SilverLining IL

The podcast for Security Architecture Hosted by Moshe Ferber and Ariel Munafo. The world of sof ... more

Hosted by

Latest Episodes

26

September 16, 2020 00:49:26
Episode 26: Current Challenges With Cloud

Episode 26: Current Challenges With Cloud

This is a special episode where both of us (Moshe & Ariel – no guests this time) discuss the future of cloud computing and challenges that should be solved. We take a detailed look at shortage in manpower and knowledge, privacy laws and their influence on innovation and technology challenges such as multi tenancy, APi’s, encryption, continuous monitoring and more. Agenda Opening words  - 5 min  introducing the podcast  - Moshe / Ariel  Introducing our guest - Ariel Introducing myself - Moshe Introducing the topic and context of the podcast - Moshe  Security challenges   People Shortage in manpower:  There are missing jobs for cyber professional and especially application security Shortage in knowledge: security professional lag behind learning new technologies Process Malicious insider - one of the biggest challenges for cloud providers Shared responsibility model collapsing Privacy laws are creating islands of data - Privacy laws are limiting the transfer of data Jurisdiction, Court orders and government access to data - as cloud provider host more data - they are a target for more & more government interest Technology API security best practices - there will be more & more API’s, we did not master how to protect them Encryption and key management - the holy grail for holding your own encryption keys is fading Multi tenancy - we don't have clear practices on building multi tenant applications Identity based access controls - network access controls are useless in cloud ...

Listen

25

September 01, 2020 00:35:08
Episode 25: From Excessive Permissions To Least Privileges - Automating Your IAM Roles

Episode 25: From Excessive Permissions To Least Privileges - Automating Your IAM Roles

Attendees Guest: Shira Shamban Guest title: CEO & Co-Founder Company: Solvo Abstract In modern cloud environments, Identity and Access Management controls are crucial controls. Many of the access decisions are now made not based on networking structure but rather on roles and permissions. In this episode we talk (again) with Shira Shamban, founder at Solvo about cloud IAM challenges - why is it so hard to get IAM right and how Solvo is planning to revolutionize the IAM management process.  Timing: 0:00 Introducing our guest 3:00 Introducing cloud identity challenges  6:20 Why role management is not enough 11:40 Why we fail to create least-privilege-roles   15:10 How to manage IAM securly - the people angle 18:13 How to manage IAM securly - the process angle 21:08 How to manage IAM securly - the technology angle 31:08 Summary and last words ...

Listen

24

August 19, 2020 00:37:14
Episode 24: Putting The Sec Into DevOps

Episode 24: Putting The Sec Into DevOps

Attendees Guest: Dima Revelis Guest title: Senior Devops engineer Company: MoonActive Abstract DevsecOps is accelerating fast as the new buzzword for modern information security practices. In this episode we use the expertise of Dima Revelis in order to dive deep into understanding DevOps practices, what is CI/ CD pipeline and which security tools are relevant for all of those new practices. Timing: 0:00 - Introducing our guest 2:50 - What is devops 7:50 - What is deployment pipeline 14:20 - What is CI and which security testing can be implemented 17:20 - What is CD and which security consideration  18:40 - Dive deeper into security testing - QA, code review, static & dynamic   analysis 20:45 - So much automation, do we still need manual testing?  22:30 - Additional security aspects: using Jenkins, authentication and authorization, secret management 26:40 - Availability considerations and disaster recovery 33:30 - Summary and final words ...

Listen

23

August 04, 2020 00:47:42
Episode 23: Understanding Microsoft Cloud Security Pillars

Episode 23: Understanding Microsoft Cloud Security Pillars

Attendees Guest: Yoad Dvir Guest title: Security Lead, Central and Eastern Europe Company: Microsoft Abstract Microsoft security portfolio has been growing and diversifying in the last couple of years, adding more capabilities at various areas of information security. In order to better understand Microsoft strategy and offering, we talked with Yoad Dvir, Cyber Security Lead at Microsoft, about the Microsoft new security pillars:  Monitoring, Threat Protection and Information Protection. Timing:  0:00 - Introducing our guest 5:45  - Introducing Microsoft security strategy 12:50 - Security monitoring pillars - Azure monitor, Sentinel, Azure analytics and more 21:10 - Microsoft Threat Protection family - Cloudapp, O365 ATP, Defender ATP, Azure ATP 30:50 - diving deeper into Cloudapp 35:30 - Microsoft Information Protection  44:00 - summary and last words ...

Listen

22

August 03, 2020 00:32:39
Episode 22: How To Do Add Open Source Code To Your Applications, Securely

Episode 22: How To Do Add Open Source Code To Your Applications, Securely

Attendees Guest: Liran Tal Guest title: Developer Advocate Company:  Synk Abstract Open source software takes a big part in our daily lives, and also in our development environments. Many applications developers rely on open source libraries &  tools and integrating it into their code. This is a great improvement for developers allowing them to innovate quickly and efficiently. But all this good comes with a big responsibility - open source software should be carefully examined in order to make sure its reliability. In this episode we talk with Liran Tal from Synk about the growing importance of adding security evaluation of open source software in the development cycle. Timing:  0:00 introducing our guest 5:50 what is the challenge of open-source security 10:05 - open source security - the people angel 16:00 - open source security - the process angel 24:55 - open source security - the technology angel 29:42 summary and last words ...

Listen

21

August 03, 2020 00:26:59
Episode 21: Building The Next Generation Of Cloud Services

Episode 21: Building The Next Generation Of Cloud Services

Attendees Guest: Eran Feigenbaum Guest title:  CSO, Oracle Cloud Abstract The first generation of cloud services began about 15 years ago and stretched until now, but it came with many built-in challenges due to lack of maturity and the fact that security was added on top and not present from the start. In this episode we talk with Eran Feigenbaum, CISO of Oracle cloud about the next generation of cloud services - how can we build cloud that is more secure,, immuned to miss-configuration and other pitfalls that are relevant to today's cloud services. Timing: 0:00 introducing our guest 5:40 Generation one of cloud infrastructure 8:40 so what is second generation of cloud infrastructure 10:30 how Oracle is planning to change the cloud market 11:40 how second generation cloud services can help with common mistakes such as misconfiguration 13:35 what cloud provider should do in order to increase security 16:05 how cloud providers can  be proactive with their customers 19:00 handling miss-configuration such as open buckets and lost API’s keys 23:40 summary and last words ...

Listen