SilverLining IL

The podcast for Security Architecture Hosted by Moshe Ferber and Ariel Munafo. The world of software development has changed rapidly in the last years due to various factors – Cloud Computing, Digital Transformation, CI/CD & ...more

Hosted by

Latest Episodes

31

December 23, 2020 00:32:14
Episode 31: Understanding Cloud Native Security Basics

Episode 31: Understanding Cloud Native Security Basics

Attendees Guest: Benjy Portnoy Guest Title: Sr. Director, Solution Architects Company: Aqua Security Abstract A cloud-native security strategy entails protecting the infrastructure, build, and running workloads. In this episode, we spoke with Benjy Portnoy, Sr Director of Solution Architects at Aqua Security regarding cloud-native security fundamentals. We also delve into various attacks identified in the recently published Cloud Native Threat Report by Aqua's security research team, Nautilus. Timing 0:00 introducing our guest 2:50 what is cloud native security 5:11 Sorting out between CWPP, CSPM & DevSecOps 8:01 Protecting the build, the platform and workload 10:30 Understanding what is CASB  12:45 diving into the kinsing attack 29.11 Summary and last words ...

Listen

30

December 08, 2020 00:29:55
Episode 30:  The challenges of CISO in a security company

Episode 30:  The challenges of CISO in a security company

Attendees Guest: Eitan Satmary Guest Title: CISO  Company: Tufin Abstract Being a CISO is challenging, being a CISO at a security vendor is even more challenging. In this episode we host Eitan Satmary, CISO for Tufin, to talk about the good and bad of being a CISO in a cyber security vendor. We will talk about CISO's ability to influence innovation and product roadmap in the company and how the transition from on-prem offering to SaaS offering changed the company's security posture. Timing: 0:00 introducing our guest 4:20 CISO in a security company:  influence the innovation team 10:30 the relationship between CISO and the sales department 12:30 the company journey of adding cloud capabilities 15:00 CISO’s first steps 20:11 Risk management considerations for SaaS companies 25:00  Summary and final thoughts ...

Listen

29

November 25, 2020 00:36:09
Episode 29: Cloud Identity Governance - understanding challenges

Episode 29: Cloud Identity Governance - understanding challenges

Sponsored By: Attendees Guest: Arick Goomanovsky Guest title: Co-Founder & Chief Business Officer Company: Ermetic Abstract In cloud platforms, identity and permissions are the most important control that customers get to implement. Network segmentation and other traditional controls are often ineffective and access to resources is determined by a mixture of roles & policies. This mixture can become very complex and difficult to lock down. In this episode, we are hosting Arick Goomanovsky, Chief Business Officer at Ermetic, to discuss Cloud identity and access challenges, and to review real life examples of what can happen when neglecting identity and access entitlements in cloud infrastructure. Mail to: [email protected] Timing: 0:00  Introducing our guest and Ermetic 2:21  Understanding Identity Governance 4:40  Cloud identity challenges 10:55 Dealing with identity challenges by adding visualization and analysis of permissions 16:30 Who are the organizational stakeholders relevant? 22:01 Examples for IAM challenges and outbreaks 22:25 Example 1: Protecting sensitive resources 26:25 Example 2: Third party access 29:49 Example 3: The visibility challenge when using SSO 31:30 Summary and final words ...

Listen

28

November 11, 2020 00:29:02
Episode 28: Analyzing Cloud Attack Vectors - SaaS Marketplaces and Office 365 BEC

Episode 28: Analyzing Cloud Attack Vectors - SaaS Marketplaces and Office 365 BEC

Attendees Guest: Ofer Maor Guest title: Co-Founder & CTO  Company: Mitiga Abstract The recent increase of cloud based attacks gives us an opportunity to examine new attack vectors and how attackers exploit new services. In this episode we talked with Ofer Maor, Co-Founder at Mitiga, about new attack vectors in cloud computing and how attackers exploit new services such as marketplaces, community repos and other examples. Timing: 0:00 Introducing our guest and Mitiga 3:32 Preparing for cloud incident response  7:15 Cloud attack vector - malicious AMI 11:00 More attack vectors on marketplaces 13:18 Github attack vectors 18:15 attack vector - Business email compromise on 365 25:44 how to mitigate cloud incidents 27:58 Summary and last words ...

Listen

27

October 14, 2020 00:40:46
Episode 27: Protecting Your Cloud Data With Legal Controls

Episode 27: Protecting Your Cloud Data With Legal Controls

Attendees Guest: Dalit Ben Israel Guest title: Partner, head of IT & Data protection practice Company: Naschitz Brandes Amir  In the cloud era, the information security officer's new best friends are the lawyers in the legal department.   Legal matters such as cross border data transfers, contractual controls and privacy laws becoming critical in cloud migrations. In this episode we talk with Dalit Ben Israel, Partner at NBlaw, about the legal challenges of cloud computing: cross border transfers, the rise of privacy laws and proper contract management and monitoring.  Timing: 0:00 - Opening 2:03 - Introduction of our guest 4:95 - Considerations of data center location and the effect of the Schrems2 judgement invalidating the Privacy shield 12:50 - The roles and responsibilities of cloud providers and customers  15:27 - Choosing cloud providers - why do we need lawyers in the process and the obligation to enter into DPAs 20:00 - Specific challenges with SaaS and agreements with subprocessors 22:12 – Negotiating cloud contracts - what are the challenges? minimizing risks. 30:32 - Dispute resolution and venue of jurisdiction 33:24 - Ongoing contract monitoring 36:10 - Summary  Connect with Dalit here: Email: [email protected] Website: www.nblaw.com ...

Listen

26

September 16, 2020 00:49:26
Episode 26: Current Challenges With Cloud

Episode 26: Current Challenges With Cloud

This is a special episode where both of us (Moshe & Ariel – no guests this time) discuss the future of cloud computing and challenges that should be solved. We take a detailed look at shortage in manpower and knowledge, privacy laws and their influence on innovation and technology challenges such as multi tenancy, APi’s, encryption, continuous monitoring and more. Agenda Opening words  - 5 min  introducing the podcast  - Moshe / Ariel  Introducing our guest - Ariel Introducing myself - Moshe Introducing the topic and context of the podcast - Moshe  Security challenges   People Shortage in manpower:  There are missing jobs for cyber professional and especially application security Shortage in knowledge: security professional lag behind learning new technologies Process Malicious insider - one of the biggest challenges for cloud providers Shared responsibility model collapsing Privacy laws are creating islands of data - Privacy laws are limiting the transfer of data Jurisdiction, Court orders and government access to data - as cloud provider host more data - they are a target for more & more government interest Technology API security best practices - there will be more & more API’s, we did not master how to protect them Encryption and key management - the holy grail for holding your own encryption keys is fading Multi tenancy - we don't have clear practices on building multi tenant applications Identity based access controls - network access controls are useless in cloud ...

Listen