August 9th, 2024

Defender Fridays Wrap-Up: July 2024

Nicole Boyd

The Decay of Network Segmentation with HD Moore of runZero

In this session, HD Moore, Founder and CEO at runZero, focused on the identification of devices bridging multiple networks, the deterioration of network segmentation, and the impact this has on security models such as zero trust. HD discussed the exploitation of segmentation weaknesses during penetration tests and how unsecured VPN technologies can widen the attack surface. He also discussed his platform, RunZero, its capabilities, and best practices for minimizing device-specific attack surfaces.

Links:

Automating the Contextual Analysis of Breach Alerts with Justin Varner of RadQuantum

In this session of Defender Fridays, Justin Varner discussed the automation of contextual analysis for real-time breach alerts, introducing siphon technology as a move toward intentional tripwires, such as detecting unusual AWS key usage. He highlighted the integration of tools like GreyNoise, RunZero, and Tines to create a more comprehensive approach to incident response. The conversation focused on using automation and specialized tools to refine security operations and strengthen incident response capabilities.

Links:

Emulating Adversaries for Training Defenders with Eric Capuano of LimaCharlie

Eric Capuano, Director of Training at LimaCharlie, shared insights about using adversary emulation as a method for training defense mechanisms in cybersecurity. He highlighted how tools like ChatGPT can streamline creating these scenarios by generating realistic threat simulations. Besides the technical aspects, Eric also addressed the ethical considerations of using AI tools for adversarial purposes, stressing the critical need to test detection rules against emulated attacks.

Links: