
CIS Control 16 - Application Software SecurityThe way in which we interact with applications has changed dramatically over years. Organizations use applications in day-to-day operations to manage their most sensitive data and control access to system resources. Instead of traversing a labyrinth of networks and systems, attackers today see an opening to turn an organizations applications against it to bypass network security controls and compromise sensitive data. NOTE: Crowdstrike notes that Cloud based attacks and initial access via these systems has increased 112%, therefore SaaS applications, their potential vulnerabilities and misconfigurations along with initial access are all being focused on by threat actors.**Jim Manico at minute 52:40 - do not miss!!**Our sponsor: Jim Manico, Founder of Manicode is considered the "Godfather" of the OWASP Top 10 and trains software development teams around the globe. His firm helps organizations building secure code and creates programs to address the primary cause of insecurity, which is the lack of secure software development practices. Contact Jim here: https://manicode.com/Co-hosts:Ryan Weeks: https://www.linkedin.com/in/ryanweeks/Phyllis Lee: https://www.linkedin.com/in/phyllis-lee-21b58a1a4/Wes Spencer: https://www.linkedin.com/in/wesspencer/'
Mar 14, 2023
1 hr 6 min

LastPass and the recent Rackspace Exchange incident are two prime examples of "why" this Control is Critical!!Develop a process to evaluate service providers who hold sensitive data, or are responsible for critical IT platforms or processes, to ensure these providers are protecting those platforms and data appropriately.Identify your business needs and create a set of standards that can be used to grade services providers that are being proposed. Organize and monitor all services providers that are associated with your business. Keeping an inventory of all services providers will enable you to monitor them in case they update their policies. Co-hosts:Ryan Weeks: https://www.linkedin.com/in/ryanweeks/Phyllis Lee: https://www.linkedin.com/in/phyllis-lee-21b58a1a4/Wes Spencer: https://www.linkedin.com/in/wesspencer/
Jan 22, 2023
1 hr 2 min

MSP/MSSPs should offer solutions to provide users with frequent security awareness training to increase its overall security posture. The information provided by the security awareness training should be relevant and provide insights into recent security incidents. Training should also reiterate the necessity of using strong passwords, spotting and reporting phishing attacks, as well as properly handling personal information. Security awareness training should include frequent phishing tests. Phishing tests allow users to learn from their mistakes and utilize their training to spot actual phishing attacks. These phishing tests should be specially crafted for different departments within an enterprise. Specially crafted phishing tests are harder to detect and demonstrate the value of security awareness training.👏Special thanks to Phin Security for their sponsorship and interview.Connor Swalm: https://www.linkedin.com/in/connor-swalm/Co-hosts:Ryan Weeks: https://www.linkedin.com/in/ryanweeks/Phyllis Lee: https://www.linkedin.com/in/phyllis-lee-21b58a1a4/Wes Spencer: https://www.linkedin.com/in/wesspencer/
Nov 9, 2022
1 hr 17 min

Network monitoring and defense is one of only two controls that does not contain any Implementation Group 1 Safeguards in Controls version 8. This control is geared towards mature MSPs, MSSPs & organizations who have a mindset of continuous improvement that involves people, process, and technology. Service providers need a well-trained staff that executes on their network monitoring, detection, logging, correlation of events in order to thwart malicious attacks. 👏Special thanks for ConnectWise sponsorship and interview. Drew Sanford: https://www.linkedin.com/in/drewsanford/Co-hosts:Ryan Weeks: https://www.linkedin.com/in/ryanweeks/Phyllis Lee: https://www.linkedin.com/in/phyllis-lee-21b58a1a4/Wes Spencer: https://www.linkedin.com/in/wesspencer/
Sep 29, 2022
1 hr 6 min

Abstract: Network Infrastructure Management - Establish, implement, and actively manage network devices, in order to prevent attackers from exploiting vulnerable network services and access points. Network infrastructure devices can be physical or virtual and include things such as routers, switches, firewalls, and wireless access points. Unfortunately, many devices are shipped from manufacturers with “default” configuration settings and passwords that, if deployed as-is, can significantly weaken an organization’s network infrastructure. Even if network devices are hardened with non-default configurations and strong passwords, over time these devices will be targeted by new vulnerabilities that are discovered by security researchers.MSPs should ensure that their teams implementing and operating the network infrastructure have processes and procedures in place that include capabilities for having a secure network infrastructure. 👏Special thanks for Domotz sponsorship and interview. ONLY $21 per Network!! Incredible for MSP COGS!!Key areas Domotz helps MSPs: Control 1 | Continuous Discovery of new devices | checking for default passwords | Alerting on changes (ports, protocols, configurations) | being able to revert back (backup) | logging and auditing of changes and much more!! 🙌 JB Fowler: https://www.linkedin.com/in/jb-fowler-1302023/ & Giancarlo Fanelli https://www.linkedin.com/in/giancarlofanelli/ 👉Domotz's Security Standards: https://www.domotz.com/knowledge-base/Domotz-Security-Standards-2021-March.pdfDomotz MSP: https://www.domotz.com/msp.phpCo-hosts:Ryan Weeks: https://www.linkedin.com/in/ryanweeks/Phyllis Lee: https://www.linkedin.com/in/phyllis-lee-21b58a1a4/Wes Spencer: https://www.linkedin.com/in/wesspencer/
Jul 7, 2022
57 min

Abstract: Data loss can be a consequence of a variety of factors from malicious ransomware, threat actors using "Double Extortion" and exfiltration, human error and natural disasters like hurricanes. Regardless of the reason for data loss, we need to have a process established (RPO/RTO) to recover our data. Key Takeaways for Control 11Prioritize your data and come up with a data recovery plan.Protect your backed up data. (See Control 3: Data Protection.)Practice and Test restoring your data.Restore your data after any compromise. 👉Datto's BCDR Resource Center: https://www.datto.com/resources?page=4&categories=BCDR 🙌 Rob Rae: https://www.linkedin.com/in/robtrae/ - special thanks for Datto's sponsorship and interview.Co-hosts:Ryan Weeks: https://www.linkedin.com/in/ryanweeks/Phyllis Lee: https://www.linkedin.com/in/phyllis-lee-21b58a1a4/Wes Spencer: https://www.linkedin.com/in/wesspencer/
May 24, 2022
1 hr 4 min

Abstract: With the continuing rise of ransomware, malware defenses are more critical than ever before with regard to securing your MSP and clients. Malware defenses must be able to operate in a dynamic environment through automation, timely and rapid updating, and integrate with other processes like vulnerability management and incident response. Anti-Malware technologies have become an after thought in many organizations, a technology that they’ve always had, always used, and never really thought about. Effective malware protection includes traditional endpoint malware prevention and detection suites, along with enrichment from vendor, vulnerability or threat data. 👉MSP Partner Growth Program: https://www.malwarebytes.com/partners/managed-service-providers - email Roane Tucker for assistance - [email protected].🙌 Claudio Tosi: https://www.linkedin.com/in/claudiotosi/Co-hosts:Ryan Weeks: https://www.linkedin.com/in/ryanweeks/Phyllis Lee: https://www.linkedin.com/in/phyllis-lee-21b58a1a4/Wes Spencer: https://www.linkedin.com/in/wesspencer/
Apr 26, 2022
48 min

Abstract: Web browsers and email clients are very common points of entry for attackers because of their direct interaction with users inside an organization. Content can be crafted to entice or spoof users into disclosing credentials, providing sensitive data, or providing an open channel to allow attackers to gain access, thus increasing risk to your MSP or client's business. Since email and web are the main means that users interact with external and untrusted users and environments, these are prime targets for both malicious code and social engineering. 😎Cisco Secure MSP Interview: with Steve Steinberg, Sales Engineer for Cisco Umbrella.👉Cisco Secure Managed Service Provider: https://www.cisco.com/c/en/us/products/security/secure-msp-center.html🙌Steve Steinberg: https://www.linkedin.com/in/stevesteinberg/Interested in learning more: [email protected]:Ryan Weeks: https://www.linkedin.com/in/ryanweeks/Phyllis Lee: https://www.linkedin.com/in/phyllis-lee-21b58a1a4/Wes Spencer: https://www.linkedin.com/in/wesspencer/
Mar 17, 2022
56 min

Abstract: Log collection and analysis is critical for an organization's ability to detect malicious activity quickly. Sometimes audit logs are the only evidence of a successful attack. Attackers know that many organizations keep audit logs for compliance purposes, but rarely analyze them. Due to poor log analysis processes, attackers sometimes control victim machines for months or years without anyone in the target organization knowing. In this episode, learn about using logs in incident management, analyzing what to log and the numerous factors to establish a successful audit log management process.Sponsor: Blackpoint Cyber interview with Travis Brittain, Director of Product Enablement. Logging & Compliance: https://blackpointcyber.com/logic/Travis Brittain: https://www.linkedin.com/in/tbrittain/Co-hosts:Ryan Weeks: https://www.linkedin.com/in/ryanweeks/Phyllis Lee: https://www.linkedin.com/in/phyllis-lee-21b58a1a4/Wes Spencer: https://www.linkedin.com/in/wesspencer/
Feb 12, 2022
59 min

Note we discuss Log4j as this is a very timely topic to this control. Abstract: Cyber defenders are constantly being challenged from attackers who are looking for vulnerabilities within their infrastructure to exploit and gain access. Defenders must have timely threat information available to them about: software updates, patches, security advisories, threat bulletins, etc., and they should regularly review their environment to identify these vulnerabilities before the attackers do. Understanding and managing vulnerabilities is a continuous activity, requiring focus of time, attention, and resources. Sponsor: CyberCNS interview with Shiva Shankar, CTO & Founder at minute 45:22.Learn more here: https://www.cybercns.com/ (free trial)Shiva Shankar: https://www.linkedin.com/in/shivashankarj/Co-hosts:Ryan Weeks: https://www.linkedin.com/in/ryanweeks/Phyllis Lee: https://www.linkedin.com/in/phyllis-lee-21b58a1a4/Wes Spencer: https://www.linkedin.com/in/wesspencer/
Dec 22, 2021
54 min
Load more
