ESW #305 – Tom Goings, Ashley Leonard
Full Audio
View Show IndexSegments
1. Achieve Unprecedented Visibility into Your Software Supply Chain – Tom Goings – ESW #305
Tanium has recently released a new capability called Tanium Software Bill of Materials (SBOM) to help customers identify third-party libraries associated with software packages. - What is Tanium SBOM - Why is it different and why do you need it - How to configure SBOM - How to query for the details about every software application in your environment - Where your vulnerable packages exist - Ways that Tanium can remediate vulnerabilities from OpenSSL to Struts to Log4j today as well as new supply-chain vulnerabilities in the future
No one knows what the next supply chain vulnerability is going to be, but with Tanium, you will have access to data about how your applications are affected before it happens so that when it does, you're ready to take action to remediate the issue from within the Tanium XEM platform.
Segment Resources: - https://www.tanium.com/products/tanium-sbom/ - https://www.tanium.com/press-releases/tanium-launches-software-bill-of-materials-for-unprecedented-visibility-to-combat-supply-chain-threats/ - https://www.tanium.com/blog/software-bill-of-materials-openssl/ This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them!
Announcements
Follow Security Weekly Productions on LinkedIn for exclusive show clips, insights, and updates across our organization! Stay connected with our hosts and fellow community members, and join the conversation that's shaping the future of cybersecurity.
Guest
In 1996, Tom discovered that he had developed an interest in technology, but what was even more surprising was that he was pretty good at it. Since then, his journey has covered over 25 years of learning, starting from a humble beginning of building his first PC to play games with friends, and then moving forward to consulting multiple Fortune 100 companies on the value of the ITIL disciplines of IT Operations Management and IT Service Management. He is currently applying his subject expertise to define the future capabilities and vision for the Tanium platform.
Hosts
2. Advancing Zero Trust Priorities – Ashley Leonard – ESW #305
Syxsense and Enterprise Management Associates (EMA) recently teamed up to publish a survey around the current state of Zero Trust within enterprises as well as where it’s going. This interview will discuss the key findings and insights into the challenges many organizations face around Zero Trust, as well as endpoint security and network access.
Segment Resources: https://www.syxsense.com/advancing-zero-trust-priorities
Announcements
Security Weekly listeners save $100 on their RSA Conference 2023 Full Conference Pass! RSA Conference will take place April 24-27 in San Francisco and on demand. To register using our discount code, please visit https://securityweekly.com/rsac2023 and use the code 53UCYBER! We hope to see you there!
Guest
Ashley Leonard is the president and CEO of Syxsense-a global leader in Unified Security and Endpoint Management (USEM). Ashley is a technology entrepreneur with over 25 years of experience in enterprise software, sales, marketing, and operations, providing critical leadership during the high-growth stages of well-known technology organizations.
Ashley manages U.S., European, and Australian operations in his current role, defines corporate strategies, oversees sales and marketing, and guides product development. Ashley has worked tirelessly to build a robust, innovation-driven culture within the Syxsense team while delivering returns to investors.
He has founded several successful technology companies with global operations, serves on several boards and mentors up-and-coming technology CEOs. Accolades include being named a finalist for Ernst & Young’s “Entrepreneur of The Year” and AeA’s “Outstanding Private Company CEO” Award and won the AGC Innovation CEO Award.
Hosts
3. Insurtechs, Sumo Logic & R7 Go Private, Cyren Closes, Darktrace Shorted, &NSA Hiring! – ESW #305
In the Enterprise News: Whether you want insurtechs or not, they’re here and you’re getting them! Don't worry - we’ll explain what insurtechs are. Two potential deals to take security companies private: Sumo Logic and Rapid 7! Looks like 32 year old security company Cyren is shutting down, hoping for an asset sale. They've already laid off all their employees. Big drama: a firm shorts Darktrace and releases a scathing report. We've got yet more more layoffs this week, but don't fret - the NSA is hiring!
For our squirrel stories, we'll be deciding between three stories: codebreakers solve 500 year old ciphers, the real cost of meetings visualized, and sushi terrorists!
All that and more, on this episode of Enterprise Security Weekly.
Announcements
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
Hosts
- 1. FUNDING: Zurich Insurance leads Series B fundraise for global cyber insurtech (BOXX Insurance)
$14.4M Series B, led by Zurich Insurance. Toronto-based "Insurtech" company combining security and cyber insurance. Acquired Templarbit, an External Attack Surface Monitoring (EASM) startup, back in October
- 2. FUNDING: Asset Reality Secures Multi-Million Dollar Investment From Framework Ventures
There were more blockchain, crypto, and web3 fundings, but this was the only one I felt was interesting enough to include. They appear to be tackling what I think is the #1 issue with consumer use of cryptocurrency: the lack of consumer protections.
You lose crypto and it's gone forever.
It's unclear if this company will be working with individuals, crypto exchanges, law enforcement, or all three, but no one can deny it's sorely needed.
- 3. FUNDING: German cyber insurtech Baobab raises €3mn from Augmentum
Another cybersecurity insurtech startup!
- 4. FUNDING: TEDCO Announces Investment in Foretrace
A small, half million dollar seed round, but in another EASM startup. Late to market, but with all the insuretechs popping up, it might not have to wait long to find an exit.
- 5. ACQUISITIONS: Francisco Partners Nears $1.7 Billion Deal for Software Provider Sumo Logic
Just shy of 6x based on the most recent revenue data: https://investor.sumologic.com/news-releases/news-release-details/sumo-logic-announces-third-quarter-fiscal-2023-financial-results
No premium.
Better than Barracuda's 3.5x take private, but definitely not as good as Mimecast's 11x+ take private.
- 6. ACQUISITION RUMORS: Exclusive: Cybersecurity firm Rapid7 explores sale -sources
Goldman Sachs running the process
- 7. (DE)FUNDING: IronNet Announces Receipt of Continued Listing Standard Notice from NYSE
- 8. (DE)FUNDING: Israeli tech co Cyren reaches the end of the road
Once worth over $1 billion, "Cyren reaches this situation with a negligible market cap. After the report that it would dismiss its workforce, its share price fell by 27%, leaving it with a market cap of just $4.3 million. Over the past five years, it has lost 98% of its value."
- 9. (DE)FUNDING: Darktrace – Quintessential Fund
Well-researched short positions are infamous for creating drama. Sometimes very much justified, sometimes not as much. In the case of Darktrace, I think it's safe to say that none of us were terribly surprised. Some of the reports' details are pretty bad and include: - accusations of faked sales (channel stuffing) - fictitious purchases (round-tripping) - potential shell companies tied to organized crime, money-laundering and crime - one-off hardware sales disguised as recurring software subscriptions - creative accounting - undisclosed ties to the problematic Autonomy (acquired by HP & founded by some of the same folks as Darktrace - HP wrote off 75% of Autonomy's value in less than a year after their acquisition) - accusations that Darktrace's response to their 70-page report was "lame"
- 10. NEW COMPANIES: IAMOps Platform
- 11. NEW COMPANIES: anecdotes, The First Compliance OS – Designed For Scale
please stop calling web-based software platforms operating systems
thanx
- 12. NEW COMPANIES: VicOne Leads the Way Toward Automotive Cybersecurity
A subsidiary of Trend Micro dedicated to automotive security.
- 13. NEW PRODUCTS: Introducing Hermes, An Open Source Document Management System
Not sure I 100% grok this, but Hashicorp built a document management system on top of Google Workspace? Focuses on providing a better way for employees to "author, review, approve, discover, and deprecate documents."
- 14. LAYOFFS: SecureWorks and 4 other security companies lay off significant employees in the past few weeks
4 public companies, 2 series B startups
SecureWorks: 212 employees, 9% of their workforce NCC Group: 125 employees, 7% of their workforce Okta: 300 employees, 5% of their workforce Cyren: 121 employees, 100% of their workforce Hoxhunt: 29 employees, 23% of their workforce Ermetic: 30 employees, 17% of their workforce
- 15. HIRING: NSA Bills Itself as a ‘Soft Landing Place’ for Laid off Tech Workers
- 16. ARTICLES: CISO Role Undergoes Evolution as Role Grows More Complex
- 17. ARTICLES: How to survive below the cybersecurity poverty line
- 18. TRENDS: Top 10 Trends in Cybersecurity, 2023: A Sea of Change for the Industry
Some interesting thoughts here, mostly spot on, I think. From lesser known analyst firm AiteNovarica.
- 19. TRENDS: All-In Podcast E114: Markets update: whipsaw macro picture, big tech, startup mass extinction event, VC reckoning
"Startup mass extinction event" was the segment that got my attention. Well worth a listen, as we're actively seeing some of what they're describing and predicting.
- 20. TRENDS: The “mass extinction” thread that inspired the All-In Podcast discussion, from Tom Loverro on Twitter
- 21. ESSAYS: PLG Clapback – PLG is RIGHT for Cyber Security
A heated response to Tyler's essay from mid-January, The fallacy of PLG (https://thecyberwhy.substack.com/p/the-fallacy-of-plg)
- 22. ESSAYS: How to Handle Layoffs and Economic Uncertainty
- 23. ESSAYS: Are Conferences Worth It?
Some rather large security vendors killed their conference spend years ago and haven't come back since. Are they part of a trend, or an anomaly?
- 24. ESSAYS: Explaining the complex world of channel partners in cybersecurity and looking at their past, present, and future
- 25. SQUIRREL: Lost and found: Codebreakers decipher 50+ letters of Mary, Queen of Scots
- 26. SQUIRREL: What if Google Calendar showed the $$$ cost of a meeting? (by @0xgaut)
- 27. SQUIRREL: ‘Sushi terrorists’ tamper with other diners’ conveyor belt sushi in viral video trend