The Security Swarm Podcast

The Security Swarm Podcast

Welcome to The Security Swarm Podcast – a weekly conversation of the most critical issues facing the world of cybersecurity today, hosted by Andy Syrewicze, Security Evangelist at Hornetsecurity. From the malicious use of AI tools to social engineering scams, each episode hones in on a pertinent topic dissected by an industry expert and backed up by real-world data direct from our Security Lab.

The world of cybersecurity should not be taken on alone – it’s time to join the swarm.

Listen on
Spotify
Listen on
Google Podcasts
Listen on
Apple Podcasts
Listen on
Youtube
EP26: Questionable Methods for Protecting Backups from Ransomware

EP26: Questionable Methods for Protecting Backups from Ransomware

YouTube

By loading the video, you agree to YouTube's privacy policy.
Learn more

Load video

By loading the podcast, you accept Libsyn's privacy policy.
Read more

Load podcast

In today’s episode, we’re delighted to welcome back Eric Siron, who’s no stranger to our show. Andy and Eric will be exploring some historical methods devised by the security community to safeguard backups against ransomware such as air gapping, removable media and application whitelisting. But here’s the twist: we’re approaching these protective measures from the mindset of a relentless threat actor, someone who’s determined to breach your defenses and make your backups their own.

Throughout the episode, we will discuss common misconceptions surrounding these historical solutions, often described as the ultimate ransomware defenses. Do they genuinely live up to the hype? Why do they seem to fall short when used in a vacuum? Tune in to learn more!

Episode Resources:

The Backup Bible by Eric Siron

EP22: Can You Trust Microsoft with Security?

Immutable Protection Against Ransomware

Andy on LinkedIn , Twitter , Mastodon

Eric on Twitter

EP25: Key Takeaways from our Ransomware Survey

YouTube

By loading the video, you agree to YouTube's privacy policy.
Learn more

Load video

By loading the podcast, you accept Libsyn's privacy policy.
Read more

Load podcast

In today’s digital landscape, ransomware threats have become an increasingly significant concern for organizations of all sizes. Cybercriminals are continuously devising new ways to exploit vulnerabilities, and the repercussions can be devastating. Its ever-evolving nature makes it a top threat. To uncover the full extent of its threat, Hornetsecurity recently conducted a survey to gauge the awareness and preparedness of businesses in the face of ransomware attacks. 

In today’s episode, Andy and Matt Frye, Head of Presales and Education at Hornetsecurity, will recap the key findings and insights from the ransomware survey as well as offer effective tools and protocols to protect your business.   

Timestamps:

(3:20) – How important is ransomware protection in terms of IT priorities?

(4:41) – How many organizations do NOT have a DR plan in place? 

(9:28) – How many organizations protect their backups from ransomware? 

(12:10) – What types of tools are organizations using to combat ransomware? 

(15:45) – How many organizations have been victims of ransomware? 

(18:12) – How many ransomware victims managed to recovery from backup? 

(20:50) – What are the most common vectors of attack for ransomware? 

(24:00) – How many people see real value from security awareness training? 

(27:37) – How many organizations using M365 have a DR plan in place for ransomware? 

Episode Resources:

Full Ransomware Survey Results

EP12: What We Learned by Asking the Community About Compliance

EP24: The Danger of Malicious OAuth Apps in M365

YouTube

By loading the video, you agree to YouTube's privacy policy.
Learn more

Load video

By loading the podcast, you accept Libsyn's privacy policy.
Read more

Load podcast

Malicious OAuth apps are an issue that has plagued M365 for many years. By default, end users are given great freedom to “authorize” OAuth apps and provide them access to the M365 tenant, unknowingly creating a security issue that persists even once the affected user’s password has changed! 

In today’s episode, Andy and Paul Schnakenburg discuss the danger of malicious OAuth apps at length, providing listeners info on the danger, what you can do about it, and what you need to look out for! Hope you enjoy! 

Timestamps:

(1:57) – What are malicious OAuth Applications? 

(5:21) – Who can authorize OAuth Applications in a M365 tenant? 

(8:25) – How are malicious OAuth Applications getting past Microsoft Review? 

(14:56) – An example of a how a malicious OAuth Application might function in an attack 

(17:44) – Mitigation and prevention of malicious OAuth Application attacks 

(25:35) – The M365 Essential Companion Guide eBook 

Episode Resources:

M365 Publisher Verification

M365 Publisher Attestation

M365 App Certification

M365 ACAT Tool

Free eBook ‘Microsoft 365: The Essential Companion Guide’

Find Andy on LinkedInTwitter or Mastadon

Find Paul on LinkedIn or Twitter

Monthly Threat Report – October 2023

YouTube

By loading the video, you agree to YouTube's privacy policy.
Learn more

Load video

By loading the podcast, you accept Libsyn's privacy policy.
Read more

Load podcast

The Monthly Threat Report by Hornetsecurity brings you monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space. This edition of the Monthly Threat Report focuses on data from the month of September 2023.  

The cybersecurity landscape is ever-evolving, and this month is no exception. Andy and Umut will be analysing the latest types of email threats. Unsurprisingly, the Entertainment and Mining industries continue to be the bullseye for malicious actors. Over the past 30 days, these sectors have borne the brunt of cyberattacks. Meanwhile, Microsoft remains in the spotlight for all the wrong reasons, as security incidents continue to plague the tech giant. This raises questions about the company’s security culture and its ability to safeguard its vast user base. 

Tune in for more details! 

Episode Resources:

Monthly Threat Report – October 2023

EP23: The Importance of Certification in the Security Space

YouTube

By loading the video, you agree to YouTube's privacy policy.
Learn more

Load video

By loading the podcast, you accept Libsyn's privacy policy.
Read more

Load podcast

You can’t be in the IT security space without thinking about certifications. Certifications are the backbone of our industry, serving as benchmarks for knowledge, skills, and expertise. But, let’s face it, navigating the maze of IT and security certifications available can be a daunting task making it difficult to figure out which route you need to take.  

In today’s episode, Andy and Umut Alemdar explore the critical role certifications play in our field and why these certifications hold more value than just being decorative pieces on your office wall. They’ll also go a little further into the top certifications that are particularly relevant for security professionals in today’s ever-changing cybersecurity landscape. 

Timestamps:

(2:45) – Why is certification important in the Security Space 

(7:28) – What are the benefits of getting certified? 

(11:45) – Vendor-specific certifications 

(16:05) – Are Linux certifications relevant to security professionals? 

(22:21) – What are the most important vendor-agnostic security certifications? 

Episode Resources:

Comptia Security+

GSEC

Cisco CCNA

CISSP

CISM

CEH

OSCP

Careers at Hornetsecurity (We offer training!)

Andy on LinkedInTwitter or Mastodon 

Umut on LinkedIn 

EP22: Can You Trust Microsoft with Security?

YouTube

By loading the video, you agree to YouTube's privacy policy.
Learn more

Load video

By loading the podcast, you accept Libsyn's privacy policy.
Read more

Load podcast

In this week’s episode, Andy and Paul have a discussion that has been brewing for the past several episodes. Microsoft has experienced a series of security incidents in the last few years. For example, the SolarWinds debacle in 2020, multiple exchange server on-prem issues, and more recently the Storm-0558 incident. 

The core issue that all these problems raise, especially for a major global cloud provider, is trust. Can Microsoft be trusted to secure these services that millions around the globe use every single day? This is the main question that the guys get into in this episode along with lots of other great discussions around security in the Microsoft Cloud.  

Timestamps:

(1:55) – There has been a recent string of security issues at Microsoft 

(6:42) – Storm-0558 

(16:38) – Follow up on the SolarWinds attack from 2020 

(20:50) – Multiple Exchange on-prem vulnerabilities over the last several years 

(22:55) – Power Platform cross-tenant un-authorized access 

(26:61) – Communication seems to be a sore spot across all these issues 

(31:21) – Trust is critical for the survival of “the cloud” 

Episode Resources:

Monthly Threat Report – September 2023

Microsoft 365: The Essential Companion Guide – Free eBook

Paul’s recent article on Microsoft’s security issues

Results of Microsoft’s Storm-0558 Investigation

Find Andy on LinkedInTwitter or Mastadon

Find Paul on LinkedIn or Twitter

EP21: Life as a Cybersecurity CEO – An Inside Look

YouTube

By loading the video, you agree to YouTube's privacy policy.
Learn more

Load video

By loading the podcast, you accept Libsyn's privacy policy.
Read more

Load podcast

In this week’s episode, Andy sits down with Daniel Hofmann, the CEO of Hornetsecurity, for an exclusive glimpse into life as a cybersecurity CEO in the modern era. During the episode, Daniel shares the complexities of leading a top-tier security organization exploring the challenges and rewards that come with the role whilst touching upon some predictions for the ever-evolving cybersecurity industry. 

With cybersecurity being an industry that never stands still, the conversation also delves into the constant opportunities for innovation. Tune in to discover ways of staying informed and constantly adapting to the shifting threat landscape. 

Timestamps:

(2:13) – What is it like being the CEO of a Cybersecurity Company? 

(7:27) – What are the main methods that Daniel uses to keep up to date on the industry? 

(10:05) – What was the main driving reason behind founding Hornetsecurity? 

(13:26) – Solving security problems with a unique approach. 

(18:28) – How is AI changing the cybersecurity industry? 

(24:08) – Daniel’s cybersecurity predictions for the future. 

Episode Resources:

Hornetsecurity’s Advanced Threat Protection

Episode 18: Generative AI in Defensive Tools

Monthly Threat Report – September 2023

YouTube

By loading the video, you agree to YouTube's privacy policy.
Learn more

Load video

By loading the podcast, you accept Libsyn's privacy policy.
Read more

Load podcast

The Monthly Threat Report by Hornetsecurity brings you monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space.  In today’s episode with Yvonne Bernard – CTO at Hornetsecurity, we are analyzing data from the month of August 2023. 

During the episode, Andy and Yvonne explore the overall threat trends including:  

  • The most common malicious file types used to deliver payloads, with HTML files taking the lead 

  • The decline of malicious PDF and archive files, likely due to the disruption of Qakbot.  

  • The industries that were most targeted over the past month as well as some brands that cybercriminals are impersonating in phishing attacks. 

  • The impact of the FBI’s disruption of Qakbot. 

  • The Storm-0558 breach. 

  • A French government agency and a software vendor in the gaming space both had breaches that accounted for the PII of roughly 14 million individuals being stolen by threat actors. 

Timestamps:

(3:22) – General threat trends for this month’s data period 

(7:11) – What were the most used file types used for malicious payloads during the data period? 

(10:10) – What are the most targeted industries for this data period? 

(12:04) – The most impersonated brands from this month’s report 

(16:52) – Commentary on the FBI’s disruption of the Qakbot Botnet 

(22:54) – An update on the Microsoft Storm-0558 breach 

(33:46) – Data breaches account for 14 million lost records 

Episode Resources:

Full Monthly Threat Report – September 2023

EP07: A Discussion and Analysis of Qakbot 

Security Awareness Service

Andy on LinkedInTwitterMastadon 

Yvonne on LinkedIn 

EP20: What’s Going on With Microsoft Entra ID?

YouTube

By loading the video, you agree to YouTube's privacy policy.
Learn more

Load video

By loading the podcast, you accept Libsyn's privacy policy.
Read more

Load podcast

Paul Schnackenburg joins Andy in this episode to discuss the recent rebranding of Azure AD to Microsoft Entra ID, as well as talk about some new identity features in the Microsoft Cloud. To kick things off, they provide a brief overview of what Microsoft Entra ID (previously known as Azure AD) is/was and its crucial role in the Microsoft Cloud ecosystem.

Amidst the changes, Andy and Paul emphasize a critical point: IT professionals and security experts primarily care about understanding a platform’s functionality, features, and ability to solve real-world problems. The name may change, but the core value remains the same.

Timestamps:

2:03 – Azure AD is Now Microsoft Entra ID

9:35 – Relevant Acronyms for the Identity Space

13:49 – Entra Internet Access

21:28 – Entra Private Access

26:44 – M365 / Entra ID Tenant Restrictions

30:23 – How Do These Features Factor Into the Storm-0558 Breach?

Episode resources:

Hornetsecurity 365 Total Protection

Podcast episode: Licensing Security Features in M365

Microsoft Entra ID

Azure Active Directory Domain Services

Find Andy on LinkedInTwitter or Mastadon

Find Paul on LinkedIn or Twitter

EP19: How to Sell Cybersecurity to the C-Suite

YouTube

By loading the video, you agree to YouTube's privacy policy.
Learn more

Load video

By loading the podcast, you accept Libsyn's privacy policy.
Read more

Load podcast

As cybersecurity professionals, MSSPs, and security vendors, we often get mired down in the weeds of the “tech” involved in the job and frequently struggle to convey the value of said technology to the C-Suite. With that said, we’re deviating from our regularly scheduled programming this week to bring you something of a “soft-skills” episode to address this key point.  

This week we’re excited to bring you the business and C-Suite knowledge of our very own Hornetsecurity Chief Operating Officer, Daniel Blank for a discussion on how you can get your leadership team to see value in technology, put priority on security, and ultimately sell cybersecurity to the C-Suite. Hope you enjoy! 

Timestamps:

2:23 – Conveying the Value of Cybersecurity to Leadership without Using the Fear Angle 

15:50 – Compliance and Similar Issues Often Drives C-Suite Attention 

26:05 – An Example – What Would Daniel Look for When Having to Make a C-Suite Decision? 

Episode Resources:

365 Total Protection 

Email Encryption 

Andy on LinkedInTwitter or Mastodon 

Daniel on LinkedIn 

The new Backup Bible