Security Boulevard

via the just-in-time jocularity & water-slide wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘’Hiking” appeared first on Security Boulevard.

via the comic artistry and dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘’100% All Achievements” appeared first on Security Boulevard.

Summary

In this episode of The Defender’s Log, host David Redekop interviews Sami Khoury, the Senior Official for Cybersecurity for the Government of Canada. With a career spanning 33 years at the Communication Security Establishment (CSE), Khoury shares how a coincidental job application blossomed into a lifelong passion for national security.

Khoury emphasizes that modern cyber defense is a team sport. He discusses the evolution of the CSE, particularly the 2018 creation of the Canadian Centre for Cyber Security, which enabled crucial collaboration with the private sector. This partnership is vital for sharing threat intelligence and protecting Canada’s digital infrastructure, intellectual property, and economic security.

Addressing today’s top threat, Khoury identifies ransomware as a persistent and evolving challenge for Canadian organizations. He explains that attackers have shifted from just locking systems to data theft and extortion. While there’s no law against paying a ransom, he cautions that it fuels the criminal ecosystem and offers no guarantee of data recovery.

Ultimately, Khoury’s message is one of proactive defense and collaboration. He encourages organizations to build resilience and highlights CSE’s role in creating a safer digital space for all Canadians, underscoring that cybersecurity is a shared responsibility.

Full episode of The Defender’s Log here:

Cyber Warriors: Insights from Canada's Cybersecurity Leader | Sami Khoury | The Defender’s Log

TL;DR

• Cyber Defense is a Team Sport: Protecting Canada’s digital infrastructure requires strong collaboration between the government’s Communication Security Establishment (CSE) and private sector companies to share threat intelligence.
• Ransomware is the #1 Threat: It remains the most significant and evolving danger to Canadian organizations. Attackers have shifted from just locking systems to data theft and extortion.
• Don’t Fuel the Fire: While it’s a business decision, paying ransoms funds the criminal ecosystem and offers no guarantee that attackers will keep their word or that you won’t be targeted again.
• Proactive Defense is Key: The goal is to make it too difficult and expensive for attackers to succeed in Canada. This includes adopting “secure by design” principles and using protective services like CIRA’s Canadian Shield.
• A Lifelong Mission: Khoury’s 33-year career at CSE began by coincidence but grew into a passion. He encourages the next generation of defenders, stressing that failures are crucial stepping stones to success.

Links

View it on YouTube: https://www.youtube.com/watch?v=i8W-FljMVDE

Listen to the episode on your favourite podcast platform:

Apple
https://podcasts.apple.com/us/podcast/cyber-warriors-digital-shadows-insights-from-canadas/id1829031081?i=1000732131347

Spotify
https://open.spotify.com/episode/0re8S6g4fTjcgZLIvFEHJ3

Amazon Music
https://music.amazon.ca/podcasts/d7aa9a19-d092-42a6-9fe9-9e8d81f68d30/the-defender’s-log-podcast

ADAMnetworks
https://adamnet.works

Defenders Log Episode 7: Transcript Cyber Warriors & Digital Shadows: Insights from Canada’s Cybersecurity Leader

Intro Announcer: What was the original spark? I’m not afraid to fail. I do what I do because I enjoy it. You could not download a Linux distribution from the US. There is a lot of money to be made in the ransomware ecosystem. That is so simple. Why doesn’t everybody do it? We have a budget, but so do attackers. Our digital infrastructure is so vital. We had no ability to interact with the private sector. When did you do your best learning? CSE called and said, “Can you come to Ottawa for an interview?” That’s how it all started. Wow. That is really a source of encouragement for me for the next generation of defenders. Let’s try new ideas and try them fast. Oh, that’s where we need to go.

Deep in the digital shadows, where threats hide behind any random bite, a fearless crew of cyber security warriors guards the line between chaos and order. Their epic battles are rarely spoken of until today. Welcome to the defenders log, where we crack open the secrets of top security chiefs, CISOs, and architects who faced the abyss and won. Here’s your host, David Redekop.

David Redekop: Welcome to another episode of the Defenders Log. This is episode number 007 and my guest Sami Curry is actually even more special than just that number. Sami has been in the communication security establishment for at least as long as I have been and he now serves as the senior official for cyber security for our government, the government of Canada. Welcome 007.

Sami Khoury: Good morning, David, and great to be with you on this special edition of the podcast.

David Redekop: It is really good to have you and I was just thinking about this number 007 and the number seven has such an important meaning in my life and I’m wondering if that number appears elsewhere in your life too.

Sami Khoury: Well, I mean there’s the connotation of 007 and the life at CSE. There’s also my parking spot happened to be 007 coincidentally. So, so yes, if you go into our parking lot, you’ll see that I’m in the building or I’m not in the building. So, another coincidence, but yeah, it’s the aura and the mystique of being in that intelligence security space.

David Redekop: Well, maybe the 007 parking spot is not so much a coincidence. Sami, have you thought about that? Maybe it’s meant to be a coincidence to you. Made greater powers at play. So we are all part of a greater ecosystem and we only have visibility so far, right? And that visibility component seems to be cropping up over and over again in our world. Well, I’m glad that you had the opportunity to set aside some time and it is cyber security awareness month in October which is really good and and I’m glad that we get to spend some time together today. You’ve had a pretty rich life as far as cyber and defense is concerned years you given that you’ve been in the business as long as I have been, I figure I’m just roughly guessing. Yeah. Uh what did I see? You’ve been a research engineer since 19 Well, you started in 1992 as a research engineer. Yeah. I’m always curious about someone who’s been in this space for as long as we have been. What was the original spark or the original passion that evolved to your long-term engagement in the cyber space?

Sami Khoury: You’re right. I’ve been at TSC now 33 years. I joined in 1992 having finished my masters in Montreal at Concordia University. I will say that how I landed at CSE is probably a coincidence because back then I was finishing my graduate studies. You were looking for employment. you look through what used to be the blue pages of the phone book for those who remember when we had phone books and at the end of the phone book there used to be the blue pages which which were all the government agencies and I was specifically looking for the communication research center having done my studies in in communication acoustics and those kind of things so CRC and just under CRC I saw CE with the name communication in it. So I said I might as well apply there too. So I sent my resume to both CRC and CSE and lo and behold cse calls and said can you come to Ottawa for an interview and that’s how it all started. So again it’s coincident that I landed where I am. I think the intrigue of the organization, you know, I went to the library, tried to find stuff on CSE was back then very little was known about the organization. There was barely an article or two. So that added to the mystique of the intrigue of saying that organization. The going through the clearance process and being offered a job that you didn’t know much about also added to the intrigue. So I guess I can say I came for the intrigue but I stayed for the passion. The mission kind of bites you and and you know since 1992 I’ve had like you said a very rewarding career at CSE. I spent 25 years on the intelligence side of the house then the CIO of the organization at a fairly interesting time during the pandemic. So transforming the organization IT-wise during the pandemic and more recently as the head of the cyber center last year transitioning into that role of government of Canada senior official for cyber security. So that’s the trajectory of my career over the last 33 years or so.

David Redekop: Wow. That is really a source of encouragement for me for the next generation of defenders that we’re looking to raise and bring into the space to show that there are lots of different paths that can lead to a rewarding career. And really a rewarding career is where you feel that you’ve had a positive impact. Uh would be one of the I would guess would be your way of measuring that as well. So, you now provide expert advice to senior officials, to deputy ministers. Can you tell us a little bit about what your day-to-day looks like today?

Sami Khoury: The day-to-day varies. So, there are no two days alike, just like there are no two cyber incidents alike. Today, for example, we’re recording that podcast, but I’m also preparing for an overseas trip next week. So for getting my notes ready if I’m not traveling which I do a fair bit of travel sometimes inside Canada sometimes outside Canada. So outside of those travel windows where I end up speaking at events. So earlier this week I was in Toronto speaking at a supply chain risk management event. Last week at insider threat event next week I’m in London. So outside of that window I participate in some committee on cyber security. It could be um you know associate deputy minister level. It could be deputy minister level committees where hopefully I provide some of my perspective on sort of the evolution of our cyber security landscape or some current thinking around our digital landscape in government and beyond. I am participating in other meetings at cse. So while I am at CSE, I also am part of the executive committee of CSE. So I do take part in some of these meetings when I’m not traveling. So that is that’s a bit of the the day-to-day that that keeps me busy getting ready for travel, you know, recapping outcomes from from trips that I might have taken or conferences I might have attended and seeing how we can connect more dots and otherwise read and catch up on on email. So that is that’s what a day-to-day would look like in my in my life.

David Redekop: It occurred to me that we used to always look at the difference between technology innovation as it happens versus public policy catching up. And that gap is what very often gets used and abused. And a lot of that had to do with just the pace of innovation, the pace of changes that occurred over the last number of decades. Well, especially since the internet, right? Is that gap getting narrower? Are we finding a way to catch up from your perspective by just more generalizing or how do we fare today compared to say 30 years ago when you started?

Sami Khoury: Policy sometimes does play a catch-up a catch-up role and we work very closely with our colleagues at public safety when it’s sort of external policy and we work very closely with our colleagues at Treasury Board when it’s government of Canada sort of IT policies we have to be agile in the way that we respond to the technology environment with Treasury Board you know it’s I would say it’s fairly agile in the sense that we could we could work with them and and they would then issue to policy implementation notices where you know 90 days, 180 days, 270 days where you know there is there is a goal to move the yard sick forward for example on certain things like MFA outside of government we work with public safety the there is a consultation process and then there is a government agenda that has to be factored in so we learned for example from the first national cyber security strategy with which was released in 2018 that having a cyber security strategy that is outlined in 5 years might not be realistic in today’s fast moving technology environment. So the most recent cyber security strategy that was released earlier this year in 2025 has hooks in it for additional plans to be tabled. So, we’re not going to prescribe the entire cyber security strategy in a big document over five years, but we’re going to identify the pillars that that strategy is built on and then work more in a more agile way to develop for example a talent plan or a um maybe technology innovation plan and those kind of things. So, we do learn to adapt over the years to sort of that fast move fast fast-paced move in the technology space.

David Redekop: Very good. And I’ve certainly noticed that there’s been over the last while there’s been an increased amount of transparency in terms of what the real threats are. Uh obviously as incidents occur, there’s still no wisdom in immediately sharing too much information because keeping certain information quiet and secret gives the defender an advantage. But over time that does need to come to light in order for other defenders to learn from what happened behind the scenes. I’m recalling how the NSA had these very advanced tools that were being developed within their own red team that eventually came to light and then the moment it came to light then of course attackers started to use the same strategies. Are we still in a place where we feel that at the highest levels we have a strategic advantage against adversaries without you going into details you can’t reveal? Do we still have programs that give us at the highest level that strategic advantage?

Sami Khoury: The short answer is yes. Cyber defense is a team sport and you touched on many things in your preamble to the question. So the cyber center was stood up in 2018. So prior to 2018, we had no ability to interact with the private sector. So part of the 2018 national cyber security strategy was a recognition by the government that there are some capabilities at CSE that needed to be made available to the rest of Canada and the the cyber center at that at that point was stood up and given a mandate to sort of spread its wing across across the Canadian landscape not just across the Canadian government. And that’s where we reach out to talk about alerts. We publish lots of advice and guidance and we hope that in doing so people will recognize the value of interacting with the cyber center and share with us or reach out to the cyber center when there’s an incident to share information about the incident so that the cyber center can then connect a few dots and recognize whether this is a new tactic a new technique or a campaign going across Canada maybe against hospital or against manufacturing. So that ability to connect the dots is something that the cyber center can do but also understanding the nitty-gritty details of what’s behind an incident is something that the cyber center could do. So it’s a two-way street there. The important role also where the cyber center is positioned is super important to touch on because it lives within CSE which has a foreign intelligence mandate and from that perspective we do have capabilities to get into I would say the cyberspace of our adversaries and understand a little bit their intentions, understand their capabilities and and get a bit of a head start into predicting or anticipating hopefully where they will go or how they will do whatever it is that they will do. So there is a a very connected relationship between the cyber center and and the intelligence side of the house kind of two faces of of or two sides of one coin that gives us that advantage of working together not just to understand what’s coming at us but also potentially decomposing a threat and being able to reverse engineer it as to where the did where it did come from. So, that symbiotic relationship between the cyber center and the intelligence side of the house gives us an advantage that I would think puts us in a good position to not only defend the government of Canada network but also be up to date with the state of the threat that Canada faces out there.

David Redekop: That’s really fascinating and I’m so encouraged to hear that that is progressing forward and I’m wondering if there’s also integration with organizations like citizen lab out of the University of Toronto. Is there collaboration as well?

Sami Khoury: Describe collaboration as rings of collaboration. So at the innermost ring of collaboration of course it’s the cyber center and the intelligence side. within CSE that’s I would think the innermost ring and as you step outside then we have the the tripartite with treasury board and shared services to look at to look at you know government of Canada system and as we step maybe one ring outward then we work with public safety and and other government department to look at maybe more outward-f facing public policy on cyber security then we get into critical infrastructure all sectors of the Canadian economy economy be it finance being telecommunication being healthcare we will reach out to all of these in order to work with them including academia in some cases. So without naming names and saying we collaborate with one organization versus another I would say that you know wherever we identify an opportunity to work with partners out there we will leverage that opportunity. It could be one-on-one and it could be sometimes one too many. You bring a few folks in the room who agree to um in a way park their competitiveness at the door, work in a collaborative way for the good of their cyber defenses or for the good of the country. Uh so we will use whatever model works best. and there’s no one like there’s no cookie cutter approach. So in some cases in particular sectors we might bring them together in other industries might prefer to work one-on-one with us. Of course there’s always a capacity issue. Uh but having said that the teams at the cyber center will know how to prioritize the best value for outcomes in that case.

David Redekop: Now, that’s really good to know. And if we get down to one specific incident that is now so far past that I think the world already knows all the details that are knowable about Nortel. Nortel when the incident happened, it didn’t happen overnight. It happened over a period of time and we got into this crazy place where the total market cap of Nortel represented the highest ratio of our total GDP. Like it had never arrived at that level of value in history before or since. Like that is how outsized importance we allocated to this company called Nortel. And it was a pride and joy of Canada, right? It required … It showed evidence of tremendous amount of collaborative engineering that brought necessary products to the world at the right time just when communications was really surging. Was there any involvement at that time yet from a senior government level as it became very clear what was happening with Nortel at the side?

Sami Khoury: That’s a tough question. But you know from a cyber security perspective we, collectively we don’t like to single out specific specific incidents because we’re trying to build trust with the sector and we don’t know who might be the next Nortell or who might be the next victim. So my preference is not to tackle a specific incident and talk about how we help organizations protect their intellectual property so that we don’t run into similar situations. How do we help them raise their cyber resilience by sharing as much as possible as much as we can on the threat landscape and what we are seeing and and work with them to to raise their cyber resilience. So myself and my colleagues at the cyber center are out there and either talking one-on-one in case there is sort of an imminent cyber danger or or talking in a collective way about the latest threats. We publish twice, sorry every two years they publish the national cyber threat assessment. So that gives organizations the what’s and Canadian at large what is happening in the threat landscape and also organized briefings for particular sectors. They come to the cyber center. Sometimes those briefings are classified briefings where we share with them a sort of insight about the context of the threats or why we are warning about a specific thing. So, the idea is that you know the threat landscape continues to grow. The actors continue to get more and more sophisticated and we want to make sure that our intellectual property is always at risk. The key is to make sure that malicious actor don’t take advantage of sort of weaknesses in in IT and then and then take advantage of that weaknesses to steal all of the hard work that Canadian have put behind innovation and and then take that intellectual property and turn it around and in a way beak us to market with maybe cheaper products or or faster delivery of some of those products.

David Redekop: You did tell me that you could not talk about any specific incidents, but I had to ask that one because many Canadians are interested in knowing as much as possible about that. So, forgive me for asking you anyway. Um, but our digital infrastructure is so vital to our economy and entrepreneurs globally. We are a country that still wants to invite the right kind of brain power from anywhere in the world where it exists. And the way we’re going to do that is to provide such entrepreneurs with the confidence to say in this place in this economy, you’re going to be safe and you’re going to have an ecosystem that is rich with ideas and freedom of thought and innovation, right? And so that there’s all kinds of reasons why protecting our economy, especially in digital infrastructure, is so important. Not and that’s not to dismiss our own national security, right? Everyone is more concerned today than we were a year or five or even 10 years ago.

Sami Khoury: Absolutely right, David. I mean, cyber security is national security and economic security. So we have to do everything we can to from the cyber center from CSE’s perspective to convey the gravity or the severity of what the threat of the day is with not just you know scary messages but also with constructive capabilities to defend yourself. So the idea being that this is the threat and this is how you mitigate it. Not just this is the threat and then deal with it. So how do you mitigate the threat? And in the national cyber threat assessment with every threat there is a mitigation advice that has been conveyed but also you know paying particular focus to the research community and working with academia and how to craft secure research contracts or how do you make sure that the investments or the grants that you get from a research perspective are have a commensurate investment in in cyber security so that as you innovate and put Canada on the map this is not for nothing at the end that somebody manages to because I mean to be the research community is a collaborative community but also and an open community. So, how do we encourage them to continue to do that, but in a safe and secure way that it’s not just a one-way street where everything I do is sort of automatically shared and maybe even abused by others.

David Redekop: Yeah, I do appreciate the fact that we really did lead the world. Uh, as far as I understand it, I am not a public policy expert, but when we implemented a privacy commissioner and made a very specific requirement that a privacy officer of any corporation in Canada must report incidents to the privacy commissioner in a very very fast turnaround time. Um what that did is it created the right kind of purposeful attention within the suite of organizations to say well if I’m going to be the one that’s going to be required to report the breach you know what I am going to put my absolute best defensive foot forward to prevent that from happening and and then we saw a number of other other countries follow that as well. So that was definitely a good example where we led by doing the right policy at the right time.

Sami Khoury: There’s a lot to be proud of in Canada, not just on the policy side, but also on the innovation side. And often I hear in my engagement that Canada punches above its weight. We are recognized, you know, in things like AI and things like quantum as having quite the rich and vibrant and innovative ecosystem that we need to protect. So how do we work with those you know academia with the startups with the companies to make sure that they appreciate the threat but also protect their investments so that it doesn’t go out the back door. Your point about privacy is super important and and you know our identity is our crown jewel at the end of the day and and uh you know it’s in the news every day there is a breach that results in identities being stolen and then bartered on the dark web. So protecting the privacy of Canadians is important and falls to the privacy commissioner. We are very much interested in understanding how the breach happened and how we prevent other breaches like that from happening. There is a clear separation between the privacy commissioner and the role of CSE and the cyber center. So, so and corporations need to understand their obligations from a privacy perspective toward the privacy commissioner but also you know I would say their role as good corporate citizen because there is no obligation to report incidents to the cyber center but I would hope that their role as good corporate citizens to recognize that there is value in reporting that incident that we hold that incidents in the highest respect and privacy as you pointed out and as I mentioned We don’t talk about the incidents publicly and I will never go out publicly and shame a company or talk about an incident that they suffered and because we want to build that trust and we want to continue to interact with them and learn about how it happened. So one is an obligation in law for the privacy commissioner and the other one is being a good corporate citizen.

David Redekop: Yes, exactly. I have a quick story. I want to relate it to you at a generalized level. I almost had to reschedule this call because a couple of days ago we assisted an organization to segment their domain controllers that were part of a fairly flat network. And the important thing was to put the domain controllers in a separate network segment altogether. And this was not unplanned like this was planned in a very detailed way to do it in a method that would cause no disruption. And no matter how much planning you do and no matter how much buyin you have from all those teams that you just described because the net decision was made that there is some risk. However, the value is that in our target state, we have a very strong security posture that will prevent X, Y, and Z type of attacks. X, Y, and Z, X, Y, and Z. You can tell I am speaking a lot to our American friends. So, I’ve almost adopted the American pronunciation. Ended up happening is the entire project went about six times longer than we wanted to. But once you go down a path, you get to a certain level where a roll back is no longer practical, right? And so it’s very interesting. But the other story that I remember from back in the 80s is remember the United States had a strong encryption export prevention in their public policy. And so as a result, you had simple Shaw, I think it was Shaw 256 that could not be exported as part of any code. And since that was Yes. And since that was part of every basic Linux distribution, it meant that you could not download a Linux distribution from the US if you were not in the US. Do you remember that?

Sami Khoury: I remember something along those lines. But I know Canada also had its export control legislation and we are part of the Vasinar agreement which limits you know for example the export of cryptography to certain countries and it started with DEZ 64-bit then it went to triple DZ and and so yeah absolutely it’s an evolution of how do we live in a in a global system but still manage it in a in a in a thoughtful way.

David Redekop: Let’s switch for a moment to evolving cyber threats where I don’t know if public policy plays as much of a role in it or maybe it does. When you started your research, it was a completely different landscape than it is today. And what are your thoughts on the fact that ransomware continues to gain momentum as we see it today? Is there any bright white light at the end of this tunnel as we fight this?

Sami Khoury: You’re right in the sense that ransomware continues to be the number one threat that Canadian organizations will face and not just Canadian but around the world but because we are Canadians I would say Canadian organization there’s a very high likelihood that they will be a victim of of ransomware as the number one threat that that we are seeing. Why is it flourishing? There is a lot of money to be made in in the ransomware ecosystem you know and the malicious actors have adapted their tactics and techniques over the years as you know it used to be that they would lock your system and ask for a ransom as we got better at having backups and told them we’re not going to pay the ransom like go away I have a backup they they they move to well I will steal information now so and I’ll lock your system so we’ve seen some cases is that double jeopardy where where they would lock your system and steal well steal the data first then lock your system and ask for a ransom and if you didn’t pay the ransom then they will threaten to leak the data and force you to pay it that way. And now we’re seeing less of locking systems up and more of stealing data out of networks because that data has value and they found a way those malicious actors have found a way to monetize that data in the dark web. So any organization that sits on a pile of data becomes eventually at risk of having that data stolen and then bartered on the dark web and consequently a ransom asked to be paid so that the data is not sold. So are we seeing a bright light at the end of the tunnel? I would hope that the more we talk about the threat, the more we talk about what organizations can do to defend themselves, we’ll have less and less incidents of ransomware. We’re not there yet. So it’s important that we don’t take our foot off the pedal as we say and continue to talk about the plight of ransomware to get organizations to continue to invest in raising their cyber resilience in encrypting the data. You can steal the data but if it’s encrypted it’s of no use to anybody. So encrypt the data and build strong defenses around your network. It’s not just a technology piece. So there’s a lot you could do in the technology but also there’s a human dimension about training about educating education and all of that to to build you know a strong cyber security posture to make a dent on cyber on the ransomware. In Canada there is no law against paying ransom. Often when I’m asked a question I say it’s a business decision. If a company wants to pay the ransom, it’s up to them to weigh the pros and cons of paying the ransom. But it’s important to recognize that in paying a ransom, you are in a way putting money back into that ecosystem. So you are fueling the development of new capability. You are dealing with a cyber criminal and there’s no telling whether or not they will hold their end of the bargain. Some cyber criminals claim that there’s honor among thieves. You know, that remains to be seen. Paying the ransom will not rewind the clock and will not get you back into the pre-inccident state. And there’s no guarantee that if it’s known that David paid the ransom that another cyber criminal will come after you to say, well, if he paid Joe, then he might pay Jim or if he paid Lock Bit, then he might pay cop or whatever. Um so those are some of the pitfalls or some of the considerations for paying the ransom. Two other thoughts I would add to that ransomware conversation working with industry with things like secure by design, secure by default to make the products more secure from the get-go. So you don’t want to buy a product and either security becomes an option that you have to pay for or buy product that the security is not well thought of and and you have to consider or you have to spend a lot of energy securing the product like ideally you want to get it out of the box put it on your network and and have it secure by default and that’s why the secure by design upstream secure by default the other thing I would mention is cse in 2019 19 received some authorities to conduct cyber operation. And those authorities give the organization the ability to figuratively speaking slap people on the wrist for misbehavior. And in our annual report, we have acknowledged that we have carried out some of these activities. We quote the number in our annual report and that we have imposed the cost on cyber criminals. We don’t go into details against whom and how but it’s a capability that CSE has put to use since getting those authorities in 2019.

David Redekop: That is really good news. I did not even realize that. So speaking of secure by design, secure by default, you and I actually met at a cyber security event in Washington DC of all places. And I remember very distinctly Dr. Amit said, “You need to speak with Sami and there’s like 30 people around you trying to get your attention.” When we finally got through the queue, you were so gracious saying, “Okay, I’m sorry, but you only have two minutes.” I’m “Okay. Let me tell you about Don’t Talk to Strangers in 2 minutes.” And I remember so clearly you made very good eye contact with me and it was very clear that you understood and that you said “That is so elegant. That is so simple why doesn’t everybody do it?” And I’ve taken some time to think about that question but I thought now I’m going to pose it back to you. Why do you think everybody doesn’t do it?

Sami Khoury: We teach our kids not to talk to strangers, but from an IT perspective, don’t talk to a stranger. Don’t go to a website that you don’t know. It’s still not ingrained in the way we live digitally, right? And you get an email with a link, this element of curiosity, you click on the link. So, defenses are often pushed a bit upstream with DNS or other capabilities. So that maybe will substitute the due diligence by blocking you from going to a malicious website. So how do we train individuals? I think it is part of what that education process I talked about earlier and a podcast like yours where we convey the sense of there is maliciousness out there. So and and it’s getting better and better or at least those malicious actors are getting better and better at blending into the goodness that’s out there. So how do we make sure that we stay on guard? We spot or we distinguish the stranger that is malicious from maybe the stranger that is good and don’t talk to the bad strangers as opposed to don’t talk to the good strangers. So when I spoke to you at the conference, you were a good stranger, but there might be some bad strangers out there that I don’t want to talk to.

David Redekop: Right. Right. Absolutely. I guess in our vernacular what we’ve been using is that once a domain is trusted and it resolves to an IP address then at that moment when the source has been verified the destination has been verified and it now resolves now that IP address is not a stranger right for a short period of time because our services are severely operating under ADHD so they forget a second 60 120 seconds later whenever the time to live expires, you know, they’re a stranger again. Anyway, so yeah, but I I like this idea as well of good strangers versus bad strangers because in real life that is that is how it is. And I’m having a fun experiment with people that are aware of the risks that have that educational component already that you describe. And my encouragement to them is please click on every single link because that way you’ll be forced to go through all of the layers of protection and if there is something that you know still ends up being leaked through then we want to know about it. We know it’s going to be less than 01%. But it nothing is 100% but our intent is to close that gap as much as possible to make it so expensive for the attacker to ever be able to do anything malicious that they just leave and go elsewhere. That at this point we feel in 2025 in October cyber security awareness month is the single philosophy that I think will work is just making it too frustrating for the attacker.

Sami Khoury: You mentioned something absolutely right David. We have a budget but so do attackers have a budget and if we keep raising the cost on them to conduct or to carry on a malicious act at some point they will run that that budget will run out or they will figure it out. They’re too hard to go elsewhere and like you I don’t care where they go as long as they don’t come to Canada. So we’ll push them, we’ll push them out of that Canadian landscape. The other thing is we’re proud to have been partnered with CIRA, the Canadian Internet Registry authority, with Canadian Shield which is a way of stopping you from talking to what I would say bad strangers. It’s a capability out there that you could install on your web browser or on your home router that in a way warns you about going to websites that we know are amongst other things malicious. So we serve maybe as a broker to help you navigate the internet and don’t talk to those that we know are bad strangers.

David Redekop: Yes, absolutely. And you should also know Sami that your this e are a um protective resolver is in our list res of resolvers that’s built in to new DNS harmony accounts along with Quad 9 and Cloudflare for families and so forth. Um these are services just so everyone knows that they don’t cost the consumer or business anything at all by just at least pointing your DNS to a place that will block known bad strangers, you know, from a DNS perspective. So it’s amazing that we have this resource but it’s still not a default with internet service providers. If we can make it default for some web browsers that you know they come configured for let’s say the Canadian some Canadian resources that would be amazing. I remember when Firefox first launched with DOH capability, they did a deal with Cloudflare for that to be a default, not the protective one, but the open DO one. A similar kind of an approach would be really valuable for those that might, you know, be in that space that would have that kind of influence.

Sami Khoury: I would agree that would be a better protection than no protection, right? Anything is better than nothing.

David Redekop: Real briefly here, if my research is correct, you received the Queen Elizabeth Diamond Jubilee Medal and the Apex Award of Excellence for Innovation. What do those rewards mean to you personally, Sami?

Sami Khoury: I don’t know. It’s a like I do what I do because I enjoy it because I have passion for the mission of CSE and and you know many of the things I’ve done over my career are unfortunately things that I can’t talk about but they have made a difference and to be able to be recognized or to get that recognition you know is a reward in a sense uh you know there’s not going to be a book there’s not going to be movie there’s not going to be you know a c a public celebration of something I was involved in that made a difference you know from an intelligence perspective. So for the first one for Queen Elizabeth that was sort of a contribution over my career on the intelligence side of the house for the innovation award I I’ve always been one to push the envelope on innovation. I’m not afraid to fail but the idea is let’s try new ideas and try them fast. so ever since you know I joined in '92 it it was you know this is cool but let’s make it cooler and and I think we we we have made significant advances in in how we tackle some of the challenges that we tackle because of that mindset of innovating and and you know miss this how we did it yesterday but let’s try to find another way so giving my teams when I was a manager or director ODG that latitude to try new things and to support them in that endeavor and if they fail it’s not about a blame game but it’s okay what have we learned and let’s move on. So those two things are a recognition from the leadership of CSE for the contribution I’ve made over the years to be a recipient of those awards.

David Redekop: And I want to say the Canadian cyber security landscape has benefited from your failures because the failures had resulted in the success. I had so much fun with one of my sons this week that was emotionally down about the failures and I said, “You know who’s a bigger failure than you? Your dad. I failed and I failed and I failed and I failed and then I got up again and it’s so key because we don’t get to the answer in an easy way. If we ever ask somebody when did you do your best learning?” They never share a white fluffy easygoing story. It is always about the failures that preceded the discovery, the absolute disappointing results that finally led to the one bright light bulb. Oh, that’s where we need to go.

Sami Khoury: You know, as a manager, you have a role to support your teams. So, and I think since joining CSE and becoming a manager, this has been sort of my motto and my way of working is I’m there to support the team and make their life easier. So, clear the hurdles and make their life easier so that they can do what they do best, which is get the job done.

David Redekop: Sami, I feel like we’re both at a place where we’re in our prime in the sense that I feel like the positive impact we can now have is only bright. And to that end, what is the one bit of hope or one bright beacon that you see or one piece of information that you’d like to leave with anybody that’s reading this transcript or listening to it or or watching this podcast?

Sami Khoury: The bright one piece of advice. I mean listen this is a very exciting space we are in and living exciting times notwithstanding the cyber security challenges that we are seeing but it truly is a team sport and we would need encourage young young folks young people to join you know it used to be that you know maybe it’s rare these days to have somebody join an organization and stay 30 years in one one place but so more and more we’re seeing young young folks join CSE and then after a few years get the itch to go to the private sector and it’s no longer seen teasingly I say you know you’re a traitor for leaving us but but it’s actually it it enriches the ecosystem the Canadian ecosystem to when when you come to CSE you get the perspective of what we do here and then you go and work for the private sector sometimes you come back sometimes you don’t but but it it truly making that partnership work is more and more we’re building that partnership it feels feels more like a team sport now. It’s no longer, you know, just one or two people. And we need all the voices out there, your voice, my voice, and many other voices to continue to promote that need to make a difference while we continue to innovate. So, Canada has been known for innovation. We’re respected worldwide. We have an amazing story to tell on cyber defense. You know, we are recognized by many of our peers as as leading the pack when it comes to cyber defense and defending the government, but how do we push that beyond just the government walls and encourage that partnership with the government? We are trying. I remember we had a chief of CSE many years ago. He said we need to think and act like the private sector recognizing that we work in the government space but we need to act and speak and move with greater agility and that’s what we’re trying to do in those partnerships. So my hope is that we will make a big difference and we will take all the help we can get because we need help. I don’t have the entire solution to Canada’s cyber security challenges. Neither does my colleague at the cyber center. But we all have to add our voices to yours and many others and continue to drive the message that you know that perseverance will pay off and we will be in a better space and a happier space.

David Redekop: Our mission at ADAMNetworks is very simple. We protect people. And so having gotten to know you and a better understanding of your role in the CSE and all of the other areas where you carry an influence has me in a place of gratitude. Thank you for what you do for making the world a better place and for allowing us to complete our or keep on working on our mission. I’m not sure we’ll ever complete it but we will keep on working. So thank you Sami for coming on today for spending time with me and I look forward to seeing you at future conference events.

Sami Khoury: Thank you David for that opportunity. It’s a great kickoff to cyber security awareness month and I very much enjoyed our time together and maybe have an encore at another magic number not 007 but we’ll find another one to live through together at some point.

David Redekop: That sounds good. And then I’ll and then maybe at that point it’ll be an order of magnitude or or not. But I have so many sevens as I was thinking about this this morning on my drive-in. Yes. So I look forward to sharing those with you as well. And yes, let’s do an encore. I agree. Bye for now.

Sami Khoury: Bye.

Outro Announcer: The defender’s log requires more than a conversation. It takes action, research, and collective wisdom. If today’s episode resonated with you, we’d love to hear your insights. Join the conversation and help us shape the future together. We’ll be back with more stories, strategies, and real-world solutions that are making a difference for everyone. In the meantime, be sure to subscribe, rate, write a review, and share it with someone you think would benefit from it, too. Thanks for listening, and we’ll see you on the next episode.

1 post - 1 participant

Read full topic

The post TDL 007 | Cyber Warriors & Digital Shadows: Insights from Canada’s Cybersecurity Leader appeared first on Security Boulevard.

Why agents break the old model and require rethinking traditional OAuth patterns.

The post OAuth for MCP – Emerging Enterprise Patterns for Agent Authorization appeared first on Security Boulevard.

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the organization’s’ YouTube channel.

Permalink

The post NDSS 2025 – Workshop on Binary Analysis Research (BAR) 2025, Session II appeared first on Security Boulevard.

We don’t lack ideas, we just lose them in translation. You’ve heard the war stories: The founder scribbles a vision on a napkin at 2...Read More

The post Is Vibe Coding viable for full-blown product development, or is this a good visualization tool for startups and Enterprises? appeared first on ISHIR | Custom Software Development Dallas Texas.

The post Is Vibe Coding viable for full-blown product development, or is this a good visualization tool for startups and Enterprises? appeared first on Security Boulevard.

Oct 17, 2025 - Jeremy Snyder - EMBEDDING API SECURITY BY DESIGN INTO DEVOPS PIPELINES

Recently, I did a presentation titled "Embedding API Security by Design into DevOps Pipelines" at DevOps institute. The video is available for review on the post-event page here (registration required).

‍

Also, the good people at Mind's Eye Creative produced a really nice graphic that helps explain the message that I was trying to convey.

Embedding API security into DevOps pipelines

Here's a tl;dr version of what I hoped to communicate in this presentation:

* Organizations are moving towards more platform-as-a-service (PaaS) offerings
* Part of the motivation for doing this is more API-oriented architecture
* But cyber attacks against APIs are actually increasing pretty rapidly, with very real impact and lots of sensitive data leaked
* The main attack vectors (authentication, probing, authorization, injection / bad requests) are things that can be easily detected and controlled at the application layer
* As such, defining the security controls around those can and should be done in your API
* Helper files and dedicated libraries can then check the validity of API requests in real-time

IMPLEMENTING REAL-TIME API SECURITY IS POSSIBLE, AND SHOULD BE EASY. THAT'S WHERE FIRETAIL HOPES TO HELP.

Please contact us if you'd like to discuss how.

The post DevOps Institute SkilUp Presentation: Embedding API Security by Design into DevOps Pipelines – FireTail Blog appeared first on Security Boulevard.

F5’s breach triggers a CISA emergency directive, as Tenable calls it “a five-alarm fire” that requires urgent action. Meanwhile, OpenAI details how attackers try to misuse ChatGPT. Plus, boards are increasing AI and cyber disclosures. And much more!

Key takeaways

1. A critical breach at cybersecurity firm F5, attributed to a nation-state, has triggered an urgent CISA directive for federal agencies to patch vulnerable systems immediately.
    
2. A new report from OpenAI reveals that threat actors try to use ChatGPT to refine conventional attacks.
    
3. As cyber attacks skyrocket, corporate boards are significantly increasing their oversight and disclosures related to both cybersecurity and AI risks.

Here are five things you need to know for the week ending October 17.

1 - Code red: CISA directs fed agencies to patch F5 vulnerabilities

When a cybersecurity company gets hacked, it's bad. When a nation-state steals some of its most sensitive data, it’s a catastrophe. 

That’s what happened this week, when F5 disclosed 40-plus vulnerabilities and announced that a nation-state attacker stole proprietary, confidential information about its technology and its security research, triggering an urgent U.S. government alert.

In response to F5’s announcement, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued Emergency Directive ED 26-01, ordering federal agencies to inventory F5 BIG-IP products, determine if they’re exposed to the public internet, and patch them.

Specifically, CISA is directing agencies to patch vulnerable F5 virtual and physical devices and downloaded software, including F5OS, BIG-IP TMOS, BIG-IQ, and BNK / CNF, by October 22, and follow the instructions in F5’s “Quarterly Security Notification.”

All organizations, not just federal civilian agencies, should prioritize mitigating the risk from F5’s breach and vulnerabilities, which can be exploited with “alarming ease” and can lead to catastrophic compromises, CISA Acting Director Madhu Gottumukkala said in a statement.

“We emphatically urge all entities to implement the actions outlined in this Emergency Directive without delay,” he said.
 

The F5 breach is “a five-alarm fire for national security,” Tenable CSO and Head of Research Robert Huber wrote in a blog, adding that F5’s technology is foundational “to secure everything,” including government agencies and critical infrastructure.

“In the hands of a hostile actor, this stolen data is a master key that could be used to launch devastating attacks, similar to the campaigns waged by Salt Typhoon and Volt Typhoon,” Huber wrote in the post “F5 BIG-IP Breach: 44 CVEs That Need Your Attention Now.”

“We haven’t seen a software supply chain compromise of this scale since SolarWinds,” he added.

To get all the details about the F5 breach and about how Tenable can help, read Huber’s blog, as well as the Tenable Research blog “Frequently Asked Questions About The August 2025 F5 Security Incident.”

For more information about the unfolding F5 situation:

• “Confirmed compromise of F5 network” (U.K. National Cyber Security Centre)
• “F5 Hit by ‘Nation-State’ Cyberattack” (TechRepublic)
• “Hackers stole source code, bug details in disastrous F5 security incident – here’s everything we know and how to protect yourself” (ITPro)
• “Nation-state hackers breached sensitive F5 systems, stole customer data” (Cybersecurity Dive)
• “Source code and vulnerability info stolen from F5 Networks” (CSO)

2 - OpenAI: Attackers abuse ChatGPT to sharpen old tricks

Creating and refining malware. Setting up malicious command-and-control hubs. Generating multi-language phishing content. Carrying out cyber scams.

Those are some of the ways in which cyber attackers and fraudsters tried to abuse ChatGPT recently, according to OpenAI’s report “Disrupting malicious uses of AI: an update.”

Yet, OpenAI, which detailed seven incidents it detected and disrupted, noticed an overarching trend: Attackers aren’t trying to use ChatGPT to cook up sci-fi-level super-attacks. They’re mostly trying to put their classic scams on steroids.

“We continue to see threat actors bolt AI onto old playbooks to move faster, not gain novel offensive capability from our models,” OpenAI wrote in the report.
 

The report identifies several key trends among threat actors:

• Using multiple AI models
• Adapting their techniques to hide AI usage
• Operating in a "gray zone" with requests that are not overtly malicious

Incidents detailed in the report include the malicious use of ChatGPT by: 

• Cyber criminals from Russian-speaking, Korean-language, and Chinese-language groups to refine malware, create phishing content, and debug tools.
• Authoritarian regimes, specifically individuals linked to the People's Republic of China (PRC), to design proposals for large-scale social media monitoring and profiling, including a system to track Uyghurs.
• Organized scam networks, likely based in Cambodia, Myanmar, and Nigeria, to scale fraud by translating messages and creating fake personas.
• State-backed influence operations from Russia and China to generate propaganda, including video scripts and social media posts.

“Our public reporting, policy enforcement, and collaboration with peers aim to raise awareness of abuse while improving protections for everyday users,” OpenAI wrote in the statement “Disrupting malicious uses of AI: October 2025.”

For more information about AI security, check out these Tenable resources:

• “2025 Cloud AI Risk Report: Helping You Build More Secure AI Models in the Cloud” (on-demand webinar)
• “Cloud & AI Security at the Breaking Point — Understanding the Complexity Challenge” (solution overview)
• “Exposure Management in the realm of AI” (on-demand webinar)
• “Expert Advice for Boosting AI Security” (blog)
• “AI Is Your New Attack Surface” (on-demand webinar)

3 - Anthropic: Poisoning giant LLMs is shockingly easy

Bigger isn’t better when it comes to the security of large language models (LLMs).

Conventional wisdom held that bigger models were harder to poison. Well, that ain’t so, according to a study by Anthropic.

The study, titled “Poisoning Attacks on LLMs Require a Near-Constant Number of Poison Samples,” found that an attacker doesn't need to control a huge percentage of an LLM’s training data. A small, fixed amount is enough to create a backdoor.

“Creating 250 malicious documents is trivial compared to creating millions, making this vulnerability far more accessible to potential attackers,” reads the Anthropic article “A small number of samples can poison LLMs of any size.” 

If anything, data-poisoning attacks against LLMs become easier as models scale up and their datasets grow. “The attack surface for injecting malicious content expands proportionally, while the adversary’s requirements remain nearly constant,” the study reads.

The study, conducted jointly with the U.K. AI Security Institute and the Alan Turing Institute, focused on a likely innocuous type of backdoor attack: Tampering with the LLM so that it generates gibberish text when a user inputs a specific phrase.

The researchers inserted the trigger phrase <SUDO> into a small number of training documents. They found that while 100 poisoned documents were insufficient, 250 or more were enough to reliably create a backdoor across all tested model sizes, which ranged from 600 million to 13 billion parameters.
 

(Source: Anthropic article “A small number of samples can poison LLMs of any size,” October 2025.)

It is unclear if the study’s findings will hold for more complex behaviors, such as bypassing safety guardrails or generating malicious code.

“Nevertheless, we’re sharing these findings to show that data-poisoning attacks might be more practical than believed, and to encourage further research on data poisoning and potential defenses against it,” the article reads.

While the study didn’t focus on ways to defend LLMs against this type of attack, it does offer some mitigation recommendations, pointing to “clean training” practices as a way to remove backdoors in some settings.

“Defences can be designed at different stages of the training pipeline such as data filtering before training and backdoor detection and elicitation once the model has been trained to detect undesired behaviours,” the study reads. 

For more information about protecting AI systems against cyber attacks:

• “Understanding the risks - and benefits - of using AI tools” (U.K. NCSC)
• “Hacking AI? Here are 4 common attacks on AI” (ZDNet)
• “Best Practices for Deploying Secure and Resilient AI Systems” (Australian Cyber Security Centre)
• “Adversarial attacks on AI models are rising: what should you do now?” (VentureBeat)
• “OWASP AI Security and Privacy Guide” (OWASP)
• “How to manage generative AI security risks in the enterprise” (TechTarget)

4 - Report: AI and cyber risks hit the boardroom

In a sign of the growing impact of AI and cybersecurity for enterprises, Fortune 100 boards of directors have boosted the number and the substance of their AI and cybersecurity oversight disclosures.

That’s the conclusion EY arrived at after analyzing proxy statements and 10-K filings submitted to the U.S. Securities and Exchange Commission (SEC) by 80 of the Fortune 100 companies in recent years.

“Companies are putting the spotlight on their technology governance, signaling an increasing emphasis on cyber and AI oversight to stakeholders,” reads the EY report “Cyber and AI oversight disclosures: what companies shared in 2025.”
 

What’s driving this trend? Cyber threats are becoming more sophisticated by the minute, while the use of generative AI — both by security teams and by attackers — is growing exponentially.

Key findings from the report about AI oversight include:

• Nearly half (48%) of the analyzed companies now specifically mention AI risk in their board's enterprise risk oversight, a threefold increase from 2024.
• AI expertise on boards has also grown, with 44% of companies now mentioning AI in their description of director qualifications, up from 26% last year.
• 40% of companies have formally assigned AI oversight to a board committee, most commonly the audit committee.
• The number of companies disclosing AI as a standalone risk factor has more than doubled, from 14% to 36%.

Meanwhile, cybersecurity oversight practices have also matured:

• The vast majority of companies (78%) continue to assign this responsibility to the audit committee.
• There is a clear trend towards aligning with external cybersecurity frameworks, with 73% of companies now doing so, up from 57% in 2024 and from a mere 4% in 2019.
• Cybersecurity preparedness is also being taken more seriously, with 58% of companies now conducting simulations and tabletop exercises, compared to only 3% in 2019.
• The demand for directors with cybersecurity expertise remains high, with 86% of companies highlighting it as a skill that either a director has or that the board seeks.

“Board oversight of these areas is critical to identifying and mitigating risks that may pose a significant threat to the company,” the report reads.

For more information about cybersecurity and AI in the boardroom and the C-suite:

• “Governance of AI: A critical imperative for today’s boards” (Deloitte)
• “AI Governance In The Boardroom: Strategies For Effective Oversight And Implementation” (Forbes)
• “The Hidden C-Suite Risk Of AI Failures” (Harvard Law School)
• “How Board-Level AI Governance Is Changing” (Forbes)
• “Competitive advantage through cybersecurity: A board-level perspective” (McKinsey)
• “How AI Impacts Board Readiness for Oversight of Cybersecurity and AI Risks” (National Association of Corporate Directors)

5 - NCSC: Severe cyber attacks hitting U.K. at “alarming pace”

Cyber attacks with national reverberations have shot up to four per week in the U.K., a stat that’s a wake-up call not only for all British cyber defenders but also for all business leaders.

That’s according to the U.K. National Cyber Security Centre’s (NCSC) 2025 annual review, titled “It’s time to act: Open your eyes to the imminent risk to your economic security” and covering the 12-month period ending in September 2025.

“Cyber risk is no longer just an IT issue — it’s a boardroom priority,” reads the report.

These “nationally significant” cyber incidents more than doubled, climbing to 204 from 89 in the previous 12 months.
 

The severity of the attacks is also on the upswing. The report reveals a nearly 50% increase in "highly significant" incidents, which are those with the potential to severely impact the central government, essential services, many people, or the economy.

“Cyber security is now a matter of business survival and national resilience,” Richard Horne, Chief Executive of the NCSC, said in a statement.

“Our collective exposure to serious impacts is growing at an alarming pace,” he added.

The NCSC attributes many of these attacks to sophisticated advanced persistent threat (APT) actors, including nation-states and highly capable criminal organizations. It identifies the primary state-level threats as China, Russia, Iran, and North Korea. 

In response to this escalating threat, the NCSC is urging British businesses to prioritize their cybersecurity measures, saying that cybersecurity “is now critical to business longevity and success.”

To aid in this effort, the NCSC has launched a new "Cyber Action Toolkit" aimed at helping small organizations implement foundational security controls. 

It is also promoting the "Cyber Essentials" certification, which indicates an organization has security in place against most common cyber threats and opens up the opportunity to obtain free cyber insurance.

The post Cybersecurity Snapshot: F5 Breach Prompts Urgent U.S. Gov’t Warning, as OpenAI Details Disrupted ChatGPT Abuses appeared first on Security Boulevard.

Explore the differences between Secure by Design and Secure by Default in Enterprise SSO & CIAM. Learn how each approach impacts security, usability, and development.

The post Differences Between Secure by Design and Secure by Default appeared first on Security Boulevard.

Have you ever come across a headline like “Could the Golden Gate collapse?” or “The surprising news released by Real Madrid”? These sensationalized headlines are crafted to immediately grab attention and compel clicks. While they may seem harmless, they often lead to clickbait scams—a deceptive form of phishing that exploits human psychology to steal personal […]

The post Clickbait Scams: The Misleading Method of Phishing first appeared on StrongBox IT.

The post Clickbait Scams: The Misleading Method of Phishing appeared first on Security Boulevard.

Explore the top passwordless authentication methods and solutions. Compare features, security, and ease of implementation to find the best fit for your software development needs.

The post Evaluating the Best Passwordless Authentication Options appeared first on Security Boulevard.

Discover how attack surface management goes beyond vulnerability management and why MSSPs need DSPM to protect data, not just patch flaws.

The post Attack Surface Management vs. Vulnerability Management — What’s Changed appeared first on Security Boulevard.

Tired of Azure B2C complexity? Read how real founders switched to faster, simpler identity APIs like MojoAuth and finally slept better

The post Azure B2C Alternative for Startups appeared first on Security Boulevard.

Overview Recently, NSFOCUS CERT detected that Samba released a security update to fix the Samba WINS command injection vulnerability (CVE-2025-10230); Since WINS when Samba is used as an AD domain controller does not strictly verify the wins hook script command when processing registration messages, unauthenticated attackers can construct a special host name to inject commands […]

The post Samba WINS Command Injection Vulnerability (CVE-2025-10230) Notice appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..

The post Samba WINS Command Injection Vulnerability (CVE-2025-10230) Notice appeared first on Security Boulevard.

The post How Votiro Turns Threat Prevention Into Intelligence appeared first on Votiro.

The post How Votiro Turns Threat Prevention Into Intelligence appeared first on Security Boulevard.

Key Takeaways For many organizations, compliance audits are still synonymous with spreadsheets, evidence gathering, and last-minute scrambles. Teams spend weeks tracking down screenshots, reports, and ticket records to prove that their controls are working as intended.  That’s beginning to change. AI-powered compliance audits are shifting the model from periodic, manual checks to continuous, intelligence-driven assurance. […]

The post AI-Powered Compliance Audits: Boosting Cybersecurity & Efficiency appeared first on Centraleyes.

The post AI-Powered Compliance Audits: Boosting Cybersecurity & Efficiency appeared first on Security Boulevard.

Vaguely magical and quadranty thing (Gemini)

It’s not every day you get to reflect on a journey that started as an odd “googley” startup and culminates in a shiny Leaders placement on a Gartner Magic Quadrant for SIEM 2025 (MQ).

When I joined Chronicle in the summer of 2019 — a name now rolled into the broader Google SecOps product (with SOAR by Siemplify and threat intel by Mandiant) — it was very much a startup. Yes, we were part of Alphabet, but the spirit, the frantic energy, the drive — it was a startup to its core.

And here’s the kicker (and a side rant!): I’m fundamentally allergic to large companies. Those who know me have heard me utter this countless times. So, in a matter of weeks after joining a small company, I found myself working for a very large one indeed.

To me, that pivot, that blending of startup momentum and big company scale, is, in many ways, the secret sauce behind our success today. It turns out, you need both the wild ambition of a young vendor and the solid foundation of a massive enterprise to truly move the needle (and the dots on the MQ … but these usually reflect customer realities).

The MQ and the Price of Poker

Now, as a reformed analyst who spent eight years in the Gartner trenches, I’ll clear up a misconception right away: the Magic Quadrant placement has precisely zero to do with how much a vendor pays Gartner. Trust me, there are vendors in highly visible SIEM MQ positions who’ve probably never sent Gartner a dime over the years.

Conversely, there are large organizations that have paid a fortune and have been completely excluded from the report. The MQ placement reflects customer traction and market reality (usually — there are sad yet very rare exceptions to this, and I will NOT talk about them; there is not enough whiskey in the world to make me). MQ placement is a measure of genuine success, not a destination achieved by writing a big check.

The Evolution of SIEM: Where Did the Brothers Go?

Reflecting on the last few years in SIEM (not 20 years!) and looking at the current MQ, a few things that were once controversial are now conventional wisdom:

1. SIEM must be SaaS and Cloud-Native. I’m old enough to remember when the idea of trusting your security data to the cloud was an existential debate. Today, with the relentless attack surface expansion, perhaps more people are realizing that the biggest risk is actually running a vulnerable, constantly-compromised on-prem SIEM stack. Data gravity shifted.
2. SIEM and SOAR are fully merged. They are, in essence, two inseparable brothers forming the core of modern SIEM — detection and response. SIEM is really SIEM/SOAR in 2025. Standalone SOAR vendors do exist and some “AI SOC” vendors are really “SOAR 3.0”, but these are — IMHO — outliers compared to the mainstream SIEM.
3. The UEBA brother got absorbed, but … Remember the mid-2010s, when User and Entity Behavior Analytics (UEBA) was the new shiny toy, all driven by cool machine learning? While it was an equal brother to SOAR for a moment, it has now largely been absorbed into the detection stack of the main SIEM product. Machine learning’s importance for basic threat detection has subtly decreased (odd…isn’t it?). UEBA has become a single, albeit important, feature within the engine, not a standalone platform.
4. Some XDR vendors graduated to real SIEM. EDR-centric SIEM vendors (XDR, if you have to go there), have landed. IMHO, these guys will do some heavy damage in the market in the next 1–2 years.

The Most Powerful Force in the Universe: IT Inertia

When I left Gartner, I famously outlined one key lesson from my analyst time: IT inertia is the most powerful force in the universe.

When you look at the MQ, you might see what looks like “same old, same old,” with certain large, established vendors still floating around. This is NOT about who pays, really! You might not believe it, but this placement absolutely reflects enterprise reality. Large vendors don’t die immediately.

Case in point: it took one particularly prominent legacy SIEM vendor (OK, I will name this one as it is finally dead for real, ArcSight) almost ten years to truly disappear from the minds of practitioners. Most companies were abandoning that technology around 2017–2018), but the vendor only truly died off in the market narrative in 2025. The installed base hangs on, dragging the demise out over a decade.

AI, Agents, and the Missing Tsunami

Finally, a quick note on the current darling: Generative AI and AI Agents.

While some vendors (and observers) expected a massive, dramatic impact from Generative AI on this year’s MQ, it simply hasn’t materialized — yet. As other Gartner papers will tell you, AI does not drive SIEM purchasing behavior today.

Why? Gartner’s assessment is based on customer reports. Vendors can yell all they want about how AI is dramatically impacting their customers, but until those customers report observable, dramatic improvements and efficiencies to Gartner, the impact is considered non-existent in the MQ reality.

The AI tsunami is coming, but for now, the market is still focused on the fundamentals: cloud-native scale, effective detection, and fast/good (AND, not OR) response. Getting those right is what puts you in the Leaders Quadrant. The rest is just noise…

Other SIEM MQ 2025 comments can be found here (more to be added as they surface…)

P.S. The “reformed” analyst reference comes from Tim and our Cloud Security Podcast by Google

SIEM, Startups, and the Myth (Reality?) of IT Inertia: A Reformed Analyst Reflects on SIEM MQ 2025 was originally published in Anton on Security on Medium, where people are continuing the conversation by highlighting and responding to this story.

The post SIEM, Startups, and the Myth (Reality?) of IT Inertia: A Reformed Analyst Reflects on SIEM MQ 2025 appeared first on Security Boulevard.

How Do Non-Human Identities Impact Your Organization’s Cybersecurity Strategy? If you’ve ever pondered the complexities of managing machine identities, you’re not alone. Where the digital infrastructure of businesses becomes increasingly reliant on cloud-based services, the challenges associated with protecting these machine identities—also known as Non-Human Identities (NHIs)—grow exponentially. The repercussions of neglecting this crucial component […]

The post Satisfying Regulatory Requirements with PAM appeared first on Entro.

The post Satisfying Regulatory Requirements with PAM appeared first on Security Boulevard.

Are Your Machine Identities Truly Secure? The notion of securing Non-Human Identities (NHIs) often takes center stage. Where machine identities become more prevalent across industries, managing these identities and their related secrets has never been more critical. From financial services to healthcare, the effective management of NHIs helps bridge security gaps and fosters an environment […]

The post Foster Innovation with Strong NHI Security Measures appeared first on Entro.

The post Foster Innovation with Strong NHI Security Measures appeared first on Security Boulevard.

What Are Non-Human Identities (NHIs) and Why Are They Crucial for Modern Cybersecurity? Have you ever wondered how machine identities are managed in cybersecurity, especially in cloud environments? Non-Human Identities (NHIs) are an integral part. These are the machine identities formed by pairing a “Secret”—like an encrypted password, token, or key—with permissions granted by a […]

The post Choosing the Best NHIs Options for Your Needs appeared first on Entro.

The post Choosing the Best NHIs Options for Your Needs appeared first on Security Boulevard.