►
Description
Preview session for the upcoming Secure & Defend Section Group Conversation livestream scheduled for 2020-06-15. Hear updates related to the Secure & Defend stages from David DeSanto, Todd Stadelhofer, and Wayne Haber.
A
Welcome
everyone
to
our
group
conversation
update
for
secure
and
defend
we're
gonna
kind
of
hop
ahead
here
and
only
hit
a
couple
of
slides
for
you.
First
on
the
side
of
secure
within
that
stage,
we're
actually
moving
vulnerability
management
over
to
secure.
The
reason
for
this
is
that
we're
focusing
on
what
mobility
management
sports
today,
which
is
the
secure
scanners,
there's
another
good
part
of
this,
where
we're
also
creating
a
new
insider
threat
group
within
defend
handle
UVA.
But
the
big
thing
I
want
you
to
take
away.
A
Is
that
there's
no
impact
to
any
of
the
team?
Everybody
still
has
the
same
managers
every
still
working
on
the
same
items.
This
is
to
help
align
visibly
externally
on
what
little
bit
of
engine
smoke
it's
focusing
on
today,
as
well
as
it
helps
strengthen
our
application
security
testing
story
with
the
analyst
and
the
media
and
with
our
customers.
A
Today,
you
wanna
yep.
Today
we
want
to
announce
something
very
exciting:
Gil
I've
acquired
two
security
company's
first
buzz,
it
buzz.
It's
focused
on
coverage,
guided
fuzz
testing,
they're,
a
leader
and
continuous
fuzz
testing,
where
they're
continually
iterating
through
the
source
code
and
finding
additional
items
to
pose
as
changes
are
made.
The
other
side
of
this
is
peach.
Tech
peach
check
has
been
a
leader
in
fuzz
testing
for
the
last
five
to
ten
years,
they're
focused
on
behavioral,
close
testing
so
running
against
the
live,
application
or
service.
A
With
the
acquisition
we
are
getting
peach
API
security,
which
is
an
API
fuzzing
tool,
as
well
as
a
DAST
API
product,
and
additionally,
the
peach
fuzzer
product
which
is
available
today,
is
in
community,
offering
as
well
as
a
commercial,
offering
there's
a
lot
more.
You
can
learn
about
the
acquisition
and
our
plans,
there's
a
link
to
YouTube
that
walks
you
through
the
actual
announcement,
but
at
a
high
level
we're
have
a
very
aggressive
integration
schedule,
we're
shooting
for
July
to
have
our
initial
preview
of
the
coverage
guided
buzzing.
A
So
this
is
the
fuzz
it
coming
in
it'll
be
focused
on
go
support
in
October.
We're
gonna
have
a
minute
minimal
release.
This
is
focused
on
bringing
in
the
peach
components,
so
the
API
fuzzing,
as
well
as
API,
as
well
as
extending
our
coverage
guided
for
additional
languages
with
our
viable
maturity
of
hitting
before
the
end
of
the
fiscal
year.
So
in
January
we
have
way
more
planned
beyond
that.
So
please
check
out
the
Direction
page
as
well
as
watch
the
video
to
learn
more.
B
Sure
sure
so,
for
the
engineering,
ok
ours
for
q2,
the
first
one
is
increasing
our
monthly
rolling,
adjusted
average,
and
so
our
target
was
211
and
for
May
our
actual
was
264
m
ours
and
then
okay.
Our
number
two
had
to
do
with
trying
to
hit
an
ideal
say/do
ratio
which
I've
defined
as
between
70
and
80
percent
and
413
dato.
We
were
able
to
hit
74
and
a
half
thanks,
David
a.
A
Lot
of
amazing
things
coming
out
as
well.
Some
things
that
recently
came
out,
such
as
mobility
management,
is
now
viable,
as
well
as
some
improvements
to
SAS
to
support
things
like
the
dotnet
framework.
Please
go
through
this.
We
don't
want
to
believe
it
today,
but
there's
a
lot
of
really
awesome
things
coming
out.
A
Still
a
secret
detection
became
a
standalone
scanner,
so
it's
no
longer
part
of
SAS
and
it's
maturity
is
being
accelerated
this
year,
it'll
be
achieving
viable
in
our
next
release
just
mentioned,
but
vulnerability
management
is
now
a
minimal
maturity.
Category
lots
of
great
information
about
what's
planned
again,
the
team
is
accelerating
the
maturity
of
vulnerability
management
with
goals
and
getting
to
viable
over
the
next
several
quarters
in.
A
In
lab
is
now
the
CVE
numbering
authority,
it's
something
we've
talked
about
in
the
past,
but
it's
officially
live.
You
can
read
our
responsible,
responsible
disclosure
policy
and,
amazingly,
in
the
last
couple
months,
we
were
at
14
CV
IDs
that
we've
been
able
to
issue
since
we've
become
a
CV
numbering
authority.
So
that's
really
really
awesome
for
the
company
we
talked
about
this
coming
up
here.
The
last
call
is
now
official,
the
Gartner
Magic
Quadrant
for
application
security
testing
has
been
published.
A
A
There's
a
quote
here
from
the
Magic
Quadrant,
but
I
can't
stress
enough
how
excited
I
am
the
team
is
including
engineering
marketing
amazing
achievement
for
us,
and
if
you
have
time
please
check
out
the
report
and
with
that
we're
going
to
kick
it
over
to
defend
defend
maturity
is
continuing
to
grow.
We're
very
excited
that
we
have
our
container
host
security,
reaching
minimal
maturity.
This
quarter,
it's
currently
planned
for
13:1,
with
a
goal
of
being
out
in
the
later
than
13
to
amazing
included
features.
Wayne.
C
For
a
container
host
security,
yes,
the
basic
detection
of
potentially
or
actually
malicious
actions
inside
the
containers,
detecting
it
both
at
the
operating
system
layer
and
at
the
container
layer
and
all
the
way
up
at
the
kubernetes
layer.
So
lots
of
good
stuff
coming
of
implementing
our
own
technologies
and
also
integrating
open
source
technologies
such
as
Falco
and
a
barber
good.
C
C
You
know
dogfooding
the
defend
features,
we're
working
with
the
security
team
and
other
teams
to
do
that,
and
also
implementing
North
Star
metrics
for
defend
features
all
currently
on
track.
Raising
the
team,
mr
rate,
is
currently
not
on
track
and
we
are
consistently
improving
that
each
month,
but
we've
got
some
unique
factors
for
the
team,
mostly
that
it's
a
new
team
with
a
bunch
of
new
features.
So
there's
not
as
much
technical
that
which
tends
to
drive
up
the
EMR
rate
but
will
continue
to
improve
in
its
going
well.
A
And
then
we
do
have
some
great
features
coming
out.
We
just
talked
about
the
fact
that
container
pro
security
is
going
for
minimal
this
quarter.
We've
also
recently
had
the
ability
to
export
logs
out
of
the
defendant
out
to
syslog,
and
we
have
a
really
really
awesome
first
release
of
our
policy
management
coming
out.
So
this
is
really
extending
what
people
can
do
to
secure
their
kubernetes
environment.
A
A
B
A
With
that
we've
reached
the
end
of
the
presentation.
Let's
see
here
there
we
go
going
forward,
please
feel
free
to
reach
out.
Hang
us.
We
look
forward
to
doing
the
review
with
all
of
you
on
Monday
as
well,
but
if
you
do
have
any
questions
beforehand,
don't
hesitate
to
ping
us
and
the
channels
on
slack.
Thank
you
very
much
everyone
and
have
a
good
day.