The CyberCast
The CyberCast is purpose built for MSPs, MSSPs and IT Practitioners.In each episode you will learn about a new security control, how it maps to the different frameworks, the impact it has, building a policy around it, how the threat actors exploit it - via MITRE ATT&CK - what you can do to defend against it - MITRE Shield, common mistakes or oversights made when implementing into their tech stack and trends.Sponsors:Datto - CIS Control 3 - Data ProtectionNetwrix - CIS Control 3 - Data ProtectionDuo - CIS Control - Multifactor Authentication
Episodes
20 episodes
CIS Controls - Version 8.1 Update Overview
With the release of NIST Cybersecurity Framework 2.0, CIS felt strongly that an update to The Controls was necessary to crossmap to CSF 2.0. Specifically the strongest driver, was the release of the Govern function.Co-hosts:<...
•
Season 2
•
Episode 19
•
52:09
CIS Control 18 - Penetration Testing - Sponsored by Hacket Cyber
Penetration testing is something that more companies and organizations should be considering a necessary expense. Pen Testing is an important aspect of discovery and identifying potential critical vulnerabilities within your organizations...
•
1:06:26
CIS Control 17 - Incident Response Management - Sponsored by Exigence
The biggest takeaway from CIS Control 17 is that planning and communication are critical when responding to an incident. The longer an intruder has access to your network, the more time they’ve had to embed themselves into your systems. ...
•
53:38
CIS Control 16 - Application Software Security - Sponsored by Manicode
CIS Control 16 - Application Software SecurityThe way in which we interact with applications has changed dramatically over years. Organizations use applications in day-to-day operations to manage their most sensitive data and control...
•
1:06:54
CIS Control 15 - Service Provider Management
LastPass and the recent Rackspace Exchange incident are two prime examples of "why" this Control is Critical!!Develop a process to evaluate service providers who hold sensitive data, or are responsible for critical IT platforms or proce...
•
1:02:48
CIS Control 14 - Security Awareness and Skills Training - sponsored by Phin Security
MSP/MSSPs should offer solutions to provide users with frequent security awareness training to increase its overall security posture. The information provided by the security awareness training should be relevant and provide insights into recen...
•
1:17:30
CIS Control 13 - Network Monitoring and Defense - sponsor by ConnectWise
Network monitoring and defense is one of only two controls that does not contain any Implementation Group 1 Safeguards in Controls version 8. This control is geared towards mature MSPs, MSSPs & organizations who have a mindset of ...
•
1:06:16
CIS Control 12 - Network Infrastructure Management - sponsored by Domotz!
Abstract: Network Infrastructure Management - Establish, implement, and actively manage network devices, in order to prevent attackers from exploiting vulnerable network services and access points. Network infrastructure dev...
•
Season 1
•
Episode 12
•
57:28
CIS Control 11 - Data Recovery - sponsored by Datto!
Abstract: Data loss can be a consequence of a variety of factors from malicious ransomware, threat actors using "Double Extortion" and exfiltration, human error and natural disasters like hurricanes. Regardless of the reason for da...
•
Season 1
•
Episode 11
•
1:04:20
CIS Control 10 - Malware Defenses - sponsored by Malwarebytes!
Abstract: With the continuing rise of ransomware, malware defenses are more critical than ever before with regard to securing your MSP and clients. Malware defenses must be able to operate in a dynamic environment through automati...
•
48:34
CIS Control 9 - Email & Web Browser Protections - sponsored by Cisco Secure MSP
Abstract: Web browsers and email clients are very common points of entry for attackers because of their direct interaction with users inside an organization. Content can be crafted to entice or spoof users into disclosing credentia...
•
Season 1
•
Episode 10
•
56:13
CIS Control 8 - Audit Log Management - sponsored by Blackpoint Cyber
Abstract: Log collection and analysis is critical for an organization's ability to detect malicious activity quickly. Sometimes audit logs are the only evidence of a successful attack. Attackers know that many organizations k...
•
59:43
CIS Control 7 - Continuous Vulnerability Management - sponsored by CyberCNS
Note we discuss Log4j as this is a very timely topic to this control. Abstract: Cyber defenders are constantly being challenged from attackers who are looking for vulnerabilities within their infrastructure to exploit and ...
•
54:37
CIS Control 6 - Access Control Management - sponsored by Appgate
Abstract: It is easier for an external or internal threat actor to gain unauthorized access to assets or data through using valid user credentials than through "hacking" the environment. There are many ways to covertly obtain acces...
•
52:06
CIS Control 5 - Account Management - sponsored by Keeper Security
Abstract: There are many ways to covertly obtain access to user accounts, including: week passwords, accounts still valid after a user leaves the enterprise, dormant or lingering test accounts, shared accounts that have not been changed ...
•
Season 1
•
Episode 5
•
1:04:31
Control 4: Secure Configuration of Enterprise Assets - sponsored by ThreatLocker
Abstract: Learn why the number one thing organizations can do to defend their networks against top attacks, is to implement secure configurations! Azure Breach (8/26/2021): According To Wiz who found the CosmosDB Vul...
•
Season 1
•
Episode 4
•
45:36
Control 3: Data Protection (part 2) - Sponsored by Datto
Abstract: CIS Control 3 is Data Protection and data is pretty much what's at stake for a high percentage of cyber attacks. Data is more valuable than oil and it fuels many organizations. Many of the baseline security recomme...
•
31:15
Control 3: Data Protection (part 1) - Sponsored by Netwrix
Abstract: CIS Control 3 is Data Protection and data is pretty much what's at stake for a high percentage of cyber attacks. Data is more valuable than oil and it fuels many organizations. Many of the baseline security recommendation...
•
Season 1
•
Episode 3
•
25:16
Control 1 & 2: Inventory Control of Enterprise Hardware & Software Assets - Sponsored by CyberCNS
Abstract: There is a cybersecurity saying; “you can’t protect what you don’t know about.” Without visibility into your information assets, their value, where they live, how they relate to each other and who has access to them, any ...
•
39:34
Multifactor Authentication (MFA) - sponsored by Cisco Duo
Google reports that Multifactor Authentication (MFA) prevents more than 96% of bulk phishing attempts and more than 76% of targeted attacks that are credential based.In this episode, learn how MFA maps to the different security framewor...
•
Season 1
•
Episode 1
•
36:19