Enterprise Security Weekly #284

View Show Index

Segments

1. Modern Threat Hunting with your SIEM on a $0 Budget – Ryan Fried – ESW #284

Security analysts can move past traditional Indicators of Compromise from threat intel like domains, hashes, URLs, and IP addresses. These indicators typically aren't valid shortly after the incidents happen. Modern threat hunting by doing things like reading recent and relevant security articles, pull out behaviors that attackers are doing like commands such as net group "domain admins" or RDPing from workstation to workstation and translating those to threat hunting queries. I will talk about how to start small and will give a few examples where we proactively found evil in our environment.

Segment Resources:

https://www.scythe.io/library/operationalizing-red-canarys-2022-threat-detection-report

https://www.itbrew.com/stories/2022/05/09/quantum-ransomware-can-now-move-from-entry-to-encryption-in-under-four-hours?utm_campaign=itb&utm_medium=newsletter&utm_source=morning_brew&mid=1e3360a49c0b72a4c0e4550356ffee54

https://www.cisa.gov/uscert/ncas/alerts/aa22-181a

Announcements

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

Guest

Ryan Fried
Ryan Fried
Senior Security Engineer at Brooks Running

Ryan holds a masters degree in cyber security, has worked in the cybersecurity field for 9 years, and works as an adjunct professor teaching cyber security at a college for 7 years. Currently Ryan works for Brooks Running as a senior security analyst, specializing in security automation, network segmentation and purple teaming.

Hosts

Adrian Sanabria
Adrian Sanabria
Director of Product Management at Tenchi Security
John Kinsella
John Kinsella
Co-founder & CTO at Cysense
Katie Teitler
Katie Teitler
Senior Security Strategist at Axonius

2. Zero to Full Domain Admin: The Real-World Story of a Ransomware Attack – Joseph Carson – ESW #284

Following in the footsteps of an attacker and uncovering their digital footprints, this episode will uncover an attacker’s techniques used and how they went from zero to full domain admin compromise, which resulted in a nasty ransomware incident. It will also cover general lessons learned from Ransomware Incident Response.

Announcements

  • Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!

Guest

Joseph Carson
Joseph Carson
Chief Security Scientist & Advisory CISO at Delinea

Joseph Carson is a cybersecurity professional with 25+ years’ experience in enterprise security, an InfoSec Award winner, author of Privileged Access Management for Dummies and Cybersecurity for Dummies. He is a CISSP and an active member of the cyber-community, speaking at conferences globally. He’s an advisor to several governments, as well as critical infrastructure, financial and maritime industries. Joseph is a host in the award-winning podcast 401 Access Denied where he interviews cybersecurity thought leaders on educational topics.

Hosts

Adrian Sanabria
Adrian Sanabria
Director of Product Management at Tenchi Security
John Kinsella
John Kinsella
Co-founder & CTO at Cysense
Katie Teitler
Katie Teitler
Senior Security Strategist at Axonius

3. Normalyze, Axio, Flashpoint, Medical Records With Amazon, & Dial-Up Service Returns! – ESW #284

Finally, in the enterprise security news, Normalyze and Flow Security raise money to protect data, Axio and Lumu raise money to assess risk, Bitsight intends to acquire ThirdPartyTrust, Flashpoint acquires Echosec Systems, ZeroFox goes public, Rumble rebrands as runZero, Trusting Amazon with medical records, Taking cryptocurrency off the (payment) menu, AWS’s CISO tells us why AWS is so much better than their competitors, and an ancient dial-up Internet service returns!

Announcements

  • Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.

Hosts

Adrian Sanabria
Adrian Sanabria
Director of Product Management at Tenchi Security
  1. 1. FUNDING: Axio lands $23M to help companies quantify cyber risk – TechCrunch
  2. 2. FUNDING: Normalyze Announces $22 Million for DSPM Technology
  3. 3. FUNDING: LIAN Group invests eight-digit amount in Alkira, a top disruptor in the cloud industry, backed by Sequoia, Kleiner Perkins, Google Ventures, and Koch Disruptive Technologies
  4. 4. FUNDING: Flow Security Is Protecting Data At Rest and In Motion with $10M In Seed Funding – Grit Daily News
  5. 5. FUNDING: Cybersecurity Company Lumu Raises $8M, Signs Partnership with KnowBe4, the World’s Largest Integrated Platform for Security Awareness Training
  6. 6. FUNDING: Footprint – one-click KYC & PII vault - $6M seed round led by Index Ventures
  7. 7. FUNDING: Mesh Security emerges from stealth with $4.5 million Seed round to improve Zero Trust in the cloud
  8. 8. ACQUISITIONS: BitSight Announces Intent to Acquire ThirdPartyTrust to Simplify and Modernize Third-Party Risk Management Throughout the Entire Vendor Lifecycle
  9. 9. ACQUISITIONS: Flashpoint Acquires Open Source Intelligence Leader Echosec Systems - Flashpoint is busy building quite the security intelligence platform these days. The company is historically a threat intel vendor, going deep on researching and understanding threat actors, not just gathering and distributing IoCs. This Echosec acquisition adds the ability to monitor risks and events in real time across social media, forums, news, dark web, and other sources. No deal We missed the announcement of Flashpoint Automate last month, the rebrand of a SOAR tool Flashpoint acquired back in 2020, called CRFT. The company also picked up Risk-Based Security back in January as well, making Echosec its third. It's also worth mentioning that Flashpoint got picked up by a private equity firm, Audax Private Equity, about a year ago, and acquire/mashup/sell is a PE strategy we see often.
  10. 10. IPOs: ZeroFox Begins Trading on Nasdaq Under Symbol “ZFOX” - Originally announced back in December 2021, the $1.4B transaction closed last week and ZeroFox has gone public on the NYSE under ZFOX. This was achieved through a SPAC named L&F Acquisition Corp (NYSE:LNFA) and as part of the deal, ZeroFox will acquire IDX, a privacy and identity protection platform.
  11. 11. REBRANDING: runZero 3.0: Check out our new name, and sync assets, software, and vulnerability data from Qualys
  12. 12. NEW PRODUCTS: Canonic Security’s AppTotal - A novel approach to SaaS security, AppTotal gives some deep background on 3rd party apps and integrations. It even evaluates whether the permissions requested are actually necessary or not!
  13. 13. TRENDS: Do You Trust Amazon With Your Medical Records?
  14. 14. TRENDS: Accepting Crypto: A Vendor Perspective - An interesting piece by Shodan's founder, he details the company's experiences accepting cryptocurrency as payment for memberships. This reminds me of a time I tried to give the TOR network the benefit of the doubt, but in the end, decided to block it, after realizing we had never received a single legitimate customer login from TOR, while the number of attacks we received from it was massive. TOR evangelists didn't like it, but no one was paying their mortgages via TOR, so there was little reason to endure the amount of abuse we received from TOR when we could simply block it all by checking a box in our Palo Alto Firewalls. (https://twitter.com/sawaba/status/637454396201267204) Similarly, Matherly offers some very logical reasoning in choosing not to accept cryptocurrency - few people use it and it attracts a lot of scams. It simply isn't worth the trouble it generates. He might take some flack for it, but it's the right choice.
  15. 15. TOOLS: A defender’s MITRE ATT&CK cheat sheet for Google Cloud Platform (GCP)
  16. 16. HOT TAKE: AWS CISO On Why Its Security Strategy Tops Microsoft, Google - "We’re Not Playing Checkers, We’re Playing Chess", says CJ Moses. Ooooh, what now, Google? Need some cream for that burn, Microsoft?
  17. 17. SQUIRREL: Prodigy Reloaded - Yup, a group of reverse-engineering techno-necromancers reanimated Prodigy. Why? Because our silly brains reward nostalgia (https://www.neurologylive.com/view/brain-and-nostalgia).
John Kinsella
John Kinsella
Co-founder & CTO at Cysense
Katie Teitler
Katie Teitler
Senior Security Strategist at Axonius
prestitial ad