Hot takes on the latest cybersecurity trends

In this special AMA edition of SecOps Weekly, Red Canary co-founder Keith McCammon and Principal Security Researcher Brian Donohue discuss various security topics submitted by the audience. The conversation begins with an in-depth discussion of EDR bypass techniques, where Brian emphasizes that the biggest threat isn't sophisticated bypass methods but rather unmonitored systems that lack EDR sensors entirely. They explore operational security practices, with audience polling showing attack surface reduction as the top priority, followed by gaining visibility into systems. The discussion covers breach and attack simulation tools like Atomic Red Team, emphasizing the importance of continuous testing over one-time assessments. They address emerging concerns about Shadow AI and unauthorized AI tool usage within organizations, discussing the challenges of monitoring AI inputs and maintaining asset inventories. The session also touches on geopolitical threats related to Iran and their potential impact on critical infrastructure, as well as the growing problem of legitimate RMM tools being weaponized by attackers. Throughout, the experts stress the fundamental importance of visibility and baseline understanding of organizational assets and normal user behavior. Join SecOps Weekly every Tuesday for all the latest SecOps information! https://bit.ly/49VktRi #askmeanything #cybersecurity #cybersecurityexperts #threatintelligence #securityoperations #securityoperationscenter Chapters: 00:00 - 01:24 - Introduction 01:25 - 03:04 - Welcome to SecOps Weekly 03:05 - 09:39 - EDR bypass shenanigans 09:40 - 13:32 - Boost your operational security practices 13:33 - 19:24 - Pros and cons of breach attack simulation 19:25 - 23:14 - Threat landscape related to Iran 23:15 - 27:17 - Shadow AI and AI tools 27:18 - 32:23 - Tips to get started baselining an environment Follow us:   / redcanary     / redcanary   --- Red Canary stops cyber threats no one else does, so organizations can fearlessly pursue their missions. We do it by delivering managed detection and response (MDR) across enterprise endpoints, cloud workloads, network, identities, and SaaS apps. As a security ally, we define MDR in our own terms with unlimited 24×7 support, deep threat expertise, hands-on remediation, and by doing what’s right for customers and partners. Subscribe to our YouTube channel for frequently updated, how-to content about Atomic Red Team, threat hunting in security operations, MDR or Managed Detection and Response, and using the MITRE ATT&CK® framework.