SilverLining IL

The podcast for Security Architecture Hosted by Moshe Ferber and Ariel Munafo. The world of sof ... more

Hosted by

Latest Episodes

28

November 11, 2020 00:29:02
Episode 28: Analyzing Cloud Attack Vectors - SaaS Marketplaces and Office 365 BEC

Episode 28: Analyzing Cloud Attack Vectors - SaaS Marketplaces and Office 365 BEC

Attendees Guest: Ofer Maor Guest title: Co-Founder & CTO  Company: Mitiga Abstract The recent increase of cloud based attacks gives us an opportunity to examine new attack vectors and how attackers exploit new services. In this episode we talked with Ofer Maor, Co-Founder at Mitiga, about new attack vectors in cloud computing and how attackers exploit new services such as marketplaces, community repos and other examples. Timing: 0:00 Introducing our guest and Mitiga 3:32 Preparing for cloud incident response  7:15 Cloud attack vector - malicious AMI 11:00 More attack vectors on marketplaces 13:18 Github attack vectors 18:15 attack vector - Business email compromise on 365 25:44 how to mitigate cloud incidents 27:58 Summary and last words ...

Listen

27

October 14, 2020 00:40:46
Episode 27: Protecting Your Cloud Data With Legal Controls

Episode 27: Protecting Your Cloud Data With Legal Controls

Attendees Guest: Dalit Ben Israel Guest title: Partner, head of IT & Data protection practice Company: Naschitz Brandes Amir  In the cloud era, the information security officer's new best friends are the lawyers in the legal department.   Legal matters such as cross border data transfers, contractual controls and privacy laws becoming critical in cloud migrations. In this episode we talk with Dalit Ben Israel, Partner at NBlaw, about the legal challenges of cloud computing: cross border transfers, the rise of privacy laws and proper contract management and monitoring.  Timing: 0:00 - Opening 2:03 - Introduction of our guest 4:95 - Considerations of data center location and the effect of the Schrems2 judgement invalidating the Privacy shield 12:50 - The roles and responsibilities of cloud providers and customers  15:27 - Choosing cloud providers - why do we need lawyers in the process and the obligation to enter into DPAs 20:00 - Specific challenges with SaaS and agreements with subprocessors 22:12 – Negotiating cloud contracts - what are the challenges? minimizing risks. 30:32 - Dispute resolution and venue of jurisdiction 33:24 - Ongoing contract monitoring 36:10 - Summary  Connect with Dalit here: Email: [email protected] Website: www.nblaw.com ...

Listen

26

September 16, 2020 00:49:26
Episode 26: Current Challenges With Cloud

Episode 26: Current Challenges With Cloud

This is a special episode where both of us (Moshe & Ariel – no guests this time) discuss the future of cloud computing and challenges that should be solved. We take a detailed look at shortage in manpower and knowledge, privacy laws and their influence on innovation and technology challenges such as multi tenancy, APi’s, encryption, continuous monitoring and more. Agenda Opening words  - 5 min  introducing the podcast  - Moshe / Ariel  Introducing our guest - Ariel Introducing myself - Moshe Introducing the topic and context of the podcast - Moshe  Security challenges   People Shortage in manpower:  There are missing jobs for cyber professional and especially application security Shortage in knowledge: security professional lag behind learning new technologies Process Malicious insider - one of the biggest challenges for cloud providers Shared responsibility model collapsing Privacy laws are creating islands of data - Privacy laws are limiting the transfer of data Jurisdiction, Court orders and government access to data - as cloud provider host more data - they are a target for more & more government interest Technology API security best practices - there will be more & more API’s, we did not master how to protect them Encryption and key management - the holy grail for holding your own encryption keys is fading Multi tenancy - we don't have clear practices on building multi tenant applications Identity based access controls - network access controls are useless in cloud ...

Listen

25

September 01, 2020 00:35:08
Episode 25: From Excessive Permissions To Least Privileges - Automating Your IAM Roles

Episode 25: From Excessive Permissions To Least Privileges - Automating Your IAM Roles

Attendees Guest: Shira Shamban Guest title: CEO & Co-Founder Company: Solvo Abstract In modern cloud environments, Identity and Access Management controls are crucial controls. Many of the access decisions are now made not based on networking structure but rather on roles and permissions. In this episode we talk (again) with Shira Shamban, founder at Solvo about cloud IAM challenges - why is it so hard to get IAM right and how Solvo is planning to revolutionize the IAM management process.  Timing: 0:00 Introducing our guest 3:00 Introducing cloud identity challenges  6:20 Why role management is not enough 11:40 Why we fail to create least-privilege-roles   15:10 How to manage IAM securly - the people angle 18:13 How to manage IAM securly - the process angle 21:08 How to manage IAM securly - the technology angle 31:08 Summary and last words ...

Listen

24

August 19, 2020 00:37:14
Episode 24: Putting The Sec Into DevOps

Episode 24: Putting The Sec Into DevOps

Attendees Guest: Dima Revelis Guest title: Senior Devops engineer Company: MoonActive Abstract DevsecOps is accelerating fast as the new buzzword for modern information security practices. In this episode we use the expertise of Dima Revelis in order to dive deep into understanding DevOps practices, what is CI/ CD pipeline and which security tools are relevant for all of those new practices. Timing: 0:00 - Introducing our guest 2:50 - What is devops 7:50 - What is deployment pipeline 14:20 - What is CI and which security testing can be implemented 17:20 - What is CD and which security consideration  18:40 - Dive deeper into security testing - QA, code review, static & dynamic   analysis 20:45 - So much automation, do we still need manual testing?  22:30 - Additional security aspects: using Jenkins, authentication and authorization, secret management 26:40 - Availability considerations and disaster recovery 33:30 - Summary and final words ...

Listen

23

August 04, 2020 00:47:42
Episode 23: Understanding Microsoft Cloud Security Pillars

Episode 23: Understanding Microsoft Cloud Security Pillars

Attendees Guest: Yoad Dvir Guest title: Security Lead, Central and Eastern Europe Company: Microsoft Abstract Microsoft security portfolio has been growing and diversifying in the last couple of years, adding more capabilities at various areas of information security. In order to better understand Microsoft strategy and offering, we talked with Yoad Dvir, Cyber Security Lead at Microsoft, about the Microsoft new security pillars:  Monitoring, Threat Protection and Information Protection. Timing:  0:00 - Introducing our guest 5:45  - Introducing Microsoft security strategy 12:50 - Security monitoring pillars - Azure monitor, Sentinel, Azure analytics and more 21:10 - Microsoft Threat Protection family - Cloudapp, O365 ATP, Defender ATP, Azure ATP 30:50 - diving deeper into Cloudapp 35:30 - Microsoft Information Protection  44:00 - summary and last words ...

Listen