TWiET 363: Al Dente Security Tools

Beep boop - this is a robot. A new show has been posted to TWiT…

What are your thoughts about today’s show? We’d love to hear from you!

Was listening to the Al Dente Security Tools and have an opinion as a manager that has to try and manage this chaos that is cyber security.

I understand that the tools are a band aid to help us get a handle on a problem. From my perspective they act as a method of visualizing the issue.

I agree with Lou that they can make things worse, because they can add complexity that makes it harder to setup properly. I also agree that we are looking for suites of solutions that we can bank on.

Security is an impossible problem for most organizations. I was listening to another episode recently where you guy’s were talking about Glitching, and then you have the Security Now podcast that scares the daylights out of me every time I listen to it.

Where do we go for real solutions. Solutions that help against Ransom ware or any of the million other potential attack vectors we have. Are the cloud solutions available from Microsoft, cisco etc something we should be looking at? Where do we go to learn more about making ourselves more secure?

1 Like

These are GREAT questions Seamus. So good, I think we should cover them in a future episode, or two. :slight_smile:

Hackers tend to find innovative ways to bypass the known rules, and before a security expert knows about the breach, it is often too late. There are new services and tools that are using Machine learning, and even AI, to determine weak points in the network and detect network anomalies. This is catching issues proactively and sometimes reactively during an event. In addition to scanning devices, architecting a Zero Trust network and building new solutions and secure hardware/hardened OS, there is a need to go further to protect environments built at global scale. This is where I believe AI has a strong use case.There is an interesting read here. Zero Trust is a new mindset and methodology, but it means adopting a “never trust, always verify” stance towards access and authentication. That’s a good place to start.

Now there is, however, growing adoption of “as a service” security solutions, with the most common being endpoint security as a service and threat protection as a service. From experience, Malwarebytes (top), Sophos (tie with the top), Symantec, Webroot, Trend Micro, Bitdefender, and ESET are also among the top endpoint security providers. Sophos is a sponsor, but I can also tell you we use it at a corporate level to secure all BYOD on our network (100+K employees) It’s exceptional!

Next level stuff is, AI-powered network security appliances. Take a look at network security appliances from Cisco, SonicWall, and Meraki by Cisco, which are the most commonly used by businesses today. Sophos, Fortinet, and Barracuda are also among the top providers. Other notable players are Palo Alto Networks, WatchGuard, and pfSense.

I could go on and on, but I hope this helps so far. Like I said, we should do a show about it. :slight_smile:

1 Like