SilverLining IL

The podcast for Security Architecture Hosted by Moshe Ferber and Ariel Munafo. The world of sof ... more

Hosted by

Latest Episodes

10

November 24, 2019 00:30:24
Episode 10: Securing The New Fintech Economy

Episode 10: Securing The New Fintech Economy

Attendees Guest: Nir Valtman Guest title:  Product security lead Company:  Finastra Abstract Fintech companies drive cloud security forward by setting the highest bar of requirements on cloud providers. In this episode we talk with Nir Valtman, Product security leader at Finastra about the challenges of Fintech companies and dive into API Authentication and Authorization best practices and building eco-system that can support trust between banks and young fintech companies. Timing 0:00 Intro and introducing our guest 2:40 Introducing Finastra and the challenges of traditional banks with modern fintech.  4.50  Building API platforms for banks. Challenges, security considerations and solutions.  8:45   Creating trust between banks and fintech companies - validating applications end to end security from the fintech to the banks. 12.30 Authenticating & Authorizing API requests on banking platforms. Methods, challenges and common use cases 19:30 Detecting anomalies detection and analyzing API’s on top of cloud platforms 25:35 The challenges of application secret management with partners 28.25 Tips for fintech companies ...

Listen

9

October 29, 2019 00:35:01
Episode 9: Challenges With Cloud Management Logs

Episode 9: Challenges With Cloud Management Logs

Attendees Guest: Shira Shamban Guest title:  Cloud Security Company:  Check Point (Dome9) Cloud providers has invested heavily in adding visibility, monitoring and logging capabilities of networking and administrative activities. In this session with talk with Shira Shamban, a cloud security expert from Check Point about the challenges of collecting the different logs exist in cloud platforms and the challenges of gaining insights from them. Abstract Cloud providers has invested heavily in adding visibility, monitoring and logging capabilities of networking  and administrative activities. In this session with talk with Shira Shamban, a cloud security expert from Check Point about the challenges of collecting the different logs exist in cloud platforms  and the challenges of gaining insights from them.  0:00 Introducing Shira and her activities in CheckPoint and community activities (Security-Diva, CSA Top Threat working group, OWASP-IL)  11:55 Introducing the challenges of cloud log management: enabling correctly,  long term storage, analysis challenges, lack of info  19.45  The challenges of monitoring cloud assets using IP addresses  21:25   How to properly do cloud based log collection: Enrichment, external threat service 24.20 Values of log visualization  28.05 Log storage management 31:21 Summary and last words ...

Listen

8

September 24, 2019 00:27:26
Episode 8: Securing The World of IoT

Episode 8: Securing The World of IoT

Attendees Guest: Beau Woods Guest title:  Member Company:  We-Are-The-Cavalry, Atlantic Council Abstract IOT devices such as Medical embedded devices, autonomous vehicle and smart homes are currently the Achilles heel of information security. The technology is advancing fast, but the security frameworks are not advancing at the same pace. In this episode we talk with Beau woods, founder for I-am-the-cavalry, about the steps governments, regulators and vendors should take in order to produce safer IOT devices. Timing   0:00 Intro and introducing our Beau activities and I-AM-The-Cavalry community   5:20 What are the unique challenges of IOT security?  9.05  It is not a question of connectivity 11:35   How do better engineer IOT devices - fail fast, detect failure and maintain an ability to fix failures 17.15 Engineering is not enough - how the IOT consumers should be trained for and aware of 22.20 Summary and conclusions   ...

Listen

7

September 02, 2019 00:36:26
Episode 7: Creating Trust in Cloud

Episode 7: Creating Trust in Cloud

Attendees Guest: Damir Savanović Guest title: Senior researcher Company: Cloud Security Alliance Abstract Creating trust is one of the major challenges for cloud providers and consumers, without trust customers will not be able to move workloads into cloud environments, but trust is a very elusive term that is hard to achieve. In  this episode we talk with Damir Savanović from the Cloud Security Alliance on how cloud providers and consumers can use certifications for increasing trust and how is CSA preparing to the new requirements of continuous monitoring that are arriving with the new EU cyber laws. Timing 0:00 Intro and introducing our guest and overview of Damir activities in the area of cloud security 5:40 Introducing Cloud Security Alliance activities and major projects (STAR and CCSK) 9.17  The true meaning of trust in cloud computing. Using attestation and certification for establishing trust 14:50   The difference between certification and attestation and the effect of the new EU cybersecurity law on compliance 17.50 Understanding CSA STAR methodology from self assessment to certification or attestation and continuous monitoring 24.20 Behind the scenes of continuous monitoring - the CSA STAR methodology  32.00 Summary and conclusions ...

Listen

6

August 12, 2019 00:33:45
Episode 6: The Cloud Octagon Model Framework for Cloud Adoption

Episode 6: The Cloud Octagon Model Framework for Cloud Adoption

Attendees Guest: Olaf Streutker Guest title: CISO Advisor Company: ABN Amro Abstract The Cloud Octagon Model is a new framework for cloud adoption (mostly SaaS adoption). The model was designed in cooperation between ABN-Amro and the Cloud Security Alliance and assists organizations to identify, represent, and assess risks in the context of their cloud implementation across multiple factors by introducing a logical approach to holistically dealing with security aspects involved in moving to the cloud. Link to CSA Cloud Octagon Model: https://cloudsecurityalliance.org/artifacts/cloud-octagon-model/   Timing   0:00 Intro and introducing the guest and ABN Amro cloud adoption methodology 12:10 The evolution of the Cloud Octagon Model and basic concepts 11:28  How ABN-Amro are dealing with IaaS/PaaS vs. SaaS 15:30 The different phases of the Cloud Octagon Model: Classification 20.30 Core banking applications in the cloud 24.20 The different phases of the Cloud Octagon Model 31.20 Summary and conclusions   ...

Listen

5

July 25, 2019 00:53:07
Episode 5: Guard Rails And Not Gates – How R&D And Security Should Co-Exist Audio Player

Episode 5: Guard Rails And Not Gates – How R&D And Security Should Co-Exist Audio Player

Attendees Guest: Guy Flechter Guest title: CISO Company: AppFlayer Abstract One of the biggest challenges facing software companies is how to make sure security policies are enforced across the development cycle without holding R&D ability to innovate. In this episode, Guy Flechter, CISO for Appsflyer, will elaborate on the way he  is providing R&D guidelines and support while keeping them motivated and committed to security.   Timing 0:00 Intro and introducing Appsflyer and its digital business 10:29 Understanding Appsflyer underlying technology and security challenges 14:20  “We came in peace” Building security foundation at Appsflyer - understanding Guy’s methodology 19:55   the people angle: Building the right team and how to work efficiently with R&D team.  27.40 The technology angel:  How to make sure developers don’t need security in everyday life, but they are still on the right tracks 37.10 The process angel: building developers autonomy 40.25 Summary and conclusion ...

Listen