Privileged Account Management with CyberArk

For Chris Grundemann, one of the best ways to protect a cloud service is to implement a rock-solid security solution. To truly achieve this, privileged account management must be a primary concern. At Security Field Day, he heard from CyberArk how they are implementing this for their customer base. The company was originally founded in 1999, and have used their experience guarding secrets to trickle down an excellent PAM solution to customers.


Microsegmentation: Worth Implementing Over a Host-Based Firewall?

In this post, Ken Nalbone looks into VMware’s NSX microsegmentation implementation as they presented at Security Field Day. He looks at the benefits of that approach vs a more typical host-based firewall. He breaks down the performance, security, and governance advantages of using this hypervisor-based approach for modern enterprises.


BiB 068: Aporeto’s Identity Based Workload Segmentation

In this episode of the Briefings in Brief podcast, host Ethan Banks looks at what he heard from Aporeto at Security Field Day late last year. What he saw was far from another also-ran security startup. Aporeto distinguishes itself by looking at application security as separate from network security. They provide a cryptographic identifier to all hosts, containers, processes, functions, and users, which is used as the basis for a robust policy engine. This decoupling of network and workload security is key for a true defense-in-depth approach.


Using Identity To Secure Workloads with Aporeto

Security issues with digital identity are only going to increase with time. At Security Field Day, Aporeto presented on how they help organizations manage this in a scalable way. Tom Hollingsworth looks how they offer digitally sign containers. This allows organizations to trust a workload, from which you can build robust policy automation around that foundation of trust.


Security through Virtualization (brought to you by VMware)

Chris Grundemann got to hear from VMware at multiple events this year, bookending the year with at Networking Field Day in January and Security Field Day in December. They outlined their vision for a business network fabric that can connect all applications to users virtually with full visibility into endpoints and control over connections. The two presentations left Chris pretty excited with where VMware is heading right now.


Aruba and the Need for WPA3 with OWE

At Security Field Day, Aruba did a deep dive into a key feature of WPA3. Aruba had a lot of input into the successor to the long in the tooth WPA2, and detailed the optional Opportunistic Wireless encryption in the standard. This provides encryption for open wireless networks for information passed in the clear outside of the application payload. Tom Hollingsworth makes the argument that this should be a mandatory part of the standard, providing true defense in depth for traffic that falls outside SSL/TLS.


Enterprise Secrets + Privileged Account Management

It was great to have Jeff Wilson along as a delegate for our inaugural Security Field Day event this past December. He’s knows the pains associated with managing enterprise privileged accounts. Given the number of hacks in 2018, it’s definitely top of mind for any security professional. That’s why Jeff found CyberArk’s presentation so interesting. He found their Privileged Access Security Suite remarkably mature and refined, which is no surprise given their 20 year history in the space. They provide a solution for a key problem most IT teams don’t know they have: Security and technical debt from years of tactical, rather than strategic, IT investments.


Security Field Day @San Jose

We were fortunate to have Enrico Sorge along as a delegate for our inaugural Security Field Day event. In this post, he previews some of his coverage to come about the individual presentation. The Field Day experience is definitely unique, as Enrico found as they hopped around Silicon Valley in a limo. But most importantly, he found the event to be a valuable melting pot of ideas from delegates and presenting companies alike. We can’t wait to read more of his impressions about the presenters!


Building More Factors For Security with Cisco Duo

Cisco was one of the companies that presented at our inaugural Security Field Day event in December. Tom Hollingsworth breaks down what he saw at the event from Cisco Duo, their authentication platform. This provides intelligent multifactor authentication. It does this by not assuming endpoints are secure, enforcing the latest firmware, and supporting geofencing and time zone awareness. This allows you to build policy enforcement into your 2FA from the ground up.


Stuck in Traffic – Micro-segmentation

It stinks that J Wolfgang Goerlich gets stuck in traffic so much, but the silver lining is that he creates more great IT videos. In this one, he’s discussing micro-segmentation, which is crucial for organizations that need more and more granular security controls. This effectively segments and firewalling around an individual hosts. At Security Field Day, he got to hear from VMware is approaching this with NSX.


Stuck in Traffic – Doug Engelbart

Even though J Wolfgang Goerlich is stuck in traffic, that doesn’t mean he can’t put together some great security content. In this video, he considers the influence of Doug Engelbart, and how we can use collective intelligence to augment cyber security practices, particularly with automation. At Security Field Day, he saw Cisco take this approach with Cisco Threat Response.


Tech Field Day: Day 1

Paul Snyder was one of the delegates invited to the inaugural Security Field Day earlier this month. This was his first time at a Field Day event, he found it to be one of the best professional experiences he’s ever had. He found the event separates itself from others in the industry, because the delegates have total candor and freedom to express how they truly feel about the presenting companies. Maintaining this independence is critical for maintaining constructive dialogues.


Some Random Thoughts From Security Field Day

Tom Hollingsworth just finished up the inaugural Security Field Day. As the organizer, Tom has some unique perspective, getting an inside look at both the presenting companies and delegates. I’m sure we’ll see a lot of takeaways from the event, but these initial thoughts by Tom are an interesting look at security from a more IT generalist perspective. The big thing here is that security isn’t about tools, it’s about embracing a way of thinking, and realizing that failure is a likely outcome over time.


Meet the Security Field Day Delegates: Jeff Wilson

Aruba has been getting ready for Security Field Day by introducing the delegates in a series of interviews. In this post, Jamie Easley spoke with delegate Jeff Wilson. They discussed how the iMac G3 got him into IT, the importance of code integrity, and overlooked security risk. Be sure to look out for Jeff during Security Field Day’s live stream this week.


Meet the Security Field Day Delegates: Kori Younger

Jamie Easley with Aruba is doing profile posts about the delegates for Security Field Day. This time around, he’s talking with Kori Younger. They discussed how she got interested in technology, advocating for women in the industry, and how to raise better awareness of cybersecurity.


Meet the Security Field Day Delegates: Christopher Kusek

Jamie Easley with Aruba has been writing a series of posts introducing many of the Security Field Day delegates. This time, he’s talking with Christopher Kusek. They discuss how he got his start in security, his best tips for business and personal security, and his favorite security memes.


Meet the Security Field Day Delegates: Paul Snyder

In preparation for their presentation at Security Field Day next week, Aruba’s Jamie Easley wrote up a post to get to know one of the delegates for the event, Paul Snyder. They discussed how Paul got into IT security, what the industry can do to attract more security professionals, and what are some of the overlooked security issues in modern enterprises.