SIEM Rules – Eric Capuano, Tim MalcomVetter – ESW #323
Full Audio
View Show IndexSegments
1. It’s Time for the Traditional SIEM to Die – Eric Capuano – ESW #323
InfoSec might have a hoarding problem, but it’s easy to understand why. It’s almost impossible to know what logs you’re doing to need, when you’re going to need them, or for what reason. SIEM vendors have taken advantage of these InfoSec data hoarding tendencies, however, and are making a killing charging a premium for storage - even when the storage in question is your own on-prem hardware. There ARE alternatives, however, but it seems most folks aren’t aware of this.
In this interview with Eric Capuano, we’ll discuss both the practical and economic shortcomings of the traditional SIEM model. We’ll discuss the challenges of various SIEM use cases. Most importantly, we’ll discuss the new models actively replacing them.
(No, they’re not branded as next-gen SIEMs)
Announcements
Follow Security Weekly Productions on LinkedIn for exclusive show clips, insights, and updates across our organization! Stay connected with our hosts and fellow community members, and join the conversation that's shaping the future of cybersecurity.
Guest
Hosts
2. “Just Write a SIEM rule” isn’t a detection strategy – Tim MalcomVetter – ESW #323
Tim MalcolmVetter has been alternating between blue team and red team roles for years. Moving between the two has had its advantages, giving Tim a better understanding of what works, what doesn’t and why.
We’ll discuss a variety of topics, including the pros and cons of industry talent pipelines, Kerberoasting, and AI trends.
2023 Cybersecurity Conversations Report: https://eb1x.co/NWn0RHK
Announcements
Join us at an upcoming Official Cyber Security Summit in a city near you! This series of one-day, invitation-only, executive level conferences are designed to educate senior cyber professionals on the latest threat landscape.
We are pleased to offer our listeners $100 off admission when you use code SecWeek23 to register.
Visit securityweekly.com/cybersecuritysummit to learn more and register today!
Guest
Tim is a veteran security consultant with 22+ years in the healthcare and retail industries and a deep understanding of how threat actors break into complex, global environments.
Most recently, he ran the engineering teams that built the Cyderes CNAP platform into an industry-leading tool. Prior, he built the Red Team program at the world’s largest company, Walmart, assessing the company’s security across five continents with 2+ million associates and 200+ million unique weekly customers.
Hosts
3. 17 Fundings, AI Sec, Cell Privacy, School Hacks, & Nifty Swifties – ESW #323
Finally, in the enterprise security news: We were off for a week, so there are 17 fundings to discuss! AI security startups emerge, and 8 acquisitions! Snyk loses 50% off its valuation is building security tools the wrong approach? SEC delays new cybersecurity rules, Why taylor swift fans should work in security, All that and more, on this episode of Enterprise Security Weekly.
Announcements
Stay up-to-date with us on X (formerly known as Twitter) for the latest show clips and updates! Find us @SecWeekly and stay connected with our cybersecurity community.
Hosts
- 1. FUNDING: SAVVY Exits Stealth with $30M in Funding to Enable Safe Use of SaaS Applications at Scale
- 2. FUNDING: Savvy, a platform to secure SaaS apps, launches out of stealth with $30M
- 3. FUNDING (AI): Tibo obtains Pre-A funding to combat AI data leak issues
- 4. FUNDING: Invary Pre-Seed Announcement
- 5. FUNDING: 1Fort Raises $2M in Pre-Seed Funding
- 6. FUNDING: 0pass locks in $3.5m in funding to revolutionise enterprise authentication
- 7. FUNDING: Nokod Raises $8M Seed Round From Seasoned Cybersecurity Investors to Enhance Low-Code/No-Code App Security
- 8. FUNDING (AI): Resistant AI Raises Additional $11M; Extends Series A to $27.6M
- 9. FUNDING (AI): BeeKeeperAI Raises $12.1 Million Series A to Accelerate AI Development on Privacy Protected Healthcare Data
- 10. FUNDING (AI): CalypsoAI Raises $23 Million from Paladin Capital Group and Strategic Investors to Drive Secure Enterprise Adoption of Generative AI and Large Language Models – CalypsoAI
- 11. FUNDING: Cyware Raises $30 Million to Accelerate Expansion of AI-Powered Global Cyber Fusion and Threat Sharing Networks
- 12. FUNDING: Cyera Secures $100 Million Series B Investment to Become the Data Security Platform Enabling the AI Revolution
- 13. FUNDING: HSBC loans £5m to cybersecurity firm Glasswall
- 14. FUNDING (AI): Naver D2SF invests in AI data generation startup – KED Global
- 15. FUNDING: Google’s Gradient backs YC alum Infisical to solve secret sprawl
- 16. FUNDING: Unit21, the Risk and Compliance Infrastructure Company Helping Clients Prevent Financial Crime, Announces $45M Series C
- 17. ACQUISITIONS: Securing Identity as the New Perimeter: Cisco Announces Intent to Acquire Oort
- 18. ACQUISITIONS: EDGE expands its portfolio with acquisition of OryxLabs
- 19. ACQUISITIONS: ProcessUnity and CyberGRX Combine to Form the Most Complete Third-Party Risk Management Platform in the Market
- 20. ACQUISITIONS: Bitdefender to Acquire Horangi Cyber Security to Expand its GravityZone Unified Risk and Security Analytics Platform
- 21. ACQUISITIONS: Jumbo is Being Acquired by Coalition, the Leading B2B Cyber Insurer
- 22. ACQUISITIONS: Safe Security Acquires RiskLens to Become CRQM Market Leader
- 23. ACQUISITIONS: TPG To Acquire Forcepoint Global Governments and Critical Infrastructure Business from Francisco Partners
- 24. ACQUISITIONS: SCADAfence to be Acquired by Honeywell
- 25. VALUATIONS: Cybersecurity unicorn Snyk sees valuation plummet by over 50% in secondary deals
- 26. ESSAYS: Building security tools is the wrong approach
Same guy that created the "Stop Silly Cybersecurity Awards" website. Also, I think he's selling a security tool, so ¯_(ツ)_/¯
- 27. ESSAYS: Flipping the Vulnerability Management Model: CVSS → SSVC
- 28. NEW FEATURES: Perception Point Unveils New AI Model to Thwart Generative AI-Based BEC Attacks – Perception Point
Calling BS on this
- 29. RESEARCH: MIT researchers devise a way to evaluate cybersecurity methods
- 30. VULNERABILITIES: The massive bug at the heart of the npm ecosystem
- 31. REBRANDS: Microsoft rebrands Azure Active Directory to Microsoft Entra ID
- 32. COMMUNITY: Support for cybersecurity clinics across the U.S.
- 33. TRAINING: Cloud & Compromise: Gamifying of Cloud Security
- 34. TOOLS: AI and Machine Learning in Cybersecurity
- 35. REGULATION: SEC Delays Enactment of Cyber Rules Related to Investment Adviser and Public Companies to October 2023, Updates Timeline to April 2024 for Recently Proposed Cybersecurity Rules – Data Matters Privacy Blog
- 36. REGULATIONS: Chris H. on LinkedIn: NCS Implementation Plan
- 37. CYBERCRIME: Ransomware criminals are dumping kids’ private files online after school hacks
- 38. LEGAL: Orca Sues Wiz for ‘Copying’ Its Cloud Security Tech
- 39. SQUIRREL: Why Taylor Swift fans should work in cybersecurity – Red Canary
- 40. SQUIRREL: Google Calendar now lets users specify where they’re working from throughout the day
"Adrian is currently working from [NONE OF YOUR DAMN BUSINESS]"