Episode 11: IoT Security Basics

Episode 11 November 26, 2019 00:43:25
Episode 11: IoT Security Basics
SilverLining IL
Episode 11: IoT Security Basics
/

Hosted By

Moshe Ferber Ariel Munafo

Show Notes

Attendees

Guest: Eliav Gnessin

Guest title: CTO

Company: DeviceTone

Abstract

 IOT present one of the hottest topics in the industry today. In this episode we talk with Eliav Gnessin, CTO for DeviceTone, about securely engineering IOT solution end to end. During the episode Eliav guides us through IOT journey starting from the chipset of the device itself and all the way up to the IOT cloud based management. Eliav will explain about different implementations consideration, latest developments in the market and the efforts made by chipmakers & cloud provider to create more secure IOT.

Timing

0:00

Intro and introducing Eliev and DeviceTone

2:05

Why is it so hard to built secure IOT solutions?

9.00 

How to properly build an IOT solutions: the technology angle 

18:50  

How to properly build an IOT solutions: the people angle

22.40

How to properly build an IOT solutions: the process angle

28:10

Doing over-the-air updates

31:40

The different approaches to IOT coming from the cloud providers

38.20

Tips to IOT developers

Other Episodes

Episode 3

June 24, 2019 00:51:19
Episode Cover

Episode 3: Cloud Configuration Pitfalls

Attendees Guest: Evgeny Zislis Guest title:  CTO Company:  ProdOPS Abstract Over 90% of IaaS/PaaS security incidents happens on consumer fault. Cloud platforms are complicated, with steep learning curve and it is easy to make mistakes. In this podcast, we talk with Evgeny Zislis, CTO for ProdOPS about the common IaaS/PaaS security mistakes and misconfigurations, categorize them and talk about measures to reduce those mistakes and identify them on time.  Timing: 0:00 – 2:10 - intro and introducing our guest 2:10 -   31:05 - What are the common cloud misconfiguration and mistakes  Improper security group configuration Object storage negligence - open buckets on s3 Insecure storing of API/Access Keys - config file in open Github repo is not the best place to store access keys Vulnerable servers exposed (exposing your 5 years old, not updated linux server is not recommended) Fail to segregate different services into different accounts / vpc / subnets Everyday use of root account and relying on one account only 31:05 -  34:20  Avoiding cloud misconfigurations:  the process angle 34:20 -  38:33 Avoiding cloud misconfigurations:  the people angle 38:33 -  49:00 Avoiding cloud misconfigurations:  the technology angle    49.00 – 52:00 Summary and conclusions ...

Listen

Episode 13

December 31, 2019 00:31:56
Episode Cover

Episode 13: Creating Trust & Awareness

Attendees Guest: Vladi Sandler Guest title: Cloud Security team leader Company: cymotive.com Abstract Gaining trust and developing awareness with customers is one of the hardest challenges for providers. It is almost an art. In this episode we talk with Vladi Sandler from Cymotive about creating healthy relationships with customers and how a mixture of personal awareness and technical proficiency are crucial in the customer-provider relationships. Timing: 0:25 introducing our guest 03:30 Introducing Cymotive   5:55 Cymotive challenges with their market targets 10:10 relevant Security teams for protecting automotive  11:50 The concepts of car security 13:55 Challenges when creating trust - The people angle 17:48 Challenges when creating trust - The process angle 22:00 Challenges when creating trust - The technology angle 27:50 Summary and final words ...

Listen

Episode 23

August 04, 2020 00:47:42
Episode Cover

Episode 23: Understanding Microsoft Cloud Security Pillars

Attendees Guest: Yoad Dvir Guest title: Security Lead, Central and Eastern Europe Company: Microsoft Abstract Microsoft security portfolio has been growing and diversifying in the last couple of years, adding more capabilities at various areas of information security. In order to better understand Microsoft strategy and offering, we talked with Yoad Dvir, Cyber Security Lead at Microsoft, about the Microsoft new security pillars:  Monitoring, Threat Protection and Information Protection. Timing:  0:00 - Introducing our guest 5:45  - Introducing Microsoft security strategy 12:50 - Security monitoring pillars - Azure monitor, Sentinel, Azure analytics and more 21:10 - Microsoft Threat Protection family - Cloudapp, O365 ATP, Defender ATP, Azure ATP 30:50 - diving deeper into Cloudapp 35:30 - Microsoft Information Protection  44:00 - summary and last words ...

Listen