Shows
Ivanti OriginalsRisk-Based Patch PrioritizationPatch management is fundamental to effective cybersecurity. So why are most organizations still struggling with patch prioritization and implementation? Ivanti’s research — a global study of more than 2,400 executive leaders and cybersecurity professionals — explores how risk-based patch prioritization elevates patching to a proactive, high-performing security strategy. Listen to “Risk-Based Patch Prioritization” to get all our original research on the advantages of a risk-based approach to patch prioritization and patch management, and learn directly from Ivanti’s cybersecurity efforts the steps you need to take to implement this strategy. Get more resources To read the...2025-07-1514 min
Security Insights - Cybersecurity for Real-World WorkplacesThe 5 Paradigm Shifts of Exposure ManagementExposure management is fundamentally changing the way we view cybersecurity. Ivanti's Chris Goettl and Robert Waters introduce five paradigm shifts brought on by this emerging technology and how your organization's security strategy might shift as a result. For more, check out our Exposure Management Strategy Guide: (https://ivanti.com/resources/exposure-management-strategy-guide)Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)2025-06-2734 minIvanti OriginalsExposure Management: From Subjective to Objective CybersecurityTitle Exposure Management: From Subjective to Objective Cybersecurity Show notes Ivanti’s research — a global study of more than 2,400 executive leaders and cybersecurity professionals — delves into how exposure management offers cybersecurity and executive leaders a more informed and intelligent approach to risk but misaligned priorities and data accessibility barriers impede cybersecurity efforts. Ivanti's global research shows how to balance your risk appetite and business objectives.Listen to “Exposure Management: From Subjective to Objective Cybersecurity” to discover how to exposure management reframes how cybersecurity and business leaders understand risk and give...2025-06-0314 minSecurity Insights - Cybersecurity for Real-World WorkplacesThe Evolution of Patch Management with Eric SchultzeJoin us for a stroll down patch memory lane! Ivanti's Chris Goettl invites an old colleague to the show -- Eric Schultze, a former software development leader at Amazon, Microsoft, and Shavlik Technologies -- to look back on the early days of Patch Tuesday and how patch management has evolved over the decades since. Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)2025-05-3124 min
SANS Internet Storm Center's Daily Network Security News PodcastSANS Stormcast Thursday, May 15th: Google Open Redirects; Adobe, Ivanti, and Samsung patches (#)SANS Stormcast Thursday, May 15th: Google Open Redirects; Adobe, Ivanti, and Samsung patches Another day, another phishing campaign abusing google.com open redirects Google’s links from it’s maps page to hotel listings do suffer from an open redirect vulnerability that is actively exploited to direct users to phishing pages. https://isc.sans.edu/diary/Another%20day%2C%20another%20phishing%20campaign%20abusing%20google.com%20open%20redirects/31950 Adobe Patches Adobe patched 12 different applications. Of particular interest is the update to ColdFusion, which fixes several arbitrary code execution and arbitrary file read problems. https://helpx.adobe.com/security/security-bulletin.html Samsung Patc...2025-05-1506 minSANS Internet Storm Center's Daily Network Security News PodcastSANS Stormcast Wednesday, May 14th: Microsoft Patch Tuesday; 0-Days patched for Ivanti Endpoint Manager and Fortinet Products (#)SANS Stormcast Wednesday, May 14th: Microsoft Patch Tuesday; 0-Days patched for Ivanti Endpoint Manager and Fortinet Products Microsoft Patch Tuesday Microsoft patched 70-78 vulnerabilities (depending on how you count them). Five of these vulnerabilities are already being exploited. In particular, a remote code execution vulnerability in the scripting engine should be taken seriously. It requires the Microsoft Edge browser to run in Internet Explorer mode. https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%3A%20May%202025/31946 Security Advisory Ivanti Endpoint Manager Mobile (EPMM) May 2025 (CVE-2025-4427 and CVE-2025-4428) Ivanti patched an authentication bypass vulnerability and a remote code execution vulnerability...2025-05-1306 minIvanti Originals2025 Technology at Work Report: Reshaping Flexible WorkIvanti’s research — a global study of more than 7,000 global office workers and IT professionals examined how employer and employee expectations are reshaping the meaning of flexible work in an era where many employees are experiencing pressure to return to working in the office. We’re at an impasse around the best way to work: Company leaders hope to improve productivity by bringing employees back to the office, yet 82% of office workers say that working outside the office is at least as productive as, if not more productive than working in the office. But is there a better a...2025-05-0620 min
The Defender's Advantage PodcastUNC5221 and The Targeting of Ivanti Connect Secure VPNsMatt Lin (Senior Incident Response Consultant, Mandiant) and Daniel Spicer (Chief Security Officer, Ivanti) dive into the research and response of UNC5221's campaigns against Ivanti. They cover how this threat actor has evolved from earlier campaigns, the continued focus of edge infrastructure by APT actors, and the shared responsibility of security in mitigating threats like this. https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-exploiting-critical-ivanti-vulnerabilityhttps://cloud.google.com/blog/topics/threat-intelligence/ivanti-connect-secure-vpn-zero-dayhttps://www.ivanti.com/blog/an-update-on-ivantis-ongoing-commitment-to-enhanced-product-securityhttps://www.ivanti.com/resources/secure-by-design/2024https://cloud.google.com/b...2025-05-0527 minSecurity Insights - Cybersecurity for Real-World WorkplacesPart 2: Solving the Top 10 Problems with Vulnerability ManagementOnce again, we're back with all the answers. Traditional vulnerability management comes with many pitfalls, and we're counting down the solutions to all the problems you might be running into. Ivanti's Chris Goettl and Robert Waters break down the back five on our list: a periodic approach to remediation, poor prioritization, lack of business context, overreliance on patch management, and poor metrics and reporting.Be sure to subscribe to our feed so you never miss an insight from the team.Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)2025-04-2538 minSANS Internet Storm Center's Daily Network Security News PodcastSANS Stormcast Friday, Apr 4th: URL Frequency Analysis; Ivanti Flaw Exploited; WinRAR MotW Vuln; Tax filing scams; Oracle Breach Update (#)SANS Stormcast Friday, Apr 4th: URL Frequency Analysis; Ivanti Flaw Exploited; WinRAR MotW Vuln; Tax filing scams; Oracle Breach Update Exploring Statistical Measures to Predict URLs as Legitimate or Intrusive Using frequency analysis, and training the model with honeypot data as well as log data from legitimate websites allows for a fairly simple and reliable triage of web server logs to identify possible malicious activity. https://isc.sans.edu/diary/Exploring%20Statistical%20Measures%20to%20Predict%20URLs%20as%20Legitimate%20or%20Intrusive%20%5BGuest%20Diary%5D/31822 Critical Unexploitable Ivanti Vulnerability Exploited CVE-2025-22457 In February, Ivanti patched CVE-2025-22457. At the time, the...2025-04-0406 minSecurity Insights - Cybersecurity for Real-World WorkplacesPart 1: Solving the Top 10 Problems with Vulnerability ManagementWe promised we'd come back with the solutions to all your vulnerability management problems, so here we are. Plus, we're counting down in unranked order *and* starting from #10 on our list, just to keep you on your toes. Ivanti's Chris Goettl and Robert Waters will go through how you can address resource constraints, siloed tools and data, limited attack surface visibility, inaccurate view of exposures and data overload.And stay tuned for the rest of the list next time! Subscribe to our feed so you don't miss it.Join the conversation online on LinkedIn (2025-03-2532 minIvanti Originals2025 State of Cybersecurity Report: Paradigm ShiftIvanti’s research — a global study of over 2,400 security and IT professionals and executive leaders —examines how organizations can embrace a more effective and evolved approach to managing cybersecurity risk by embracing exposure management. Despite 89% of boards calling security a priority, the research reveals gaps in organizations' ability defend against high-risk threats. As attack surfaces continue to expand and cyber attacks grow more complex and sophisticated, businesses need a more comprehensive, strategic approach to vulnerability management. How can cybersecurity teams combat critical concerns like tech debt to data silos? Learn how shifting your cybersecurity mindset to expos...2025-03-1825 minSecurity Insights - Cybersecurity for Real-World WorkplacesThe Top 10 Problems with Vulnerability ManagementVulnerability management is not for the faint of heart. The pitfalls are many, and odds are you probably have at least one of these issues. Ivanti's Chris Goettl and Robert Waters run down the list of what can get in the way of vulnerability management done well -- from attack surface visibility to data overload and resource constraints -- all with an eye on how those problems can be addressed. (Which we'll have more on next time. We promise.) Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)2025-03-0634 min
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)SANS Stormcast Feb 13th 2025: Smart City Threats; Advanced Social Engineering Attacks; Wazuh Vulnerability; PAM Vulnerability; Ivanti Patches
An Ontology for Threats: Cybercrime and Digital Forensic Investigation on Smart City Infrastructure
Smart cities is a big topic for many local governments. With building these complex systems, attacks will follow.
https://isc.sans.edu/diary/An%20ontology%20for%20threats%2C%20cybercrime%20and%20digital%20forensic%20investigation%20on%20Smart%20City%20Infrastructure/31676
North Korean state actor tricking admins into executing PowerShell
North Korean state actors are spending quite a bit of effort setting up relationships with South Korean system administrators, culminating in them getting tricked into executing malicious PowerShell scripts.
https://x.com/MsftSecIntel/status/1889407814604296490
...2025-02-1305 min
SANS Stormcast: Daily Cyber Security NewsSANS Stormcast Feb 13th 2025: Smart City Threats; Advanced Social Engineering Attacks; Wazuh Vulnerability; PAM Vulnerability; Ivanti Patche An Ontology for Threats: Cybercrime and Digital Forensic Investigation on Smart City Infrastructure Smart cities is a big topic for many local governments. With building these complex systems, attacks will follow. https://isc.sans.edu/diary/An%20ontology%20for%20threats%2C%20cybercrime%20and%20digital%20forensic%20investigation%20on%20Smart%20City%20Infrastructure/31676 North Korean state actor tricking admins into executing PowerShell North Korean state actors are spending quite a bit of effort setting up relationships with South Korean system administrators, culminating in them getting tricked into executing malicious PowerShell scripts.https://x.com/MsftSecIntel/status/1889407814604296490...2025-02-1305 min
SANS Internet Storm Center's Daily Network Security News PodcastSANS Stormcast Feb 13th 2025: Smart City Threats; Advanced Social Engineering Attacks; Wazuh Vulnerability; PAM Vulnerability; Ivanti Patches (#)SANS Stormcast Feb 13th 2025: Smart City Threats; Advanced Social Engineering Attacks; Wazuh Vulnerability; PAM Vulnerability; Ivanti Patches An Ontology for Threats: Cybercrime and Digital Forensic Investigation on Smart City Infrastructure Smart cities is a big topic for many local governments. With building these complex systems, attacks will follow. https://isc.sans.edu/diary/An%20ontology%20for%20threats%2C%20cybercrime%20and%20digital%20forensic%20investigation%20on%20Smart%20City%20Infrastructure/31676 North Korean state actor tricking admins into executing PowerShell North Korean state actors are spending quite a bit of effort setting up relationships with South Korean system administrators, culminating in them getting tricked...2025-02-1305 minSecurity Insights - Cybersecurity for Real-World WorkplacesThe Four Big Questions of CybersecurityIvanti's Chris Goettl and Robert Waters take on four big questions facing cybersecurity today, namely: Who gets the upper hand from AI, cyber adversaries or the legitimate organizations looking to stop them? What's going to win out, Everywhere Work or RTO? Exposure Management: sea change, or passing fad?And what's the bigger security risk, IoT devices or third-party vendors?Listen in for those questions and, if you're listening closely, a few answers too.Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)2025-01-2735 minIvanti OriginalsEmployee Experience: The Missing Ingredient in Digital TransformationIvanti’s latest research report surveyed over 15,500 executives, security and IT professionals and office workers to reveal how undervaluing employee experience can hinder digital transformation efforts. Successful digital transformation requires a positive end-user experience, but most organizations still don’t prioritize digital employee experience (DEX) as a critical variable. Research finds that despite decades of investment in digital transformation, executive leaders and office workers are overwhelmed by their workplace tech tools. How can CIOs approach tech advancement in a way that combats complexity and prioritizes the end user experience? Listen to hear the full re...2025-01-2113 min
SANS Internet Storm Center's Daily Network Security News PodcastSANS ISC Stormcast, Jan 17, 2025: Analyzing Complex Datasets, Citrix Update Issues, Ivanti's Security Advisory, and the Future of Passkeys (@sans_edu) (#)SANS ISC Stormcast, Jan 17, 2025: Analyzing Complex Datasets, Citrix Update Issues, Ivanti's Security Advisory, and the Future of Passkeys (@sans_edu) In this episode, we explore the efficient storage of honeypot logs in databases, issues with Citrix's Session Recording Agent and Windows Update. Ivanti is having another interesting security event and our SANS.edu graduate student Rich Green talks about his research on Passkeys. Extracting Practical Observations from Impractical Datasets: A SANS Internet Storm Center diary entry discusses strategies for analyzing complex datasets to derive actionable insights. https://isc.sans.edu/diary/Extracting%20Practical%20Observations%20from%20Impractical%20Datasets/31582 Citrix Session Recording...2025-01-1712 minSANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)SANS ISC Stormcast, Jan 9, 2025: Critical Vulnerabilities in Ivanti, Aviatrix, and Hijacked Backdoors in Compromised SystemsIn this episode, we discuss critical vulnerabilities in Ivanti Connect Secure and Policy Secure, command injection risks in Aviatrix Network Controllers, and the risks posed by hijacked abandoned backdoors.
Episode Links and Topics:
More Governments Backdoors in Your Backdoors
https://labs.watchtowr.com/more-governments-backdoors-in-your-backdoors/
Researchers reveal how expired domains linked to abandoned backdoors can be hijacked, exposing systems to further compromise.
Security Update: Ivanti Connect Secure, Policy Secure, and Neurons for ZTA Gateways
https://www.ivanti.com/blog/security-update-ivanti-connect-secure-policy-secure-and-neurons-for-zta-gateways
Ivanti addresses critical vulnerabilities (CVE-2025-0282, CVE-2025-0283) in their secure gateway products, with...2025-01-0906 minSecurity Insights - Cybersecurity for Real-World WorkplacesProactive Protection with Exposure ManagementIvanti's Robert Waters welcomes Grand Bank CTO Robert Hanson for a wide-ranging conversation on the emerging field of exposure management and how you can proactively safeguard your organization, because every organization faces risk. What separates the vulnerable from the well-protected isn’t whether you have exposure — it’s how you manage it. Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)2025-01-0236 minIvanti OriginalsGen AI and Cybersecurity: Risk and RewardIvanti’s latest research report surveyed over 14,500 executives, security and IT professionals and office workers to understand how organizations are managing the double-edged sword of gen AI in cybersecurity — and the processes, technology and talent needed to fortify defenses. Cybersecurity teams are optimistic about gen AI’s ability to improve workflows and enhance threat detection and response, but AI is also a powerful weapon in the hands of threat actors. As Gen AI makes social engineering threats like phishing more dangerous and sophisticated, cybersecurity AI education and training needs to continuously evolve. How can organizations leverage...2024-12-0312 minSecurity Insights - Cybersecurity for Real-World WorkplacesThe Ghosts of Exposure Management Past, Present, and FutureJoin Ivanti's Chris Goettl and Robert Waters as they take a Christmas-Carol-themed trip through the emerging field of exposure management, taking a close (and possibly ghostly) look at the past, present, and future of the field. To learn more about Ivanti's exposure management offerings, visit: https://ivanti.com/exposure-managementJoin the conversation online on LinkedIn (linkedin.com/company/Ivanti)2024-12-0230 minIvanti OriginalsElevating the IT Service Management ExperienceIvanti’s latest research — a study of over 15,500 unique executive leaders, IT professionals, security professionals and office workers around the globe — finds that inefficient workflows and insufficient data make it difficult to deliver high-quality IT service experiences. Help desks are struggling under massive workloads and not prioritizing end-user experience. The research shows a surprisingly low number of service desks are tracking end-user experience metrics. Moreover, companies lack an integrated IT tech stack to oversee and optimize service desk performance, and many organizations don’t offer the self-service tools and capabilities employees want to solve their own tech issues. ...2024-11-1412 minSecurity Insights - Cybersecurity for Real-World WorkplacesTop 5 Tips for Cybersecurity AwarenessIvanti's Chris Goettl (VP of Product, Patch Management) welcomes back Robert Waters (Lead PMM, Exposure Management) for a special episode for Cybersecurity Awareness Month, sourcing five tips from a range of Ivanti employees on how your organization and its users can stay secure. Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)2024-10-3026 minIvanti OriginalsSecuring the Digital Employee ExperienceIvanti’s latest research report surveyed over 20,000 unique executive leaders, IT professionals, security professionals and office workers around the globe to understand how organizations can strike a better balance between security and digital employee experience. Our research revealed that cybersecurity teams often don’t take user experience (UX) into account when designing security policies and protocols — leading to employee frustrations and frequent unsafe workarounds. These risks are further exacerbated by factors like the rise of unsanctioned AI use at work and a lack of prioritizing security when it comes to remote and hybrid workers. How can CISO...2024-10-0113 minSecurity Insights - Cybersecurity for Real-World WorkplacesVulnerability Intelligence with Securin CEO Ram MovvaSecurin CEO Ram Movva joins the show to talk all things vulnerability intelligence: how to prioritize according to risk, how to manage your external attack surface and emerging trends in ransomware and security. Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)2024-09-2722 min
Cyber Morning Call627 - Ataques exploram nova falha no Ivanti CSA[Referências do Episódio]
[TREND MICRO NO FORRESTER] - https://www.trendmicro.com/explore/forrester-wave-xdr/01054-v1-en-www
Security Advisory Ivanti Cloud Service Appliance (CSA) (CVE-2024-8190) - https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190?language=en_US
Attacking PowerShell CLIXML Deserialization - https://www.truesec.com/hub/blog/attacking-powershell-clixml-deserialization
Gomorrah Stealer v5.1: An In-Depth Analysis of a .NET-Based Malware - https://www.cyfirma.com/research/gomorrah-stealer-v5-1-an-in-depth-analysis-of-a-net-based-malware/
CUCKOO SPEAR Part 1: Analyzing NOOPDOOR from an IR Perspective - https://www.cybereason.com/blog/cuckoo-spear-analyzing-noopdoor
Stealthy Filele...2024-09-1606 minIvanti OriginalsThe 2024 Digital Employee Experience Report: A CIO Call to ActionIvanti’s latest research — a survey of over 7,800 IT professionals, executives and end users around the world — finds that supporting positive digital employee experience (DEX) can drive productivity, satisfaction, cost efficiency and much more. However, IT and business leaders must overcome barriers to deliver truly frictionless digital experiences to their employees. Ivanti’s research underlines the need for IT leaders to take the lead on prioritizing digital employee experience, and how better DEX management can reduce IT burnout, transform workflows and elevate CIOs to a more strategic role in their organizations. How can organizations deliver seamless d...2024-09-1022 minSecurity Insights - Cybersecurity for Real-World WorkplacesAvoiding the Costs of a CyberattackIvanti's Chris Goettl (VP of Product, Patch Management) welcomes back Robert Waters (Lead PMM, Exposure Management) to cover the dreaded costs of a cyberattack, and how organizations can work to proactively avoid them by addressing three strategic imperatives: attack surface, vulnerability prioritization, and data silos.Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)2024-08-3025 minIvanti OriginalsDemocratizing IT DataIvanti’s latest research report surveyed over 3,000 executive leaders, security professionals and IT professionals to reveal the risks and consequences of inaccessible data and provide best practices for effective data management. Organizations are drowning in inaccessible, incomplete data. Without standardization and effective data management, IT leaders can’t unlock valuable insights and efficiencies. Listen to learn more about why IT urgently needs to elevate their data to a strategic asset. Get more resources To read the report and access additional media, including presentation-ready slides and downloadable charts and graphs, visit iv...2024-08-1317 minSecurity Insights - Cybersecurity for Real-World WorkplacesCyber Defense 202: Exploit VulnerabilitiesIvanti's Robert Waters (Lead PMM, Exposure Management) is back with Chris Goettl (VP of Product, Patch Management) for the last of our three episodes covering Verizon's 2024 Data Breach Investigations Report, covering the third-most popular attack vector in breaches today: exploit vulnerabilities. And while they may be #3 in prevalence, they're #1 in Chris and Robert's hearts.To view Verizon's report, head to: https://www.verizon.com/business/resources/reports/dbir/Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)2024-07-2631 minIvanti OriginalsAligning Perspectives: Cyber Risk Management in the C-SuiteIvanti’s latest research report surveyed over 3,000 executive leaders, IT and cybersecurity and found that today’s organizational leaders and CISOs are often misaligned when it comes to prioritizing cyber risks — and this can result in critical financial, operational and reputational damage. Cybersecurity is now a board-level issue, yet our latest research finds that organizational leaders appear to be overconfident in their understanding of key security concepts, and 2 in 3 organizations surveyed are not investing in critical areas like external attack surface management, and breach and attack simulations. How can CISOs and non-IT leadership better align on cyberse...2024-07-1613 minIvanti OriginalsAttack Surface ManagementAs attack surfaces expand rapidly, so does cybersecurity risk from undetected and unmanaged assets and devices. Ivanti surveyed 7,300 IT and security professionals to understand the scale of the problem and provide strategies for comprehensive attack surface management. Ivanti's latest research report demonstrates how effective attack surface management (ASM) combines people, processes and technologies that empower teams to continuously discover and manage their internal and external assets. Get more resources To read the report and access additional media, including presentation-ready slides and downloadable charts and graphs, visit ivanti.com/asm-r...2024-06-2614 minSecurity Insights - Cybersecurity for Real-World WorkplacesCyber Defense 101: Phishing + Credential AttacksIvanti's Chris Goettl (VP of Product, Patch Management) welcomes back Robert Waters (Lead PMM, Exposure Management) for a follow-up on Verizon's 2024 Data Breach Investigations Report, discussing the two main attack vectors used in most breaches -- phishing and credential attacks -- and how your organization should go about defending itself. To view Verizon's report, head to: https://www.verizon.com/business/resources/reports/dbir/Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)2024-06-2117 minIvanti OriginalsSecure Unified Endpoint Management (SUEM)Ivanti’s latest research — a study of over 7,300 office workers, IT professionals and organizational leaders across the globe — finds that misalignment between IT and security misalignment can have drastic consequences for businesses including slower threat responses, unplanned downtimes and unmanaged devices. What steps can be taken to ease this tension between IT and security and implement a proactive approach to mitigate risk organization-wide? Ivanti’s report, Secure Unified Endpoint Management (SUEM) delves into why today’s organizations businesses need to do away with security and IT data silos and harmonize endpoint management and endpoint security into secure...2024-06-0414 minIvanti OriginalsInflection Point: Ivanti’s 2024 State of Cybersecurity ReportIvanti’s latest research — a study of over 7,000 leadership-level executives, cybersecurity professionals and office workers — finds cybersecurity is widely viewed as a top organizational priority, even at the board level. This board-level attention is critical because it positions cybersecurity not simply as a technology risk, but a critical business risk. Ivanti research also underscores an ongoing (and costly) point of friction: insufficient alignment between the CIO and CISO — and this isn’t just a leadership problem. With the spotlight now shining on them, how can security and IT teams bridge this gulf and overcome critical hurdles like...2024-05-2322 minSecurity Insights - Cybersecurity for Real-World WorkplacesDissecting the Verizon DBIRIvanti's Chris Goettl (VP of Product, Patch Management) welcomes Robert Waters (Lead PMM, Exposure Management) as they discuss the key takeaways from Verizon's latest annual Data Breach Investigations Report: persistent risk from credentials, more and more sophisticated phishing attacks, and the rising prevalence of vulnerability exploits. To view the report yourself, head to: https://www.verizon.com/business/resources/reports/dbir/Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)2024-05-2127 minThe Defender's Advantage PodcastInvestigations Into Zero-Day Exploitation of the Ivanti Connect Secure AppliancesMandiant Principal Analysts John Wolfram and Tyler McLellan join host Luke McNamara to discuss their research in the "Cutting Edge" blog series, a series of investigations into zero-day exploitation of Ivanti appliances. John and Tyler discuss the process of analyzing the initial exploitation, and the attribution challenges that emerged following the disclosure and widespread exploitation by a range of threat actors. They also discuss the role a suspected Volt Typhoon cluster played into the follow-on exploitation, and share their thoughts on what else we might see from China-nexus zero-day exploitation of edge infrastructure this year. For more on...2024-05-1627 min
Ivanti Originals2024 Everywhere Work Report: Empowering Flexible WorkIvanti’s research — a global study of 7,700 executive leaders, IT and cybersecurity professionals and office workers — highlights a new major priority in the Everywhere Work movement — flexibility. To hold onto top talent, organizations need to empower employees to work from anywhere at any time. However, the report also revealed the additional IT burden and incremental security risks that hybrid and remote work can introduce. How can organizations balance security and productivity and overcome the technical, cultural and organizational barriers standing in the way of delivering Everywhere Work to their employees? Get more resources2024-04-1014 min
Storm Watch by GreyNoise IntelligenceIvanti's Security Revamp, Dodging the XZ Bullet & D-Link's NAS CrisisForecast = Hazy, with a 60% chance of KEV squals towards the end of the week. In this episode of Storm⚡Watch, we start by discussing Ivanti's CEO Jeff Abbott's pledge for a comprehensive security overhaul following a series of breaches linked to vulnerabilities, including CVE-2024-21894. We also explore Andres Freund's accidental heroism in uncovering a backdoor in Linux software, and delve into the vulnerability of D-Link NAS devices to remote code execution. Cybersecurity Frontlines: Ivanti's Pledge and Vulnerabilities Ivanti CEO Jeff Abbott has publicly committed to a comprehensive security overhaul following
a series of b...2024-04-091h 02
CyberHub Podcast🚨 Cyber News: Can Ivanti Redeem Itself, China Inflaming US using AI, Criminals Target Help Desk, Patch & Breach News🚨 Cyber News: Can Ivanti Redeem Itself, China Inflaming US using AI, Criminals Target Help Desk, Patch & Breach News Cybersecurity NewsCyberHub PodcastApril 8th, 2024 Thank you for watching and Please Don't forget to Like this video and Subscribe to my Channel! Today's Headlines and the latest #cybernews from the desk of the #CISO:Home Depot confirms third-party data breach exposed employee infoCisco Warns of Vulnerability in Discontinued Small Business RoutersOver 92,000 exposed D-Link NAS devices have a back...2024-04-0815 min
Ivanti OriginalsAITSM: How AI is redefining IT service desk automationIvanti’s latest research — a study of over 16,200 office workers, IT professionals and organizational leaders across the globe — finds that the Everywhere Work movement has put added pressure on high-value IT talent, and organizations are struggling with IT burnout, knowledge management and asset visibility. These challenges are delaying important digital transformation and digital employee experience (DEX) initiatives — particularly effectively implementing and leveraging AI.Ivanti’s research found that most IT leaders believe AI and automation could revolutionize their approach to enterprise service management (ESM), improve workflows and make them more productive and efficient. How can AI-powered...2024-03-0519 min
State of CybercrimeIvanti Zero-DaysCISA issued an emergency directive to mitigate Ivanti Connect Secure and Ivanti Policy Secure vulnerabilities after learning of malware targeting the software company, allowing unauthenticated threat actors to access Ivanti VPNs and steal sensitive data. CISA is requiring all federal agencies to disconnect from affected Ivanti products by EOD February 2, 2024. The directive also warned that attackers had bypassed workarounds for current resolutions and detection methods. Join Matt, David, and Dvir to learn more about the Ivanti vuln and other cyber threats. OTHER BREAKING STORIES WE'LL COVER: • The latest ChatGPT news • Dee...2024-02-0822 min
The State of Enterprise IT SecurityS1 EP. 06: Ivanti Patches Zero-Days, Confirms New Exploit, China Threat Targets Critical Infrastructure, Congress Confronts Security with Hill’s AI useIn this insightful episode of the State of Enterprise IT Security, host Brad Bussie, Chief Information Security Officer at e360, explores pressing cybersecurity issues affecting businesses and governments. Brad brings his expertise to the forefront, discussing significant topics ranging from Ivanti's latest patches for zero-day vulnerabilities to the evolving landscape of cyber threats between the US and China, and Congress's approach to AI security risks.Topics Covered:Ivanti’s response to zero-day vulnerabilities and new exploits.The US government's actions against Chinese cyber threats and the ongoing risks.The US Congress's cautious approach towards the in...2024-02-0519 min
Threat Vector by Palo Alto NetworksBeyond the Breach: Strategies Against Ivanti VulnerabilitiesIn this episode of Threat Vector, host David Moulton, Director of Thought Leadership at Unit 42, along with guests Sam Rubin, VP, Global Head of Operations, and Ingrid Parker, Senior Manager of the Intel Response Unit, dive deep into the critical vulnerabilities found in Ivanti's Connect Secure and Policy Secure products. They explore the vulnerabilities' potential impact, the urgency of mitigation, and strategies for defense. This discussion sheds light on the tactical and strategic responses necessitated by the current threat landscape, highlighting the collaboration between public directives and private sector response. ...2024-02-0526 min
NoLimitSecuVulnérabilités dans Ivanti Connect Secure et Policy Secure GatewaysEpisode #442 Consacré aux vulnérabilités découvertes en janvier 2024 dans Ivanti Connect Secure et Policy Secure Gateways Bulletin d’alerte du CERT-FRhttps://www.cert.ssi.gouv.fr/alerte/CERTFR-2024-ALE-001/ Ce blog détaille comment l’analyse de la mémoire a révélé l’exploitation de deux vulnérabilités zero-day dans Ivanti Connect Secure VPN1.https://www.volexity.com/blog/2024/02/01/how-memory-forensics-revealed-exploitation-of-ivanti-connect-secure-vpn-zero-day-vulnerabilities/ Détails sur cinq familles de malwares associées à l’exploitation des appareils CS et PS3.https://www.mandiant.com/resources/blog/suspected-apt-targets-ivanti-zero-day […]
The post Vulnérabilités dans Ivanti Connect Secure et Policy Secure Gateways...2024-02-0426 min
YusufOnSecurity.com155 - iVanti's widespread exploitationEnjoying the content? Let us know your feedback!When things go wrong, they go wrong fast. This week will dive into the widespread exploitation on iVanti VPN solution that attracted a lot of attention from both the security community as well as from the bad guys. What went wrong? Stay tuned.Just before we get into iVanti, lets review the other top security news this week.Millions of passwords of top brands such as facebook and others were found for sale.SonicWall API attracts attacks that can impacts over 170 thousand firewalls.- https://psirt...2024-01-2042 min
ITSM Podcast covering Latest Solutions & Best PracticesHow many Ivanti Consultants and Developers do you need for your ITSM Project?Ivanti ITSM has come a long way in the 27+ years I have implemented the various products from HEAT, HEAT ITSM, Ivanti Service Manager, Ivanti Asset Manager, and now Ivanti Neurons for ITSM/ITAM.
Surprisingly the Ivanti Professional Services approach has also changed. From in-house consultants, now outsourced to Ivanti Business partners.
Is that good, is it bad? How many consultants/developers do you really need for your ITSM Project?2023-11-0705 min.jpg)
Arrow ECS Austria Audio Podcast09-2023 - Claus Nussbaum - Ivanti (Audio only)Claus Nussbaum, Area Vice President Alps & Eastern Europe bei Ivanti, ist zu Gast bei Heribert Karrer im Arrow ECS Austria - Videopodcast.
Ivanti hat sich in den letzten Jahren durch mehrere Zukäufe zu einem Hersteller mit einem breiten Produkt- und Lösungsportfolio entwickelt.
Pulse Secure (Zero Trust Security), Mobile Iron (Devicemanagement), IT-Asset Management, Workplace Service sind nur einige Schwerpunkte von Ivanti.
Was können diese Lösungen, wie kann man diese einsetzen?
Was ist die Strategie von Ivanti und wie spielen die unterschiedlichen Lösungen zusammen? Kann man die Lösungen...2023-07-1132 min
Arrow ECS Austria Video Podcast09-2023 - Claus Nussbaum - IvantiClaus Nussbaum, Area Vice President Alps & Eastern Europe bei Ivanti, ist zu Gast bei Heribert Karrer im Arrow ECS Austria - Videopodcast.
Ivanti hat sich in den letzten Jahren durch mehrere Zukäufe zu einem Hersteller mit einem breiten Produkt- und Lösungsportfolio entwickelt.
Pulse Secure (Zero Trust Security), Mobile Iron (Devicemanagement), IT-Asset Management, Workplace Service sind nur einige Schwerpunkte von Ivanti.
Was können diese Lösungen, wie kann man diese einsetzen?
Was ist die Strategie von Ivanti und wie spielen die unterschiedlichen Lösungen zusammen? Kann man die Lösungen...2023-07-1132 min
Security Insights - Cybersecurity for Real-World WorkplacesChief Scapegoat Officer: How to Keep "Fighting the Good Fight" for Ethical Security StandardsWhat does CSO stand for at your organization? Is it short for Chief Security Officer... or Chief Scapegoat Officer?In this episode, Ivanti CSO Daniel Spicer talks about how he never thought he'd be a CSO, and the unique pressures that security executives face from their own internal leadership teams and external regulations or (worse) insurance companies.Listen in as Daniel and Ashley dig into:What counts as a "breach" -- legally and ethically -- and the conflicting pressures to either report or not.How hackers try to bluff their...2023-06-2932 minSecurity Insights - Cybersecurity for Real-World WorkplacesSecurity and Employee Investigations: Breaking Down the Big Brother Security MythDaniel Spicer is back! Following up on last episode's discussion on the security risks of overemployment, Ivanti's Chief Security Officer returns to clear up the age-old myth of security tools being abused for employee investigations. Join Daniel, Chris and Ashley as they discuss:What is (and most definitely is not) allowed in an employee investigation -- especially if the Security Team is requested to assistUser and management's misconceptions about security data, and how it's less "Big Brother," and more "Death by Data" The invaluable technique of using HR and Legal both to cover your asks and avoid abuse o...2023-06-1527 min
Project GeospatialGEOINT 2023 - IVANTIAt GEOINT 2023 we interviewed Patty Arcano, a Senior Executive, and Mark Robinson, an Account Technical Strategist, both from IVANTI. Join us as they delve into the ways IVANTI empowers customers to support connected and disconnected services, addressing critical areas such as patching, whitelisting, and risk management. Gain valuable insights into IVANTI's comprehensive solutions that enable effective governance, risk, and compliance management, along with the seamless handling of the lifecycle of controls and processes. Discover how IVANTI's expertise and technology empower organizations to enhance security, streamline operations, and maintain compliance in complex environments.
For more content like this check out...2023-06-0706 min
Security Insights - Cybersecurity for Real-World WorkplacesOveremployment Security Concerns: A Risk Versus Remediation Case StudyChris and Ashley use the current overemployment media trend as an example case study on evaluating security risks versus potential organizational impact. They cover: How overemployment existed before remote workWeighing the various security implications of overemployment — including shadow IT and insider threatsHow far an organization should go to remediate security risks due to unknown overemployed employees... and the cultural trade offs organizations may be required to make.Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)2023-05-2521 minSecurity Insights - Cybersecurity for Real-World WorkplacesVulnerability Patch Prioritization Problems: Cybersecurity Research Results (Part Two)Chris (finally!) adds his insights to the 2023 Press Reset cybersecurity research report, especially how its findings impact vulnerability and patch prioritization processes — do you shoot for mission critical systems, active exploits, or something else first? — and why asset visibility lies at the core of every security framework on the planet.Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)2023-05-1129 min
Security Insights - Cybersecurity for Real-World WorkplacesGenerative AI for Security Teams and Products with JR Robinson from WriterJR Robinson, Head of Platform at generative AI startup Writer, joins VP of Endpoint Security Product Management Chris Goettl and Ashley Stryker to discuss current generative AI use cases for security teams that go beyond just chat bots.(Please. For everyone’s sanity… go beyond chat bots.)They’ll also preview a deeper webinar discussion with Chief Security Officer Daniel Spicer on the risks and rewards generative AI offers security teams at every organization, airing on April 26 — save your spot and bring your questions to "Generative AI for Infosec and Hackers: What Security...2023-04-2724 min
Geeks, Geezers, and Googlization ShowGGG Unleashed with Ivanti: Technologies Required for the Everywhere WorkplaceIt is vital to leverage technology and automation to solve issues proactively and in real-time. These solutions and technologies are vital for enabling a seamless, Digital Employee Experience. This episode shares how Ivanti augments IT teams with contextual insights and intelligent automation to proactively detect and resolve issues to provide a better digital employee experiences and business outcomes. Additional Resources: Learn more about Ivanti: https://www.ivanti.com/ Connect with Jeff on LinkedIn: https://www.linkedin.com/in/jeff-abbott-50a5b1/ Ivanti on LinkedIn: https://www.linkedin.com/company/ivanti/ 2023-04-1314 minSecurity Insights - Cybersecurity for Real-World WorkplacesDeath, Taxes and Phishing: Cybersecurity Research Results (Part One)Daniel and Ashley review the latest research report from Ivanti -- Press Reset: A 2023 Cybersecurity Status Report -- including prioritizing phishing and DDoS attacks, security ROI challenges, and why organizations should never increase their cybersecurity budget by sacrificing their IT allocations.Download the full report at Ivanti.com/CybersecurityReport Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)2023-02-1639 minSecurity Insights - Cybersecurity for Real-World WorkplacesVendor Cyber Risk Management 101: Balancing Supply-Chain Risk with Remote Work DEX and IoT Litter BoxesIt's vendor risk versus reward!Chris and Amanda educate Ashley on the core considerations, processes and requirements for robust vendor risk management programs... including when to be afraid of your IoT devices, especially those pesky Roomba vacuums and oh-so-convenient self-cleaning litter boxes.Remember to address these three components, no matter if your vendor is a major IT software provider or just your friendly neighborhood paper salesman:What data are you granting your vendor?What can they access?Due diligence and 200+ item questionnaires are everything.Join the conversation online on LinkedIn (linkedin.com/company...2023-02-0243 minSecurity Insights - Cybersecurity for Real-World WorkplacesIT vs Security: When Hackers Patch for ProfitIT Director Tony Miller goes toe-to-toe with Chief Security Officer Daniel Spicer to justify – or condemn! – IT and cybersecurity posts found on Reddit, featuring a legendary story about hackers that patched endpoints faster than the company itself. #PatchHacksPlus, Ashley frets about the impact of a new security policy on her personal devices, creating an impromptu case study on the importance of explaining (or just reading) new security policies.Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)2023-01-1939 minSecurity Insights - Cybersecurity for Real-World WorkplacesPrisoner Priorities: Why Disclosure Policies Can’t Please EveryoneDaniel, Chris, Amanda and Ashley revisit the coordinated disclosure conversation from Episode 25 and apply the prisoner’s dilemma thought experiment to create a (more?) perfect vendor disclosure policy.Find shownotes for this episode at Ivanti.com/SecurityInsights-30Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)2022-12-1530 minSecurity Insights - Cybersecurity for Real-World WorkplacesWomen in Cybersecurity: Personal Experiences and ProgressAmanda and Ashley talk about their experiences as women in the cybersecurity and technology industries. (Spoiler alert: it’s on the up-and-up!)Find shownotes for this episode at Ivanti.com/SecurityInsights-29Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)2022-11-2432 minSecurity Insights - Cybersecurity for Real-World WorkplacesCloud Security: Indiana Bob’s Server Closet Versus Data CentersAmanda and Chris share stories proving why your data really is more secure in the cloud than the average on-premises server closet – and what organizations should worry more about when it comes to data security.Find shownotes for this episode at Ivanti.com/SecurityInsights-28 Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)2022-11-1033 minSecurity Insights - Cybersecurity for Real-World WorkplacesSee Yourself in Cybersecurity: How 3 Experts Transitioned into InfoSecDo you want to work in cybersecurity, but not sure how to start? Ashley and Chris talk to three current cybersecurity experts on how they entered the industry – including Ivanti deputy CSO Amanda Wittern. (Also, bonus update on how Ashley pulled off her social engineering assignment from last episode!)Find shownotes for this episode at Ivanti.com/SecurityInsights-27 Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)2022-10-2727 minSecurity Insights - Cybersecurity for Real-World WorkplacesPhishing Attacks and Marketing Minds: How Hackers Use Unexpected Skills to Break Their TargetsIn this episode, Chris tries to convince Ashley that marketers naturally make excellent hackers, based on modern phishing attacks and techniques… And Ashley confirms his guess by revealing the lengths to which marketers will go to “spoof” natural conversation and drive their target audience to take action.Referenced materials:The DarkNet Diaries Podcast, Episode 69: Human Hacker - https://darknetdiaries.com/transcript/69/Ashley’s “Social Engineering” booklist - https://www.amazon.com/hz/wishlist/ls/1INOW5WGDDUO5?ref_=wl_shareJoin the conversation online on LinkedIn (linkedin.com/company/Ivanti)2022-09-2623 minSecurity Insights - Cybersecurity for Real-World WorkplacesMicrosoft's Coordinated Disclosure Discussion from BlackHat & DefCon '22Security Insights welcomes its new host, Ashley Stryker, into the mix! In today's episode, Chris Goettl and Daniel Spicer break down some backlash from Microsoft customers on their failure to disclose a “ninja patch” on a vulnerability researchers found months before the fix. Listen in as the trio discuss security transparency and best practices for vendor coordinated disclosures of vulnerabilities for cloud versus on-prem products and much more!Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)2022-09-0731 min
Salt Lake ChamberSpeaking on Business: IvantiThis is Derek Miller Speaking on Business. Ivanti is an exciting, Utah-based technology company that produces world-class software used by the largest companies in America. Company Vice President Brooke Johnson shares more.
BROOKE JOHNSON:
Advances in software, satellites and computer connectivity have enabled millions of Americans to work from nearly anywhere. We call it the “Everywhere Workplace” where employees use a myriad of devices to access IT applications and data over various networks.
But greater access means greater risk, which is why 97 percent of the Fortune 100 companies have chosen Ivanti to discover, manage, secure, and service their IT assets, from the...2022-08-3101 minSecurity Insights - Cybersecurity for Real-World WorkplacesGartner Security & Risk Management Summit TakeawaysHello and welcome back to this week’s episode of Ivanti’s Security Insights! Today Chris Goettl and Daniel Spicer go over their takeaways from the recent Gartner Security & Risk Management Summit.Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)2022-06-3018 minSecurity Insights - Cybersecurity for Real-World WorkplacesHealthcare and Cybersecurity w/ Daniel Brody and Chad HolmesWe’re back and ready to roll with this week’s episode where our host Chris Goettl interviews Chad Holmes and Daniel Brody from Cynario. Today they discuss healthcare and security through EMT devices and much more.Watch to learn more about how cyber security is assisting healthcare innovation! For more information, check out Cynario’s website www.cynerio.com or their social media @cynerio. Be sure to follow us on our socials @goivanti for more episodes like this! Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)2022-05-1825 min
ITSM Podcast covering Latest Solutions & Best PracticesDo you really need a Project Manager for your Ivanti Neurons for ITSM/ITAM Implementation?
DISCLAIMER: Not endorsed by, affiliated with, or sponsored by Ivanti, ServiceNow, Remedy, Infor, or Sage. Any use of the software product names is descriptive of product experience/skillset or used to review the ITSM and CRM products.
Short Answer is NO, you don't need a project manager. In fact, one of the most common mistakes made by companies implementing Ivanti Neurons for ITSM/ITAM aka Ivanti Service Manager (HEAT) is to assign a Project Manager.
Don't get me wrong, there are many great project managers out there and there is a need for project manage for many...2022-05-1808 min
ITSM Podcast covering Latest Solutions & Best PracticesWhat makes a great Ivanti HEAT Neurons Administrator/Developer/Consultant?
DISCLAIMER: Not endorsed by, affiliated with, or sponsored by Ivanti, ServiceNow, Remedy, Infor, or Sage. Any use of the software product names is descriptive of product experience/skillset or used to review the ITSM and CRM products.
One of the most common Ivanti HEAT Neurons Implementation challenges identified by clients is "Admin Training". What seems like an easy quick fix is actually more complicated. It takes more than just Ivanti Training Academy access, Ivanti Business Partner training, and guidance from a seasoned professional.
With 26+ years Implementation experience and 100+ ITSM implementations, with products such as but...2022-04-0711 minSecurity Insights - Cybersecurity for Real-World WorkplacesThis Videogame Vulnerability Was a Huge Headache: Unpacking Log4jIn our first episode of 2022, Chris Goettl and Daniel Spicer unpack one of last year's biggest vulnerabilities: Apache Log4j. The conversation includes:What is Log4j?The difficulty of detecting Log4j and developing guidance for organizationsWhy security teams and IT teams are stuck in a Catch 22 of patchingThe latest guidance you can use for your organizationCheck out cisecurity.org and Ivanti's article on Log4jJoin the conversation online on LinkedIn (linkedin.com/company/Ivanti)2022-01-2726 minSecurity Insights - Cybersecurity for Real-World WorkplacesCybersecurity Myth BustingHost Adrian Vernon sits down with Daniel Spicer to bust some cybersecurity myths! The list of myths include:Passwords should be changed every 30 daysYou shouldn't write down your passwordMulti-factor Authentication is not secureYou don't need antivirusVPNs keep my devices safe and secureIT is responsible for all of the cybersecurity at an organization"Stay safe, be secure, and keep smiling!"Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)2021-12-1514 min