Title: Cybersecurity Growth #4 - Zerø Trust

Opening

• When You Arrived instrumental as theme song

Former Chief Security Officer of Rapid7 and former CISO of Tricentis

Musician here on Twitch and elsewhere, MusicBySV (more on that later)

Top News Stories

https://www.networkworld.com/article/3687168/ntt-palo-alto-partner-for-managed-sase-with-aiops.html

By Maria Korolov, Network World

NTT, Palo Alto partner for managed SASE with AIOps

Using a managed services provider to deliver SASE can streamline deployment and free up enterprise resources.

“A new offering from IT services provider NTT combines Palo Alto Networks' Prisma SASE offering with NTT's managed network services and AIOps infrastructure.

SASE – secure access service edge – has been gaining interest for its potential to reduce networking complexity while improving security. It combines SD-WAN with security services, including secure web access gateway (SWG), cloud access security broker (CASB), zero-trust network access (ZTNA), and firewall-as-a-service (FWaaS), in a single, cloud-delivered service model.”

“The benefits of using an MSP for SASE include having a single source for setup and management, gaining access to skills that an enterprise might not have in house, and flexible financing models.”

https://www.csoonline.com/article/3686610/hackers-abuse-legitimate-remote-monitoring-and-management-tools-in-attacks.html

By Lucian Constantin, CSO Online

Hackers abuse legitimate remote monitoring and management tools in attacks

Researchers and government agencies warn that threat actors are increasing their use of commercial RMM tools to enable financial scams.

“Security researchers warn that an increasing number of attackers are using legitimate remote monitoring and management (RMM) tools in their attacks to achieve remote access and control over systems. These tools are commonly used by managed service providers (MSPs) and IT help desks so their presence on an organization's network and systems might not raise suspicion.

Researchers from Cisco Talos reported this week that one particular commercial RMM tool called Syncro was observed in a third of the incident response cases the company was engaged in during the fourth quarter of 2022. However, this wasn't the only such tool used.

Separately in a joint advisory this week, the US Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA) the and Multi-State Information Sharing and Analysis Center (MS-ISAC) warned about the use of RMM tools in a refund scam that targeted the employees of multiple federal agencies.”

My takeaway, if you aren’t currently being very diligent in removing remote access tools from your environment, and only explicitly allowing in certain tools, by certain users, on certain machines, …you should start making that a priority in your strategy.

Death By Slides

- Zerø Trust, a brief overview

What’chu Listening To or Creating

• Saw G. Love & Donavan Frankenreiter in concert last night. Two different artists that are similar to and friends with Jack Johnson; both with a spin on blues. G. Love more Blues meets hip-hop, and Donovan more laid-back blues meets rock.
• G. Love & Special Sauce. I Like Cold Beverages. Baby’s Got Sauce.
• Donavon Frankenriter. Free
• New Octavate song Hold My Drink

That’s a Wrap

• Concluding topics
• Thank you for listening
• I’m Shawn Valle, creator of this show and the music here on Cybersecurity Growth
• Cybersecuritygrowth.com and cybersecuritygrowth.com/blog
• @shawnvalle or @cybersecuritygrowth
• If you like the show, please tell your friends. If you hate it, tell your adversaries. Like/subscribe and leave 5-stars and a review like “great show, I learned something new to help me in my cybersecurity career.”
• This week we covered...
• Plans for next week
• Live on Twitch weekly, Fridays at 10:30 AM EST, 7:30 AM PST, 3:30 PM GMT in your pod feeds a few days later.