The Security Implications of Migrating from VMware

YouTube

By loading the video, you agree to YouTube's privacy policy.
Learn more

Load video

By loading the podcast, you accept Libsyn's privacy policy.
Read more

Load podcast

In this episode of the Security Swarm Podcast, host Andy and recurring guest, Paul, talk about the challenges and opportunities organizations face amidst the Broadcom acquisition of VMware. They discuss the steep price hikes for VMware licenses and the security vulnerabilities recently discovered in VMware products.

This acquisition has prompted many businesses to consider alternative solutions, and the episode provides a comprehensive overview of the available options within the Microsoft ecosystem. They cover a range of migration strategies, including moving to the Microsoft ecosystem through Azure, Azure Stack HCI, and on-premises Hyper-V solutions.  Andy and Paul offer valuable insights into ensuring a secure and seamless transition away from VMware, making this episode essential listening for IT professionals navigating these significant changes.

Key takeaways:

  • Broadcom’s Acquisition of VMware is Causing Major Disruption due to massive license cost increases of 300-500% for many organizations.
  • Microsoft Hyper-V is a Viable Alternative to VMware. It offers a mature, enterprise-ready hypervisor that can be a cost-effective replacement for VMware.
  • Azure Stack HCI Provides an On-Premises VMware Alternative. It provides a hyperconverged infrastructure solution with Hyper-V at the core, along with integration to Azure services for management and modernization.
  • Security pitfalls can arise when organizations rush to migrate away from VMware due to the Broadcom situation. Proper planning, understanding the security posture of the new platform, and ensuring critical configurations like backup are in place are essential to mitigate risks.

Timestamps:

(02:51) – Vulnerabilities in VMware

(07:30) – Migrating to the Microsoft Ecosystem

(13:38) – On-Premises Microsoft Options

(38:45) – Security Considerations for Migrations

(44:52) – Pragmatic Approach to Platform Selection

Episode Resources:

Microsoft and Broadcom to Support License Portability

Paul’s article on options for migrating from VMware to Microsoft 

VMware Sandbox Escape Bugs

New Threat Campaign Distributing DarkGate Malware & The Massive 911 S5 Botnet Takedown

YouTube

By loading the video, you agree to YouTube's privacy policy.
Learn more

Load video

By loading the podcast, you accept Libsyn's privacy policy.
Read more

Load podcast

In this episode of the Security Swarm Podcast, host Andy and recurring guest Eric Siron discuss the Monthly Threat Review for June 2024.  They explore a new threat campaign distributing the Darkgate Malware using a technique called pastejacking. Additionally, they touch upon the 911 S5 Proxy Botnet takedown and how threat actors are exploiting Stack Overflow to distribute malware.

Key takeaways:

  • Awareness of common tactics like pacejacking can help prevent falling victim to malware campaigns.
  • Read the details of the Darkgate attack methods we show in the report and adjust your security posture as needed. If you’re in need of powerful, next-gen email security software, we’ve got you covered.
  • If your organization is leveraging software from any online, public repository, take the time to review that repository and do a risk assessment. Threat-actors are increasingly using public software repos for malicious purposes.

Timestamps:

(03:15) – Insights into Email Threat Trends and Industry Targeting in Cybersecurity Landscape

(13:15) – Unveiling New Cybersecurity Threat Campaign using  Pastejacking

(23:31) – Massive Botnet Take Down and Arrest of Operator: A Victory Against Cybercrime

(29:29) – Beware of Malicious Packages: A Cautionary Case Study from Stack Overflow

Episode Resources:

Full Monthly Threat Report

Enhance Security Awareness by Training Employees

Windows Server 2025: New Security Features Revealed

YouTube

By loading the video, you agree to YouTube's privacy policy.
Learn more

Load video

By loading the podcast, you accept Libsyn's privacy policy.
Read more

Load podcast

In this podcast episode, Andy and Paul discuss the upcoming release of Windows Server 2025 and the myriad security enhancements it will bring. They delve into various topics such as improvements to Active Directory, delegated managed service accounts, Kerberos protocol enhancements, SMB enhancements, hot patching, REFS file system for confidential computing, and extended security updates.  

Key takeaways: 

  • Windows Server 2025 brings a host of security enhancements. 
  • The release date of Windows Server 2025 is speculated to be in September 2024, coinciding with the release of System Center 2025. 

Timestamps: 

(07:05) – Enhancements in Active Directory Security and Numa Support: A Deep Dive

(13:19) – Revolutionizing Service Accounts: Delegated Managed Service Accounts Explained 

(20:28) – Revamping Windows Server Security: Say Goodbye to NTLM and Hello to Kerberos 

(28:15) – Revolutionizing SMB with Quick Protocol and Hot Patching in Windows Server 2025 

(32:34) – Revolutionizing Patching with Hot Patching in Windows Server and Azure 

(36:02) – Revolutionizing Data Protection with Resilient File System and Confidential Computing 

(39:34) – Exploring Confidential Compute, Server Upgrades, and Extended Security Updates in Windows Server Environment 

(42:37) – Windows Server 2025 Release Date Speculations and Future Episode Teasers 

Episode Resources: 

What’s new in Windows Server 2025 from MS Learn

Passkeys in Microsoft Entra: Benefits, Implementation Tips & More

YouTube

By loading the video, you agree to YouTube's privacy policy.
Learn more

Load video

By loading the podcast, you accept Libsyn's privacy policy.
Read more

Load podcast

In this episode of the Security Swarm Podcast, our host Andy and guest speaker Jan Bakker discuss passkeys in the Microsoft ecosystem. They cover topics such as the definition of passkeys, prerequisites, tips for implementation, and the user experience. They also highlight the user-centric enrollment process, the role of conditional access, and the potential challenges and advantages of transitioning to passkeys. 

Key takeaways: 

  • Passkeys are a new authentication mechanism using the FIDO2 standard, providing a secure and user-friendly passwordless experience. 
  • Device-bound passkeys are more secure but not transferable between devices, while syncable passkeys offer convenience but may introduce potential security risks. 
  • Passkeys enhance security by being phishing-resistant and replacing traditional passwords and MFA methods. 
  • The enrollment process involves using the Microsoft Authenticator app and ensuring prerequisites like device compatibility and Bluetooth connectivity. 
  • Admins can enforce authentication method policies and conditional access to control user access and enhance security. 
  • User education, interface improvements, and conditional access play crucial roles in a successful transition to passkeys. 

Timestamps: 

(03:04) – Unlocking the Future of Passkeys and the Evolution of Authentication 

(06:18) – Exploring the Security Benefits of Device Bound and Syncable Passkeys 

(14:54) – How to Prepare for Passkeys in Microsoft 365 

(23:03) – Navigating the Rollout of Passkeys for Enhanced Security: Admins vs End Users 

(29:03) – Maximizing Security with Passkeys, Conditional Access, and Authentication Policies 

(33:01) – Unveiling the Convenience of Device-Bound Passkeys in Vasquez for Microsoft 365 

Episode Resources: 

Previous episode on Passkeys

Blog post of Jan

Did the CSRB Force Microsoft’s Hand on Security?

YouTube

By loading the video, you agree to YouTube's privacy policy.
Learn more

Load video

By loading the podcast, you accept Libsyn's privacy policy.
Read more

Load podcast

Microsoft has recently been criticized for not prioritizing security enough. Following the CSRB’s Report on the Storm-0558 attack, Microsoft announced that security is now a top priority, with a commitment to address security issues before new product innovations. In this podcast episode, Andy and Paul Schnackenburg discuss the blog post which analyzes the Secure Future Initiative and its advancements.  

The conversation brings up the burning question: Was it the Cyber Safety Review Board (CSRB) that catalyzed Microsoft’s proactive stance on security? 

Key takeaways: 

  • Microsoft is taking proactive steps to address security vulnerabilities and enhance its security measures following recent incidents. 
  • The focus on protecting identities, enforcing multi-factor authentication, and improving network segmentation are crucial for bolstering security. 
  • Efforts to align security actions with recommendations from the CSRB demonstrate a commitment to addressing criticisms directly. 

Timestamps:

(06:52)  Key Insights from Charlie Bell’s Blog Post Addressing Cyber Security Concerns

(11:22)  Enhancing Security Measures in Response to the CSRB’s Report

(21:22) Top Security Practices for Protecting Tenants and Production Systems

(24:46)  Enhancing Cloud Security with Micro Segmentation and Software Supply Chain Protection

(30:44)  Challenges and Considerations in Cloud Security Logging and Storage

(34:37)  Enhancing Cloud Security with Microsoft Sentinel and Vulnerability Reporting

(37:37)  Unveiling Common Vulnerabilities and the Importance of Secure Authentication in Cloud Environments

(42:34) Analyzing Microsoft’s Response to a Security Incident

Episode Resources:

The Blog Post from Charlie Bell

EP39: Are Passkeys the Future of Authentication?

Subcribe to our new YouTube Channel for more

Microsoft’s SFI Expansion, UK’s New PSTI Law & Updates on Change Healthcare Attack

YouTube

By loading the video, you agree to YouTube's privacy policy.
Learn more

Load video

By loading the podcast, you accept Libsyn's privacy policy.
Read more

Load podcast

In this week’s episode, Andy and guest Eric Siron discuss the cybersecurity landscape based on data from the Monthly Threat Report for May 2024. They cover a range of news items, including Microsoft’s recent announcement to expand the Secure Future Initiative, the new PSTI (Product Security and Telecommunications Infrastructure) Act in the UK and a significant brand impersonation campaign targeting the German financial entity Commerzbank. Additionally, they provide updates on the Change Healthcare ransomware attack. 

Key takeaways: 

  • Microsoft’s acknowledgement of security issues is crucial for building customer trust. 
  • The PSTI Act in the UK sets standards for consumer device security and compliance. 
  • Payment of ransoms in ransomware attacks needs to be carefully evaluated. 
  • Data breaches in healthcare can have widespread and long-term consequences for patients and organizations. 

Timestamps: 

(04:02)  Insights from the Latest Monthly Threat Report: Decrease in Email Threats, Top Targeted Industries, and Impersonated Brands

(14:02)  Breaking Bad Habits: QR Codes, OAuth, and User Training

(15:18) Microsoft’s Security Issues and Response to CSRB’s Criticism: Committed to Improve Security

(25:23)  New UK Law Mandates Security Standards for Consumer IoT Devices

(34:02) Impact of Ransomware Attack on Change Healthcare and the Dilemma of Paying Ransom 

Episode Resources:

Full Monthly Threat Report May 2024

Sharpen your Instincts with Security Awareness Training