SolarWinds through a first principle lens. [CSO Perspectives]

CyberWire Daily

N2K Networks, Inc.

Daily News, Tech News, News, Technology

4.6 • 1K Ratings

🗓️ 11 April 2022

⏱️ 22 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Enjoy this sample of CSO Perspectives, a CyberWire Pro podcast. Like what you hear? Consider subscribing to CyberWire Pro for $99/year. Learn more. On this episode, host Rick Howard discusses if the first principles theories prevent material impact in the real world, such as the latest SolarWinds attack. Previous episodes referenced: S1E6: 11 MAY: Cybersecurity First Principles S1E7: 18 MAY: Cybersecurity first principles: zero trust S1E8: 26 MAY: Cybersecurity first principles: intrusion kill chains. S1E9: 01 JUN: Cybersecurity first principles - resilience S1E11: 15 JUN: Cybersecurity first principles - risk S2E3: 03 AUG: Incident response: a first principle idea. S2E4: 10 AUG: Incident response: around the Hash Table. S2E7: 31 AUG: Identity Management: a first principle idea. S2E8: 07 SEP: Identity Management: around the Hash Table. Other resources: “A BRIEF HISTORY OF SUPPLY CHAIN ATTACKS,” by Secarma, 1 September 2018. “Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers,” by 365 Defender Research Team and the Threat Intelligence Center (MSTIC), Microsoft, 18 December 2020. “A Timeline Perspective of the SolarStorm Supply-Chain Attack,” by Unit 42, Palo Alto Networks, 23 December 2020. “Cobalt Strike,” by MALPEDIA. “Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon,” by Kim Zetter, Published by Crown, 3 June 2014. “Cybersecurity Canon,” by Ohio State University. “FireEye shares jump back to pre-hack levels,” Melissa Lee, CNBC, 23 December 2020. "Implementing Intrusion Kill Chain Strategies by Creating Defensive Campaign Adversary Playbooks," by Rick Howard, Ryan Olson, and Deirdre Beard (Editor), The Cyber Defense Review, Fall 2020. “Orion Platform,” by SolarWinds. “Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers,” by Andy Greenberg, Published by Doubleday, 7 May 2019. “Solarstorm,” by Unit 42, Palo Alto Networks, 23 December 2020. “The Cybersecurity Canon: Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon,” by Rick Howard, The Cybersecurity Canon Project, 28 January 2015. “Using Microsoft 365 Defender to protect against Solorigate,” by the Microsoft 365 Defender Team, 28 December 2020.

Transcript

Click on a timestamp to play from that location

0:00.0	You're listening to the CyberWire Network, powered by N2K.
0:07.0	Don't
0:14.0	don't struggle to align your organization's
0:17.0	cybersecurity with business risk.
0:19.0	Get the only solution that goes beyond reacting to threats
0:22.0	with vulnerability and risk monitoring.
0:25.1	You need the next evolution of MDR and only Critical Start delivers it.
0:30.8	Critical Start doesn't just monitor and respond to threats.
0:34.0	They put you in control by detecting suspicious activities,
0:38.0	quickly responding to contain threats and identifying your most critical assets
0:42.0	and protecting them against vulnerabilities and exposures.
0:45.8	With continuous visibility, expert guidance and measurable risk reduction, critical start
0:50.9	has redefined what it means to manage cyber risk.
0:54.0	Demonstrate provable security maturity to your leadership
0:58.0	while positioning your program to achieve the greatest risk reduction per dollar spent, stop fearing risk and start managing it with
1:05.8	critical start. Visit critical start.com and request a demo today. That's Critical Start.com.
1:13.4	You can sense to glory.
1:20.4	You can sense the glory.
1:21.8	If this is the start is something. If this is started something.
1:24.0	Feel it in your bone.
1:25.0	Wow!
1:26.0	The quarterfinals.
	...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from N2K Networks, Inc., and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of N2K Networks, Inc. and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.