security for the Whole Family (audio)

7MS #9: Information Security for the Whole Family (audio)

In this episode I talk about how being an infosec guy has ruined my family’s life (well, not really) Download: Episode 9: Information Security for the Whole Family (audio) Show notes: To keep peace in your household, I’d recommend making sweeping network changes when your family members aren’t around (i.e. changing the wifi password :-)…

29 Mars 20147min

7MS #8: CISSP – Is That the Cert for Me? (audio)

7MS #8: CISSP – Is That the Cert for Me? (audio)

In this episode I talk about my experience prepping for the CISSP exam. Download: Episode 8: CISSP – Is That the Cert for Me? (audio) Show notes: I used this book as my primary study tool. It comes with a whole slew of companion materials like a pre-assessment test, flashcards and 3 full practice exams.…

22 Mars 20147min

7MS #7: External Vulnerabilities that Byte (audio)

7MS #7: External Vulnerabilities that Byte (audio)

Episode lucky #7!!! In this episode I talk about external network vulnerabilities that we see in many of our assessments – some of which are pretty easy to clear up. Download: Episode 7: External Vulnerabilities that Byte (audio) Show notes: RC4 – a risk that we find just about anywhere SSL is used, but in…

15 Mars 20147min

7MS #6: Fun Firewall Rules – part 2 (audio)

7MS #6: Fun Firewall Rules – part 2 (audio)

In this episode I continue talking about some basic firewall rules that many organizations don’t have in place. Download: Episode 6: Fun Firewall Rules – part 2 (audio) Show notes: Limit outbound DNS requests to just the ISP servers (or whatever external servers you use). Anytime a firewall rule is changed, perform a vulnerability scan…

8 Mars 20147min

7MS #5: Fun Firewall Rules – part 1 (audio)

7MS #5: Fun Firewall Rules – part 1 (audio)

In this episode I talk about some basic firewall rules that many organizations don’t have in place. Download: Episode 5: Fun Firewall Rules – part 1 (audio) Show notes: Block outbound port TCP 25 for all devices except your mail server(s). If you use a third party mail filter like Postini or Securence, ensure that…

1 Mars 20147min

7MS #4: Patch Strategies: Part Deux (audio)

7MS #4: Patch Strategies: Part Deux (audio)

In this episode I continue talking about some dos and donts of patch strategies – this time talking about enterprise level gear. Download: Episode 4: Patch Strategies: Part Deux (audio) Show notes: There are often two trains of thought in regards to enterprise gear patching (like routers, switches, firewalls). 1. If it ain’t broke, don’t…

22 Feb 20146min

Populärt inom Politik & nyheter

p3-krim
svd-dokumentara-berattelser-2
flashback-forever
rss-krimstad
rss-vad-fan-hande
aftonbladet-daily
rss-sanning-konsekvens
olyckan-inifran
rss-viva-fotboll
svenska-fall
krimmagasinet
fordomspodden
motiv
rss-expressen-dok
rss-frandfors-horna
dagens-eko
blenda-2
svd-nyhetsartiklar
spar
spotlight