Old School – ESW #217
Full Audio
View Show IndexSegments
1. Red Canary, Imperva Sonar, Data Breaches & Share Prices, & TrendMicro XDR – ESW #217
This week in the Enterprise News: LasPass is no longer free, Tenable helps with dynamic assets, Security Scorecard and the Score Planner, Trend Micro XDR, & Imperva launches sonar! Funding announcements from: PerimeterX, SPHERE, Red Canary, 1Kosmos, & Strata Identity! In the Acquisition news: Sailpoint to Acquire Intello, Crowdstrike to Acquire Humio, Palo Alto to acquire Bridgecrew, Kaseya to Acquire Rocket Cyber, & more!
Announcements
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
Hosts
- 1. PerimeterX Raises $57M in Growth Capital Funding to Fuel Expansion Into New Geographies and VerticalsThis is a series D for PerimeterX and brings total funding to nearly $150m. Like most late-stage funding, this round is all about growing into new markets and onto new continents.
- 2. SailPoint Announces Intent to Acquire Intello to Identify, Secure, and Govern Access to SaaS Applications for Today’s Digital EnterpriseAt first glance, this looks like a CASB play, but it looks more focused on monitoring SaaS use than doing any kind of enforcement or the man-in-the-middle javascript hacks that CASB tends to be associated with. I guess you'd still categorize it as SaaS, even if it's entirely API-dependent. The acquisition makes sense for SailPoint, as SaaS management is a nice feature-add on top of SailPoint's existing SSO/IAM offerings.
- 3. SPHERE Secures $10 Million in Series A FundingA women-founded/owned security startup! We don't see these nearly often enough. SPHERE appears to be a natural evolution of products like Varonis and Stealthbits. It looks like SPHERE can not only identify privileged access and data governance issues but can enforce policies and take action on infractions. They appear to be particularly focused on cloud-based platforms like Office 365, which is smart - that's where everyone has moved and... O365 can get really messy!
- 4. CrowdStrike to Acquire Humio to Deliver Index-Free XDRWe've all heard complaints about Splunk costs and many suspect this $400m deal is about (at least partially) alleviating Crowdstrike customers' Splunk budget. The acquisition totally makes sense, especially for customers that might only be using Splunk to manage Crowdstrike data. I'd expect that Humio would continue to be able to pull in non-Crowdstrike data, as the promise of correlation will only increase the value of the data overall.
- 5. Palo Alto Networks Announces Intent to Acquire BridgecrewIn show #215, we reported the rumor that this acquisition was going down for a number north of $100m. That reporting appears to be accurate, with the final deal value reported as $156m in cash. It's an amazing return for a company that had only raised $18.1m to date. The acquisition was announced days before the company's second anniversary from its founding. Bridgecrew is in the rapidly expanding CSPM (cloud security posture management) space. "Highlight all my cloud config mistakes" is another way of thinking of this space.
- 6. Security Operations Firm Red Canary Raises $81M To Grow R&DThis brings Red Canary to a total of $125m in funding and I'm honestly glad to see it. Red Canary is one of the few managed security vendors that I consistently hear positive things about. Managed SOC has exploded in recent years, but in my experience, most MSSPs and MDR firms don't do a great job with detection (or at least, don't do any better than companies did before they outsourced the function).
- 7. How data breaches affect stock market share prices – ComparitechBig thanks to Gabe Bassett from the Verizon DBIR team for bringing this one to my attention. We know that companies are rarely destroyed by breaches. The ones that do go out of business following a breach tend to be very small. However, the assumption many have (myself included) that big companies always fully recover from a breach seems to be false. This study shows that, from a stock market perspective, nearly all publicly-traded companies that suffer a public breach do worse in the market when compared to market performance before the breach.
- 8. John Scott-Railton on TwitterThis is one of the LastPass hot takes from John Scott-Railton, a senior researcher for Citizen Labs.
- 9. Changes to LastPass Free – The LastPass BlogA lot of folks got ruffled by the recent changes to LastPass's free tier, which has led to some hot takes on where parent company, LogMeIn, might be headed with its new-ish private equity owners. These owners apparently have a history of backing surveillance tech, which doesn't sit well with folks trusting LastPass with all their passwords.
- 10. 1Kosmos Secures $15 Million in Series A Funding from ForgePoint CapitalQuick note: Forgepoint also contributed to two other funding stories this week: Strata and SPHERE! 1Kosmos appears to be trying to solve the complex, frustrating state of authentication. They have both an enterprise-employee-facing and enterprise-customer-facing product. Looks like they're leveraging passive methods (certs, device identity) and smartphone biometrics to enable MFA and passwordless use cases. Looks like an evolution of the ubiquitous Duo push method, but uses biometrics instead of tapping "accept"?
- 1. CircleCI announces privacy enhancements for engineering teams
- 2. Nutanix announces additional ransomware protections in its cloud platform
- 3. SecurityHQ Response: A mobile app that tracks the status of security incidents at any time
- 4. CrowdStrike Delivers Advanced Threat Protection for Cloud and Container Workloads
- 5. Kaseya acquires RocketCyber
- 6. Tenable Launches Exposure Platform for Risk-Based Vulnerability Management of Dynamic Assets
- 7. CrowdStrike Global Threat Report Highlights Key Trends in eCrime and Nation-State Activity
- 8. Improve Your SecurityScorecard Security Rating with Score Planner
- 9. PerimeterX bags $57M to shield enterprise websites from hackers and bots
- 10. Trend Micro launches new XDR Trend Micro Vision One
- 11. Imperva launches Sonar for unified enterprise security analytics
- 12. Cisco AppDynamics Launches New Research, Revealing Unprecedented Demand for Full-Stack Observability
2. 2020 Security Operations Survey – Christopher Crowley – ESW #217
The 2020 SOC Survey results are in and the author, Chris Crowley, will discuss the detailed results in the report and how they can help individuals and organizations reduce the drag on our global community due to insecure information systems. Effective security operations rely on monitoring your data and being prepared to defend yourself and your organization. Chris will explain why he believes that the classic SOC will move, over the next few years, to MSSPs and how to be ready when threats are detected.
Download the report: https://soc-survey.com/
Announcements
We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!
Guest
Christopher Crowley has more than 20 years of industry experience managing and securing networks, his first job in the field was as an Ultrix and VMS systems administrator at 15 years old. He currently works as an independent consultant in the Washington, DC area focusing on effective computer network defense via Montance® LLC: providing cybersecurity assessment, and framework development services enabling clients to create a new SOC, or improve existing security operations. He is the course author for SOC-Class, his course on effective cybersecurity operations; and a Senior Instructor at the SANS Institute. He holds a multitude of cyber security industry certifications. He travels globally to teach and present at conferences. He brings this global perspective to efforts such as the SOC Survey: a study of SOCs, which he has authored for five years.
Hosts
3. Evaluating the MITRE ATT&CK Evaluations in their Third Year – ESW #217
The latest MITRE ATT&CK vendor evaluations are due out soon. In advance of the new round, Uptycs' Ganesh Pai and Amit Malik explore the MITRE ATT&CK framework, its ongoing value for analysts AND future plans to extend ATT&CK to cloud and containers. They'll also show how organizations are translating endpoint and cloud workload telemetry to most effectively support MITRE ATT&CK detections and investigations in the Uptycs Security Analytics Platform.
This segment is sponsored by Uptycs. Visit https://securityweekly.com/uptycs to learn more about them!
Announcements
If you missed Security Weekly Unlocked, you can now access all of the content on-demand, whether you registered before the live event or not, by visiting https://securityweekly.com/unlocked and clicking either the button to register or the button to login!
Guests
Ganesh Pai is Founder & CEO of Uptycs. He is a Boston-based entrepreneur and technologist (formerly Akamai, Verivue, NetDevices) and has been awarded multiple U.S. patents. Ganesh received a BE degree in electronics and communication engineering from Mangalore University and a MS in computer science from Temple University.
Amit is a Principal Researcher at Uptycs. He has specialization in threat detection, threat intelligence and security architecture. Prior to Uptycs, he has worked with leading cyber security companies like Mcafee, Fireeye and Netskope. He holds multiple patents in the area of threat detection and analysis. He actively contributes in security communities through blogs, trainings and tools.