Careers, Compliance, Cybercrime, Incident response, Leadership, Managed services, Network security, Remote access, Threat intelligence

ESW #264 – Jeff Styles & Andrew Morris

Managing firewall rule reviews, especially for PCI-DSS, can be complex but it doesn't have to be. Hear from Jeff Styles as he talks about how you can automate this process to keep you compliant and secure.

There's a LOT of noise in the security industry. We've catalogued over 10,000 cybersecurity products and each of the companies behind these products has a marketing team, a twitter account, a blog, and a ton of content to blast at enterprise security buyers.

There's an interesting connection between GreyNoise's product, founder, and principles. While building a product that filtered out the noise that wastes most security operations teams' time, Andrew was dead set against building a startup that resembled the typical security startup.

We'll discuss Andrew's unique path to market, the latest features of GreyNoise, and where the lines are drawn between malicious and benign scanning.

In the Enterprise Security News for this week: Google intends to acquire Mandiant

HelpSystems to pick up Alert Logic - at least their 11th security acquisition in the past 3 years, Rumor that Abnormal Security could be our next security unicorn, Axonius raises a $200M Series E, A number of AppSec and cloud security startups raise their first big rounds, SEC requires public companies to report breaches within 4 days,Did we mention Google is buying Mandiant? All that and more, on this episode of Enterprise Security Weekly.

Segment Resources:

GreyNoise Visualizer (free web tool for researching scanner IPs): https://www.greynoise.io/viz/query/?gnql=last_seen%3A1d

GreyNoise Trends for Apache Log4j Exploit Attempts:

https://www.greynoise.io/viz/tag/apache-log4j-rce-attempt

Visit https://securityweekly.com/firemon to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

View Show Index

Full Audio

Segments

1. The Benefits of Automation, Starting With PCI – Jeff Styles – ESW #264

Managing firewall rule reviews, especially for PCI-DSS, can be complex but it doesn't have to be. Hear from Jeff Styles as he talks about how you can automate this process to keep you compliant and secure.

This segment is sponsored by FireMon.

Visit https://securityweekly.com/firemon to learn more about them!

Announcements

  • Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.

Guest

Jeff Styles
Jeff Styles
SVP of Global Field Engineering and Field CISO at FireMon

Jeffrey Styles leads our global team of sales engineers. Working alongside key groups within FireMon, Jeff ensures technical win achievement and real-time strategic field intelligence. With more than 20 years of experience in perimeter cybersecurity, firewall engineering, and penetration testing he has held a series of security leadership positions in high-growth startups and large-scale Fortune 100 companies.

Hosts

Adrian Sanabria
Adrian Sanabria
Director of Product Management at Tenchi Security
Katie Teitler
Katie Teitler
Senior Security Strategist at Axonius
Tyler Shields
Tyler Shields
CMO at JupiterOne

2. Filtering Out All the [Market] Noise – Andrew Morris – ESW #264

There's a LOT of noise in the security industry. We've catalogued over 10,000 cybersecurity products and each of the companies behind these products has a marketing team, a twitter account, a blog, and a ton of content to blast at enterprise security buyers.

There's an interesting connection between GreyNoise's product, founder, and principles. While building a product that filtered out the noise that wastes most security operations teams' time, Andrew was dead set against building a startup that resembled the typical security startup.

We'll discuss Andrew's unique path to market, the latest features of GreyNoise, and where the lines are drawn between malicious and benign scanning.

Segment Resources:

GreyNoise Visualizer (free web tool for researching scanner IPs): https://www.greynoise.io/viz/query/?gnql=last_seen%3A1d

GreyNoise Trends for Apache Log4j Exploit Attempts:

https://www.greynoise.io/viz/tag/apache-log4j-rce-attempt

Announcements

  • Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!

Guest

Andrew Morris
Andrew Morris
Founder and CEO at GreyNoise Intelligence

Andrew Morris is founder and CEO of GreyNoise Intelligence, a cyber security company based in Washington DC that analyzes Internet scanning traffic to separate threats from background noise. Andrew has a strong background in offensive cyber operations and security research. Before starting GreyNoise, Andrew worked in R&D at Endgame (military grade endpoint protection), security engineering at Intrepidus Group (mobile app security), and penetration testing at Knowledge Consulting Group.

Hosts

Adrian Sanabria
Adrian Sanabria
Director of Product Management at Tenchi Security
Katie Teitler
Katie Teitler
Senior Security Strategist at Axonius
Tyler Shields
Tyler Shields
CMO at JupiterOne

3. Google Acquiring Mandiant, Abnormal Unicorns, SEC Tackles Breaches, & Meme Madness – ESW #264

In the Enterprise Security News for this week: Google intends to acquire Mandiant

HelpSystems to pick up Alert Logic - at least their 11th security acquisition in the past 3 years, Rumor that Abnormal Security could be our next security unicorn, Axonius raises a $200M Series E, A number of AppSec and cloud security startups raise their first big rounds, SEC requires public companies to report breaches within 4 days,Did we mention Google is buying Mandiant? All that and more, on this episode of Enterprise Security Weekly.

Announcements

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

Hosts

Adrian Sanabria
Adrian Sanabria
Director of Product Management at Tenchi Security
  1. 1. RUMORS: Google in talks to buy cybersecurity firm Mandiant: The Information - SIEM (Chronicle), SOAR (SIEMplify), response (Mandiant) - this acquisition would make sense strategically when compared to Google's previous big security acquisitions. All these acquisitions are clustered in the area of detection, response, and recovery. UPDATE: no longer a rumor, see ACQUISITIONS
  2. 2. ACQUISITIONS: Google Announces Intent to Acquire Mandiant - After hearing rumors a few weeks back that Microsoft was in talks to acquire Mandiant (we discussed this on Episode 260 - https://securityweekly.com/esw260), some dismissed the Google/Mandiant chatter as just more rumors. We didn't have to wait long to get official confirmation though - we now have a formal press release from both Mandiant and Google. The product-side of this deal is largely straightforward. Mandiant has an EASM product (Intrigue acquisition), threat intel (iSIGHT Partners acq), Security Validation (aka BAS, Verodin acq) and an XDR/SOAR-like product called Automated Defense. All these roll up into what Mandiant calls the Advantage Platform. They're very complementary to Google's Chronicle and SIEMplify acquisitions, and round out a solid SecOps offering, as Google describes well in this press release. What's less clear, is how Google will integrate Mandiant's services going forward. There are precedents for mixed product/services acquisitions getting acquired, but they're mostly negative. If we reach WAY back to McAfee's acquisition of Foundstone ($86M) and Symantec's acquisition of @stake ($48M), we can track the slow death of both the products and services that came with each of these acquisitions. Of course, Google isn't McAfee or Symantec. And $5.4bn is a MUCH larger purchase price. Even if we factor in inflation, this deal is 42 times larger than the Foundstone acquisition and 75 times larger than the @stake acquisition. Of course, Mandiant is a public company with $483M in 2021 revenue and nearly 2,000 employees - a much larger company than Foundstone or @stake ever were. I think it makes the most sense for Google to allow Mandiant's services to continue to run as an autonomous, independent unit (if it isn't broken...). Meanwhile, Mandiant's founder and CEO, Kevin Mandia, has become increasingly involved in investing and is currently a Strategic Partner of Ballistic Ventures. It's anyone's guess as to whether he'll choose to stay on long-term and continue to run Mandiant, or if he'll pass the torch and devote himself full-time to investing.
  3. 3. ACQUISITIONS: Google to Acquire Mandiant - This is the Mandiant press release for the Google acquisition. It's a bit less informative than Google's version, but they're both worth a read.
  4. 4. ACQUISITION: HelpSystems to Acquire MDR Services Firm Alert Logic - Alert Logic was MDR before MDR was cool. Did we somehow miss HelpSystems acquiring Tripwire for $350M last month??? A few of HelpSystems other recent acquisitions: Digital Guardian, Vera, Clearswift, PhishLabs, Agari, Beyond Security, Digital Defense. This makes at least 11 cybersecurity acquisitions since 2019 for HelpSystems.
  5. 5. FUNDING RUMOR: Insight Leading Abnormal Security Funding Round at $4 Billion - I can't see the full article, but I have a few more details, courtesy of StrictlyVC: Abnormal Security, a 3.5-year-old, San Francisco-based cybersecurity company focused around socially engineered email attacks, is reportedly in talks to raise between $250 million and $300 million in funding led by Insight Partners.
  6. 6. FUNDING: Axonius, which brings asset visibility to complex IT environments, raises $200M - Axonius was already declared a unicorn after the last raise, so we're not adding a new unicorn to the list. We've added 6 more unicorns in the past month, so things have shuffled around a bit. This is a Series E and brings total funding to $665M. Time to start talking exits? I hear Cisco and Microsoft have an appetite for cybersecurity acquisitions...
  7. 7. FUNDING: Cider Security raises $32 million for application security operating system - Apparently, the number is actually $38M in this Series A led by Tiger Global. "The world's first AppSec Operating System". Huh? Like Bright Security, they're taking aim at the dev lifecycle. But instead of DAST, it looks like a more holistic approach, where they focus on providing visibility and security controls. If I'm understanding this right, they're trying to remove friction from the process of improving security in app development, which is the opposite of what most dev-targeted AppSec solutions are doing. I applaud them for that, but still dislike the term "operating system" being repurposed to mean something else...
  8. 8. FUNDING: A Message From The CEO: Announcement Of Series B Funding For Cybersixgill - $35M Series B led by REV Venture Partners brings total finding to $56M. CyberSixGill provides Threat Intel feeds.
  9. 9. FUNDING: Blink looks to simplify cloud operations management with $26M investment – TechCrunch - $20M Series A + $6M in seed and pre-seed, led by Lightspeed. Blink is a workflow platform designed to automate a variety of manual cloud and security operations.
  10. 10. FUNDING: Bright Security (NeuraLegion) Raises $20 Million in Series A Funding - $20M Series A led by Evolution Equity Partners. Founded in 2018, $25M funding total. Provides an appsec platform they claim cover the entire dev lifecycle. "AI-powered DAST that can find web & API OWASP top 10 vulns quickly with no false positives".
  11. 11. FUNDING: VISO Trust lands $11M to automate third-party cyber risk management
  12. 12. FUNDING: SecureCo, LLC – $2.5M Seed Round - New York-based, raised from Florida Funders and others. Possibly the worst website I've seen in 2022. Also not thrilled with the name. Tons of buzzwords, seems very military/federal-focused. Doing something around encrypting data in-transit. Perhaps some kind of peer-to-peer tunneling (ZTNA? SDP?) similar to ZeroBastion (we chatted with their CEO last week)??
  13. 13. REGULATION: SEC Proposes Requiring Firms to Report Cyberattacks Within Four Days - SEC rules already require public firms to report events that could impact shareholders, so this just implements a more formal timeframe in which these companies need to report them. We're still a long way from getting regulation that requires sharing useful details or lessons from breaches, sadly.
  14. 14. SQUIRREL: bugcrowd’s Meme Madness Twitter thread
Katie Teitler
Katie Teitler
Senior Security Strategist at Axonius
Tyler Shields
Tyler Shields
CMO at JupiterOne
prestitial ad