Incident response, Vulnerability management, Insider threat, Cybercrime, Leadership

ESW #268 – Josh Snow & Catherine Ullman

In our first segment, we welcome Josh Snow, Principal Sales Engineer at ExtraHop to discuss Common Sense Steps for Implementing Shields Up! Then, Catherine Ullman, Sr. Information Security Forensic Analyst at the University at Buffalo, joins for an interview on Why Learning Offensive Security Makes You A Better Defender! Finally, in the Enterprise Security News for this week: NordVPN raises $100M and becomes the first Lithuanian Unicorn?, Coro lands a $60M Series C for small business-focused security, Airgap Networks closes a funding gap with a $13.4M Series A, Corsha lands a $12M Series A to bring MFA to machine-to-machine API traffic. What? Tru.id lands a $9M seed round to take a stab at using SIM cards for MFA, ex-Alienvault employees raise funding from Ballistic Ventures with Nudge Security, SeeMetrics scores a $6M seed round to provide better KPIs to CISOs, an essay on trust: the two sides of “Say” and “Do”, Ubiquiti continues to alienate the security community with its attacks against Brian Krebs, Why an option to edit tweets is a terrible idea, & more!

Segment Resources:

A Practical Guide for Shields Up: https://www.extrahop.com/resources/papers/shields-up-guidance-for-organizations/

Free Shields Up Assessment: https://www.extrahop.com/lp/free-shields-up-assessment/

This segment is sponsored by ExtraHop Networks.

Visit https://securityweekly.com/extrahop to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

View Show Index

Full Audio

Segments

1. Common Sense Steps for Implementing Shields Up – Josh Snow – ESW #268

In the recent Shields Up advisory, CISA released guidance advising enterprises to prepare for an influx of malicious cyber activity. The advisory includes best practices for reducing the likelihood of a damaging cyber intrusion and how to detect and respond to potential incidents from nation state-sponsored actors. Josh Snow joins Enterprise Security Weekly to provide additional, practical advice for analysts who are on the front lines of the developing cyber conflict. He will dive into the specific practices and protocols that defenders should shore up, as well as behavioral indicators that signal active exploitation attempts.

Segment Resources:

A Practical Guide for Shields Up: https://www.extrahop.com/resources/papers/shields-up-guidance-for-organizations/

Free Shields Up Assessment: https://www.extrahop.com/lp/free-shields-up-assessment/

This segment is sponsored by ExtraHop Networks. Visit https://securityweekly.com/extrahop to learn more about them!

Sponsored By

ExtraHop Networks

Guest

Josh Snow
Josh Snow
Principal Sales Engineer at Extrahop

Josh Snow is a Principal Sales Engineer at ExtraHop with over 15 years’ experience in network computing and security. He is passionate about helping others learn about security topics and has a popular YouTube channel where he shares insights and recommendations for securing against anything ranging from common misconfigurations or emerging threats.

Host

Adrian Sanabria
Adrian Sanabria
Director of Product Management at Tenchi Security

2. Why Learning Offensive Security Makes You A Better Defender – Catherine Ullman – ESW #268

Defensive and Offensive skills have never been mutually exclusive, but the value in training across disciplines has often been overlooked. Catherine joins us today to explain why familiarity with offensive skills, tools, and the attacker's mindset is such a huge benefit for defenders. A few of the highlights we'll cover in this interview include:

- How to get started, learning offensive tools and techniques

- What it means to be an 'Active Defender'

- How to get into the head of the attacker

- How to avoid 'tool-focused tunnel vision'

Announcements

  • Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!

Guest

Catherine Ullman
Catherine Ullman
Sr. Information Security Forensic Analyst at University at Buffalo

Dr. Catherine J. Ullman is a security researcher, speaker, and Senior Information Security Forensic Analyst at University at Buffalo with over 20 years of highly technical experience. In her current role, Cathy is a digital forensics and incident response (DFIR) specialist, performing incident management, intrusion detection, investigative services, and personnel case resolution in a dynamic academic environment. She additionally builds security awareness among faculty and staff via a department-wide program which educates and informs users about how to prevent and detect social engineering threats, and how to compute and digitally communicate safely. Cathy has presented at numerous information security conferences including DEF CON and BlueTeamCon. In her (minimal) spare time, she enjoys visiting her adopted two-toed sloth Flash at the Buffalo Zoo, researching death and the dead, and learning more about hacking things to make the world a more secure place.

Hosts

Adrian Sanabria
Adrian Sanabria
Director of Product Management at Tenchi Security
Tyler Shields
Tyler Shields
CMO at JupiterOne

3. Editing Tweets, Lithuanian Unicorn (NordVPN), Trust Issues, & Ubiquity Legal Battle – ESW #268

Finally, in the Enterprise Security News for this week: NordVPN raises $100M and becomes the first Lithuanian Unicorn?, Coro lands a $60M Series C for small business-focused security, Airgap Networks closes a funding gap with a $13.4M Series A, Corsha lands a $12M Series A to bring MFA to machine-to-machine API traffic. What? Tru.id lands a $9M seed round to take a stab at using SIM cards for MFA, ex-Alienvault employees raise funding from Ballistic Ventures with Nudge Security, SeeMetrics scores a $6M seed round to provide better KPIs to CISOs, an essay on trust: the two sides of “Say” and “Do”, Ubiquiti continues to alienate the security community with its attacks against Brian Krebs, Why an option to edit tweets is a terrible idea, & more!

Announcements

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

  • Join us June 29th for a webcast with Tyler Robinson and Beau Bullock to learn how to pivot into the world of Crypto security. Visit https://securityweekly.com/webcasts to register with only your name and email! Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.

Hosts

Adrian Sanabria
Adrian Sanabria
Director of Product Management at Tenchi Security
  1. 1. FUNDING: Glilot Capital raises $220 million for fourth Seed fund - Unlike other funding pieces we report on, this one is a VC fund intended to partially be used for funding cybersecurity startups. Not a huge fund, until you consider that their aiming for Seed investments, and then it seems huge.
  2. 2. FUNDING: NordVPN raises its first money, $100M, at a $1.6B valuation - $100M round led by Novation. Boom: just like that, we have another unicorn. I have some strong opinions on consumer VPN products, but Nord Security has at least expanded beyond just a private VPN, adding products like password databases, cloud storage, and other offerings.
  3. 3. FUNDING: Former Amazon exec gives Chinese firms a tool to fight cyber threats – TechCrunch - $76M Series E, led by CPE and CDH Investments. ThreatBook is described as threat intel and endpoint security, depending on where you look. The company's founder makes a Crowdstrike comparison and plans to take the company public (in China) in the not-too-distant future. The company also aims to go global with its' product portfolio.
  4. 4. FUNDING: Coro secures $60M at ~$500M valuation for an all-in, SaaS-based cyber protection platform aimed at SMBs – TechCrunch - $60M Series C led by UK-based Balderton Capital. Appears to be another one of these boil-the-ocean approaches that intends to be everything an SMB needs when it comes to security. Godspeed to them, it's an important segment of the market to figure out, since that's where the vast majority of businesses exist and also where they're most vulnerable.
  5. 5. FUNDING: Airgap Networks Raises $13.4M in Series A Funding - $13.4M Series A, led by Storm Ventures. "Airgap delivers an Agentless Zero Trust Segmentation platform with a patented Ransomware Kill Switch™"
  6. 6. FUNDING: Cybersecurity startup Corsha lands $12M – TechCrunch - $12M Series A co-led by Ten Eleven Ventures and Razor's Edge Ventures to "bring MFA to machine-to-machine API traffic". Uh, what? Ah, got it. Later on they clarify how this works: "Corsha toughens those requests with a one-time-use MFA credential built from the machine’s dynamic identity and checked against a cryptographically verifiable distributed ledger network. The API request is only accepted if there is a match between the MFA credential and that machine’s identity, and each API call requires a fresh, one-time-use credential". Seems like this could potentially be used for SaaS authentication as well - it seems like a lot of consumer and business SaaS is still ridiculously easy to attack by stealing session tokens (e.g. OAuth 1.0).
  7. 7. FUNDING: tru.ID Adds Sorenson Ventures to $9m Seed Round to Scale the Mobile Cybersecurity Platform - $9M Seed round, led by Sorenson Ventures. Tru.ID appears to be leveraging the SIM cards built into mobile devices as an additional factor for MFA use cases.
  8. 8. FUNDING: Nudge Security announces seed funding with Ballistic Ventures - $7M Seed round led by Ballistic Ventures (the firm's first investment), Nudge is founded by long-time Alienvault employees Russel Spitler and Jaime Blasco. There aren't a ton of details on what Nudge's product will be, but lots of hints that it takes a more proactive and positive approach in helping employees make good security choices.
  9. 9. FUNDING: SeeMetrics scores $6M seed to surface key security metrics for CISOs – TechCrunch - $6M Seed round, led by Work-Bench, 8VC, AGP, Essence, and others. The plan is to build a product that will provide better metrics/KPIs to CISOs. Not many details yet on how the necessary data will be ingested, analyzed, and presented. Potentially a very interesting product/space - this is fairly unique from what I've seen.
  10. 10. FUNDING: Polaris Web Protection & Cyber Security - $500K Seed round. Singapore-based security startup offering Web Application and API Protection (WAAP)
  11. 11. FUNDING: Ermetic Receives Strategic Investment from Splunk Ventures - Funding details unknown, but this follows a $70M Series B led by Qumra Capital with support from Forgepoint Capital. Appears to be a CSPM vendor.
  12. 12. ESSAYS: Trust issues: The two sides of Say:Do - Part 3 of a great series that focuses on something we don't have enough of in this industry: vendor trust.
  13. 13. TRENDS: The how and why of raising OT security capital – TechCrunch - There has always been capital available for OT Security startups, but they tended to get less funding than mainstream security startups and were highly focused in the Israeli markets. This article, by Insight Partners' Matt Gatto, suggests there might be (or should be?) increased interest in OT Security in the near future.
  14. 14. TRENDS: AcidRain – a Modem Wiper Rains Down on Europe - This is the _seventh_ wiper that Russia has unleashed since the invasion of Ukraine. This isn't something we'd typically report on, except that, if history is anything to go on, we'll be seeing criminal groups leveraging wipers moreso in the future.
  15. 15. TRENDS: Budget 2022: $9.9 billion towards cyber security aims to make Australia a key ‘offensive’ cyber player - Whoever controls the REDSPICE controls $9.9B AUS. Yes, this joke is the only reason this article is here. Aside from the fact that we reported on the White House earmarking some $10B+ for cybersecurity, so I suppose the federal cyber spending trend is spreading?
  16. 16. REPORTS: Cyber Security Market Industry Analysis, Size, Share, Growth Opportunities, Future Trends, SWOT Analysis, Competition, and Forecasts 2022 to 2030 – Digital Journal - Based on the outdated info in the abstract, I wouldn't recommend buying this $4,000 report.
  17. 17. LEGAL: Ubiquiti Teaches AWS Security and Crisis Comms Via Counterexample - A particularly good writeup from @QuinnyPig on Ubiquiti's poorly advised lawsuit against Brian Krebs.
  18. 18. RESEARCH: ForAllSecure offering $1K to integrate free fuzzer to open source projects - We had David on the podcast back on December 23rd, 2021 and found a very unique and interesting approach to discovering software issues. Continuing in the vein of unique approaches, ForAllSecure is now offering $1000 to anyone that will integrate its fuzzer with a popular open source project (>100 stars).
  19. 19. SQUIRREL: Elon Musk to join Twitter’s board of directors, teases ‘significant improvements’
  20. 20. SQUIRREL: Trung Phan on Twitter
  21. 21. SQUIRREL: Editing of Tweets is a bad idea. Here’s why.
Tyler Shields
Tyler Shields
CMO at JupiterOne
prestitial ad