In this week’s episode, Andy and Paul have a discussion that has been brewing for the past several episodes. Microsoft has experienced a series of security incidents in the last few years. For example, the SolarWinds debacle in 2020, multiple exchange server on-prem issues, and more recently the Storm-0558 incident. 

The core issue that all these problems raise, especially for a major global cloud provider, is trust. Can Microsoft be trusted to secure these services that millions around the globe use every single day? This is the main question that the guys get into in this episode along with lots of other great discussions around security in the Microsoft Cloud.  

Timestamps:

(1:55) – There has been a recent string of security issues at Microsoft 

(6:42) – Storm-0558 

(16:38) – Follow up on the SolarWinds attack from 2020 

(20:50) – Multiple Exchange on-prem vulnerabilities over the last several years 

(22:55) – Power Platform cross-tenant un-authorized access 

(26:61) – Communication seems to be a sore spot across all these issues 

(31:21) – Trust is critical for the survival of “the cloud” 

Episode Resources:

Monthly Threat Report – September 2023

Microsoft 365: The Essential Companion Guide – Free eBook

Paul’s recent article on Microsoft’s security issues

Results of Microsoft’s Storm-0558 Investigation

Find Andy on LinkedIn, Twitter or Mastadon

Find Paul on LinkedIn or Twitter

In this week’s episode, Andy sits down with Daniel Hofmann, the CEO of Hornetsecurity, for an exclusive glimpse into life as a cybersecurity CEO in the modern era. During the episode, Daniel shares the complexities of leading a top-tier security organization exploring the challenges and rewards that come with the role whilst touching upon some predictions for the ever-evolving cybersecurity industry. 

With cybersecurity being an industry that never stands still, the conversation also delves into the constant opportunities for innovation. Tune in to discover ways of staying informed and constantly adapting to the shifting threat landscape. 

Timestamps:

(2:13) – What is it like being the CEO of a Cybersecurity Company? 

(7:27) – What are the main methods that Daniel uses to keep up to date on the industry? 

(10:05) – What was the main driving reason behind founding Hornetsecurity? 

(13:26) – Solving security problems with a unique approach. 

(18:28) – How is AI changing the cybersecurity industry? 

(24:08) – Daniel’s cybersecurity predictions for the future. 

Episode Resources:

Hornetsecurity’s Advanced Threat Protection

Episode 18: Generative AI in Defensive Tools

The Monthly Threat Report by Hornetsecurity brings you monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space.  In today’s episode with Yvonne Bernard – CTO at Hornetsecurity, we are analyzing data from the month of August 2023. 

During the episode, Andy and Yvonne explore the overall threat trends including:  

• The most common malicious file types used to deliver payloads, with HTML files taking the lead 

• The decline of malicious PDF and archive files, likely due to the disruption of Qakbot.  

• The industries that were most targeted over the past month as well as some brands that cybercriminals are impersonating in phishing attacks. 

• The impact of the FBI’s disruption of Qakbot. 

• The Storm-0558 breach. 

• A French government agency and a software vendor in the gaming space both had breaches that accounted for the PII of roughly 14 million individuals being stolen by threat actors. 

Timestamps:

(3:22) – General threat trends for this month’s data period 

(7:11) – What were the most used file types used for malicious payloads during the data period? 

(10:10) – What are the most targeted industries for this data period? 

(12:04) – The most impersonated brands from this month’s report 

(16:52) – Commentary on the FBI’s disruption of the Qakbot Botnet 

(22:54) – An update on the Microsoft Storm-0558 breach 

(33:46) – Data breaches account for 14 million lost records 

Episode Resources:

Full Monthly Threat Report – September 2023

EP07: A Discussion and Analysis of Qakbot 

Security Awareness Service

Andy on LinkedIn, Twitter, Mastadon 

Yvonne on LinkedIn 

Paul Schnackenburg joins Andy in this episode to discuss the recent rebranding of Azure AD to Microsoft Entra ID, as well as talk about some new identity features in the Microsoft Cloud. To kick things off, they provide a brief overview of what Microsoft Entra ID (previously known as Azure AD) is/was and its crucial role in the Microsoft Cloud ecosystem.

Amidst the changes, Andy and Paul emphasize a critical point: IT professionals and security experts primarily care about understanding a platform’s functionality, features, and ability to solve real-world problems. The name may change, but the core value remains the same.

Timestamps:

2:03 – Azure AD is Now Microsoft Entra ID

9:35 – Relevant Acronyms for the Identity Space

13:49 – Entra Internet Access

21:28 – Entra Private Access

26:44 – M365 / Entra ID Tenant Restrictions

30:23 – How Do These Features Factor Into the Storm-0558 Breach?

Episode resources:

Hornetsecurity 365 Total Protection

Podcast episode: Licensing Security Features in M365

Microsoft Entra ID

Azure Active Directory Domain Services

Find Andy on LinkedIn, Twitter or Mastadon

Find Paul on LinkedIn or Twitter

As cybersecurity professionals, MSSPs, and security vendors, we often get mired down in the weeds of the “tech” involved in the job and frequently struggle to convey the value of said technology to the C-Suite. With that said, we’re deviating from our regularly scheduled programming this week to bring you something of a “soft-skills” episode to address this key point.  

This week we’re excited to bring you the business and C-Suite knowledge of our very own Hornetsecurity Chief Operating Officer, Daniel Blank for a discussion on how you can get your leadership team to see value in technology, put priority on security, and ultimately sell cybersecurity to the C-Suite. Hope you enjoy! 

Timestamps:

2:23 – Conveying the Value of Cybersecurity to Leadership without Using the Fear Angle 

15:50 – Compliance and Similar Issues Often Drives C-Suite Attention 

26:05 – An Example – What Would Daniel Look for When Having to Make a C-Suite Decision? 

Episode Resources:

365 Total Protection 

Email Encryption 

Andy on LinkedIn, Twitter or Mastodon 

Daniel on LinkedIn 

In today’s episode, Andy and Umut are unravelling the transformative impact of AI in cybersecurity defense. Discover how AI empowers defenders with enhanced knowledge of setting up robust defense mechanisms, from firewalls to anomaly detection systems. Amidst the prevailing focus on AI’s darker aspects, this episode illuminates its positive role in the security space, equipping blue teams to match wits with increasingly intelligent adversaries. Our hosts, Andy and Umut, both distinguished members of the Security Lab at Hornetsecurity, will provide expert insights into how Hornetsecurity’s suite of products leverages AI to display a concrete example in the industry. 

Join us as we shift the narrative from AI’s potential for malicious use to how defensive toolsets and security experts are harnessing its power.  

Timestamps: 

3:12 – How has AI changed the threat landscape? 

6:10 – How can AI help blue teams? 

16:08 – An example of AI used defensively in a software stack 

26:24 – What advancements in AI in the security space are we likely to see in the future? 

Episode Resources:

EP08: Advanced Threat Protection: A Must Have in Today’s Ecosystem?

EP03: The Reemergence of Emotet and Why Botnets Continue to Return

Advanced Threat Protection

Security Awareness Service

OpenAI Cybersecurity Grant Program

AI can steal data by listening to keystrokes with 95% accuracy

Andy on LinkedIn, Twitter or Mastodon 

Umut on LinkedIn