Security Weekly
Enterprise Security WeeklySubscribe
Incident Response, Network Security, Security Staff Acquisition & Development, Vulnerability Management, Malware, Security Program Controls/Technologies, Cloud Security

SIEM Rules – Eric Capuano, Tim MalcomVetter – ESW #323

Full Audio

View Show Index

Segments

1. It’s Time for the Traditional SIEM to Die – Eric Capuano – ESW #323

InfoSec might have a hoarding problem, but it’s easy to understand why. It’s almost impossible to know what logs you’re doing to need, when you’re going to need them, or for what reason. SIEM vendors have taken advantage of these InfoSec data hoarding tendencies, however, and are making a killing charging a premium for storage - even when the storage in question is your own on-prem hardware. There ARE alternatives, however, but it seems most folks aren’t aware of this.

In this interview with Eric Capuano, we’ll discuss both the practical and economic shortcomings of the traditional SIEM model. We’ll discuss the challenges of various SIEM use cases. Most importantly, we’ll discuss the new models actively replacing them.

(No, they’re not branded as next-gen SIEMs)

Announcements

  • Follow Security Weekly Productions on LinkedIn for exclusive show clips, insights, and updates across our organization! Stay connected with our hosts and fellow community members, and join the conversation that's shaping the future of cybersecurity.

Guest

Eric Capuano
CTO at Recon InfoSec

Eric is the CTO and co-founder of Recon InfoSec. He is also a certified SANS instructor of Digital Forensics and Incident Response, and a former Cyber Warfare Operator in the Texas Air National Guard.

Hosts

Principal Researcher at The Defenders Initiative
Product Marketer and Content Strategist

2. “Just Write a SIEM rule” isn’t a detection strategy – Tim MalcomVetter – ESW #323

Tim MalcolmVetter has been alternating between blue team and red team roles for years. Moving between the two has had its advantages, giving Tim a better understanding of what works, what doesn’t and why.

We’ll discuss a variety of topics, including the pros and cons of industry talent pipelines, Kerberoasting, and AI trends.

2023 Cybersecurity Conversations Report: https://eb1x.co/NWn0RHK

Announcements

  • Join us at an upcoming Official Cyber Security Summit in a city near you! This series of one-day, invitation-only, executive level conferences are designed to educate senior cyber professionals on the latest threat landscape.

    We are pleased to offer our listeners $100 off admission when you use code SecWeek23 to register.

    Visit securityweekly.com/cybersecuritysummit to learn more and register today!

Guest

Tim MalcomVetter
Chief Technology Officer at Cyderes

Tim is a veteran security consultant with 22+ years in the healthcare and retail industries and a deep understanding of how threat actors break into complex, global environments.

Most recently, he ran the engineering teams that built the Cyderes CNAP platform into an industry-leading tool. Prior, he built the Red Team program at the world’s largest company, Walmart, assessing the company’s security across five continents with 2+ million associates and 200+ million unique weekly customers.

Hosts

Principal Researcher at The Defenders Initiative
Deputy CISO at JupiterOne
Product Marketer and Content Strategist

3. 17 Fundings, AI Sec, Cell Privacy, School Hacks, & Nifty Swifties – ESW #323

Finally, in the enterprise security news: We were off for a week, so there are 17 fundings to discuss! AI security startups emerge, and 8 acquisitions! Snyk loses 50% off its valuation is building security tools the wrong approach? SEC delays new cybersecurity rules, Why taylor swift fans should work in security, All that and more, on this episode of Enterprise Security Weekly.

Announcements

  • Stay up-to-date with us on X (formerly known as Twitter) for the latest show clips and updates! Find us @SecWeekly and stay connected with our cybersecurity community.

Hosts

Principal Researcher at The Defenders Initiative
  1. 1. FUNDING: SAVVY Exits Stealth with $30M in Funding to Enable Safe Use of SaaS Applications at Scale
  2. 2. FUNDING: Savvy, a platform to secure SaaS apps, launches out of stealth with $30M
  3. 3. FUNDING (AI): Tibo obtains Pre-A funding to combat AI data leak issues
  4. 4. FUNDING: Invary Pre-Seed Announcement
  5. 5. FUNDING: 1Fort Raises $2M in Pre-Seed Funding
  6. 6. FUNDING: 0pass locks in $3.5m in funding to revolutionise enterprise authentication
  7. 7. FUNDING: Nokod Raises $8M Seed Round From Seasoned Cybersecurity Investors to Enhance Low-Code/No-Code App Security
  8. 8. FUNDING (AI): Resistant AI Raises Additional $11M; Extends Series A to $27.6M
  9. 9. FUNDING (AI): BeeKeeperAI Raises $12.1 Million Series A to Accelerate AI Development on Privacy Protected Healthcare Data
  10. 10. FUNDING (AI): CalypsoAI Raises $23 Million from Paladin Capital Group and Strategic Investors to Drive Secure Enterprise Adoption of Generative AI and Large Language Models – CalypsoAI
  11. 11. FUNDING: Cyware Raises $30 Million to Accelerate Expansion of AI-Powered Global Cyber Fusion and Threat Sharing Networks
  12. 12. FUNDING: Cyera Secures $100 Million Series B Investment to Become the Data Security Platform Enabling the AI Revolution
  13. 13. FUNDING: HSBC loans £5m to cybersecurity firm Glasswall
  14. 14. FUNDING (AI): Naver D2SF invests in AI data generation startup – KED Global
  15. 15. FUNDING: Google’s Gradient backs YC alum Infisical to solve secret sprawl
  16. 16. FUNDING: Unit21, the Risk and Compliance Infrastructure Company Helping Clients Prevent Financial Crime, Announces $45M Series C
  17. 17. ACQUISITIONS: Securing Identity as the New Perimeter: Cisco Announces Intent to Acquire Oort
  18. 18. ACQUISITIONS: EDGE expands its portfolio with acquisition of OryxLabs
  19. 19. ACQUISITIONS: ProcessUnity and CyberGRX Combine to Form the Most Complete Third-Party Risk Management Platform in the Market
  20. 20. ACQUISITIONS: Bitdefender to Acquire Horangi Cyber Security to Expand its GravityZone Unified Risk and Security Analytics Platform
  21. 21. ACQUISITIONS: Jumbo is Being Acquired by Coalition, the Leading B2B Cyber Insurer
  22. 22. ACQUISITIONS: Safe Security Acquires RiskLens to Become CRQM Market Leader
  23. 23. ACQUISITIONS: TPG To Acquire Forcepoint Global Governments and Critical Infrastructure Business from Francisco Partners
  24. 24. ACQUISITIONS: SCADAfence to be Acquired by Honeywell
  25. 25. VALUATIONS: Cybersecurity unicorn Snyk sees valuation plummet by over 50% in secondary deals
  26. 26. ESSAYS: Building security tools is the wrong approach

    Same guy that created the "Stop Silly Cybersecurity Awards" website. Also, I think he's selling a security tool, so ¯_(ツ)_/¯

  27. 27. ESSAYS: Flipping the Vulnerability Management Model: CVSS → SSVC
  28. 28. NEW FEATURES: Perception Point Unveils New AI Model to Thwart Generative AI-Based BEC Attacks – Perception Point

    Calling BS on this

  29. 29. RESEARCH: MIT researchers devise a way to evaluate cybersecurity methods
  30. 30. VULNERABILITIES: The massive bug at the heart of the npm ecosystem

    https://security.snyk.io/package/npm/darcyclarke-manifest-pkg

  31. 31. REBRANDS: Microsoft rebrands Azure Active Directory to Microsoft Entra ID
  32. 32. COMMUNITY: Support for cybersecurity clinics across the U.S.
  33. 33. TRAINING: Cloud & Compromise: Gamifying of Cloud Security
  34. 34. TOOLS: AI and Machine Learning in Cybersecurity
  35. 35. REGULATION: SEC Delays Enactment of Cyber Rules Related to Investment Adviser and Public Companies to October 2023, Updates Timeline to April 2024 for Recently Proposed Cybersecurity Rules – Data Matters Privacy Blog
  36. 36. REGULATIONS: Chris H. on LinkedIn: NCS Implementation Plan

    https://www.linkedin.com/posts/resilientcyberncs-implementation-plan-activity-7085231629891158016-smZw?utmsource=share&utmmedium=memberandroid

  37. 37. CYBERCRIME: Ransomware criminals are dumping kids’ private files online after school hacks
  38. 38. LEGAL: Orca Sues Wiz for ‘Copying’ Its Cloud Security Tech
  39. 39. SQUIRREL: Why Taylor Swift fans should work in cybersecurity – Red Canary

    https://redcanary.com/blog/taylor-swift-cybersecurity/

  40. 40. SQUIRREL: Google Calendar now lets users specify where they’re working from throughout the day

    "Adrian is currently working from [NONE OF YOUR DAMN BUSINESS]"

Product Marketer and Content Strategist
VP Traceable.ai, Cyber Angel Investor and Advisor at 90 Degree Ventures

Related