ESW #266 – Zane Bond, & Erin Kenneally
This week, in our first segment, we welcome Zane Bond, Director of Product Management at Keeper Security, for an interview on How to Secure Your Secrets! We discuss how, Since IT network secrets unlock access to highly privileged systems and data, securing secrets is just as critical to preventing cyberattacks as securing end-user passwords! Then, Erin Kenneally, Senior Director, Cyber Risk Strategy at Guidewire to discuss Cyber Risk, & how past ransomware incidents could lead to a call for cyber insurance industry adaptation! Finally, we dive straight into the Enterprise News for this week! In the Enterprise Security News for this week: Island raises another $115M to build a secure web browser, less than 2 months after raising $100M, Bionic raises $65M for application intelligence, Israeli startup HUB Security merges with a SPAC to go public on the NASDAQ at a $1.28B valuation, Cybersecurity now has 53 unicorns, which are the most interesting to follow? New data shows VCs pulling back on Series A, B, and C, but is this data any good? Over 90% of orgs had an incident tied to a third party last year, the SEC might require public companies to report hacks and hand over details, & more!
This segment is sponsored by Keeper Security.
Since IT network secrets unlock access to highly privileged systems and data, securing secrets is just as critical to preventing cyberattacks as securing end-user passwords. One study found that 75% of ransomware attacks involve compromised credentials – most of the time, RDP credentials. However, secrets management is a challenge for IT teams, who must mitigate secrets sprawl, hardcoded and embedded credentials, and duplicative data stores in hybrid cloud and multi-cloud environments.
Keeper Secrets Manager (KSM) is a fully cloud-based, Zero-Knowledge platform for managing IT infrastructure secrets such as API keys, database passwords, cloud access keys, certificates, SSH keys, service account passwords, and any other type of confidential data. KSM seamlessly integrates into nearly any data environment, with no additional hardware or cloud-hosted infrastructure required. It offers out-of-the-box integrations with a wide variety of DevOps tools, including Github Actions, Kubernetes, Ansible and more.
This segment is sponsored by Keeper Security.
Visit https://securityweekly.com/keepersecurity to learn more about them!
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
Zane Bond is the Director of Product Management at Keeper Security. In his role, Zane is responsible for driving product strategy while building the product roadmap for Keeper’ portfolio. Zane has managed various cybersecurity solutions for more than 12 years, across many disciplines including, endpoint security, network detection, machine learning and AI, incident response, privileged access management, and now credential and secrets management.
The uptick in cyber incidents- and in particular ransomware- offer an opportunity if not serve as a clarion call for cyber insurance industry adaptation. In short, risk transfer that meets the needs of both industry and insurers demands more effective coordination of infosec controls, more complete and continuous optics, and more robust risk modeling.
Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!
Erin Kenneally is currently the Global Director for Cyber Insurance at SentinelOne. after most recently serving as Director of Cyber Risk Strategy at Guidewire-Cyence Risk Analytics. She previously served as Portfolio Manager in the Cyber Security Division for the U.S. Department of Homeland Security, Science & Technology Directorate where she directed nearly 20 projects across programs in cybersecurity research data infrastructure, cyber risk economics, and technology ethics & privacy. Kenneally also served as Technology-Law Specialist at the International Computer Science Institute (ICSI) and the Center for Internet Data Analysis (CAIDA) and Center for Evidence-based Security Research (CESR) at the UC San Diego. She also founded and is CEO of Elchemy, Inc.. Erin is a licensed Attorney specializing in information technology law, including privacy technology, AI & autonomous systems ethics and legal risk, trusted data sharing & governance, technology policy, and emergent IT legal risks. She holds Juris Doctorate and Masters of Forensic Sciences degrees and is a graduate of Syracuse University and the George Washington University.
In the Enterprise Security News for this week: Island raises another $115M to build a secure web browser, less than 2 months after raising $100M, Bionic raises $65M for application intelligence, Israeli startup HUB Security merges with a SPAC to go public on the NASDAQ at a $1.28B valuation, Cybersecurity now has 53 unicorns, which are the most interesting to follow? New data shows VCs pulling back on Series A, B, and C, but is this data any good? Over 90% of orgs had an incident tied to a third party last year, the SEC might require public companies to report hacks and hand over details, & more!
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
- 1. FUNDING: Island hits $1.3B valuation with $115M round – TechCrunch - Less than 2 weeks after we discussed Island coming out of stealth with a massive $100M series A, they're announcing a $115 Series B (Insight, Stripes & Sequoia)? At a $1.3B valuation? For a BROWSER? That's based on an existing browser (Chromium)??? I don't disagree that there's some cool stuff you can probably only do at the browser level, but historic trends in this space suggests this will end up being far more niche than the funds raised suggest.
- 2. FUNDING: Bionic raises $65 million for application intelligence platform - The Series B was led by Insight Partners, with Cyberstarts and Battery also participating. They have an interesting approach to AppSec, where it appears they map out applications to help security teams better understand architecture, dependencies, and data flows. I know you're probably visualizing this product spitting out a Visio diagram, but don't laugh - I can't underscore how valuable something like that could be for a security team. They're using the term ASPM (application security posture management), which joins DSPM as the lastest *SPM acronym we've seen.
- 3. FUNDING: Apptega Raises $37M; Further Engages MSSPs for Automated Cybersecurity Compliance - Funding is from growth equity firm Mainsail Partners. Apptega "develops an MSSP-friendly platform designed to simplify cybersecurity and compliance", and is based in Atlanta.
- 4. FUNDING: Todyl Banks $28M Series A Investment - Series A led by Anthos Capital with participation from Blu, StoneMill, and Tech Operators. Product is a "single-agent, cloud-first platform that brings together EDR, NGAV, GRC, MXDR, SASE, and SIEM". That's a LOT of stuff to bake into one product platform, especially for an early stage startup! More details on their blog: https://blog.todyl.com/blog/series-a-funding-todyl-security-platform-launch
- 5. FUNDING: Application Security Firm ForAllSecure Raises $21 Million - A very interesting approach to AppSec, ForAllSecure is a decade old, but this is only their Series B, co-led by KDT and NEA. You can check out our interview with ForAllSecure's CEO and founder, David Brumley, here on episode 255: https://securityweekly.com/esw255
- 6. IPO: Israeli cybersecurity startup HUB Security merging with SPAC at $1.28 billion valuation - This is an odd one. I hadn't heard of Hub Security before. They're apparently currently public in Israel, but will delist there to go public on the NASDAQ through Mount Rainier, a SPAC. They describe themselves as a producer of "confidential computing solutions", which is a fancy way of saying they design technologies that are tamper resistant, so you can physically run systems in locations that aren't fully trusted. The only other company along these lines I can recall was PrivateCore, another Israeli startup that Facebook acquired back in 2014 (you can imagine why Facebook might need technology like this - https://privatecore.com/privatecore-is-joining-facebook/index.html). Looks like they're doing some similar stuff, like encrypting all data in RAM to defend against attacks that directly target RAM to acquire private encryption keys and other credentials. One of their products is named "Quantum Ransomware Cure".
- 7. TRENDS: Cybersecurity has 53 unicorns. Here are 10 to watch - Interesting that DeWalt is interviewed for this piece. The ten unicorns Kyle chooses to focus on here (heavy lean towards cloud security) are: 1. Snyk 2. Lacework 3. Wiz 4. Arctic Wolf 5. Illumio 6. Sysdig 7. Orca 8. Beyond Identity 9. BlueVoyant 10. Aqua Security
- 8. TRENDS: New data shows how far VCs are pulling back on US Series A, B, and C valuations – TechCrunch - https://techcrunch.com/2022/03/16/new-data-shows-how-far-vcs-are-pulling-back-on-us-series-a-b-and-c-valuations/
- 9. TRENDS: Over 90% of organizations had a security incident linked to a third-party partner in last year
- 10. REPORTS: Coalition’s H1 2021 Cyber Insurance Claims Report
- 11. REGULATION: Proposed SEC rule offers deeper insight into new cyber demands facing publicly traded companies - https://www.scmagazine.com/analysis/compliance/proposed-sec-rule-offers-deeper-insight-into-new-cyber-reporting-requirements-for-publicly-traded-companies
- 12. SQUIRREL: Jobfished: the con that tricked dozens into working for a fake design agency - We talk a lot about startups, and you'll find cases of "fake-it-till-you-make-it" culture everywhere. But there's a big difference from pretending like you have a CFO when you're only 5 employees and pretending you have a decade-old business with a full staff and clients when you've got nothing and don't intend to run a real business at any point...