Security Weekly
Enterprise Security WeeklySubscribe
Incident Response, Breach, Leadership, Security Staff Acquisition & Development, Malware

ESW #303 – What Makes A Good Breach Response?

Full Audio

View Show Index

Segments

1. Discuss: What Makes a Good Breach Response? – ESW #303

What makes a good breach response? What makes a bad one? Could we objectively measure them? How would we break down and rate a company’s breach response performance?

Hosts

Principal Researcher at The Defenders Initiative
Founder & CTO at Trimarc
VP Traceable.ai, Cyber Angel Investor and Advisor at 90 Degree Ventures

2. Enterprise News Part 1, the Market Stuff – ESW #303

This is the first in our 2 segment Enterprise News special! Stay tuned for segment 2!

Hosts

Principal Researcher at The Defenders Initiative
  1. 1. FUNDING: SpiderOak raises $16.4 million in Series C funding round – SpaceNews

    Once thought of as the "security-minded" Dropbox and Google Drive competitor, SpiderOak has now fully rebranded itself as "Space Cyber Security Solutions for Hybrid Space". This is no window dressing, either - the company is optimizing its software for space missions. It no longer has customers, it has "mission partners". The company has a Senior VP of Space and a Space Advisory Board.

    For its existing, more "down to Earth" customers, the company directs you to its legacy One Backup product over at the https://crossclave.com/one/ website. Ultimately, it seems like sales, marketing, and the ICP have changed more than the product itself (aside from some new software certification goals, of course).

  2. 2. FUNDING: Hypori, Inc. Secures Series B to Redefine Zero-Trust BYOD — Hypori

    An "initial" $10M Series B investment led by Hale Capital Partners, SpiderOak isn't the only vendor to reinvent itself! This seems like more of a marketing rebrand though. Hypori makes mobile device virtualization software. Originally pitched as a way to keep work and personal data separate on one device (Virtual Mobile Infrastructure), the terminology has changed with the trends (Zero Trust BYOD), though the general technology appears to be the same as it was in 2015.

    Mobile operating systems run as cloud workloads and are streamed to mobile devices, usable as if they were locally installed.

  3. 3. ACQUISITIONS: Thoma Bravo expands cybersecurity reach with $1.34 bln Magnet Forensics deal
  4. 4. ACQUISITIONS: Reimagining the future of trust with Trustpage by Vanta
  5. 5. ACQUISITIONS: Bitwarden extends passwordless leadership with acquisition
  6. 6. LAYOFFS: Forescout fires 60% of Israeli R&D staff
  7. 7. LAYOFFS: Citrix and HashiCorp employees laid off
  8. 8. NEW COMPANIES: Boulder cybersecurity startup looks to add 491 workers

    LogRhythm's founders have a new company named RADCL Defense. Though the company states its purpose as focusing on defense against nation state attacks, it has chosen to help SMBs protect themselves, which seem like the least likely group needing help defending against state actors.

  9. 9. NEW PRODUCTS: Perception Point launches Advanced Threat Protection for Zendesk
  10. 10. ESSAYS: Why to Start a Startup in a Bad Economy by Paul Graham

    Everything old is new again, including Paul Graham's wisdom

  11. 11. ESSAYS: Why there are so many cybersecurity vendors, what it leads to and where do we go from here, by Ross Haleliuk
  12. 12. ESSAYS: Money Stuff: Private Markets Don’t Like to Go Down, by Matt Levine
  13. 13. TRENDS: Buyers Call Bluff On Unicorn Valuations: Spread Between Asking Prices And Bids Widens On Secondary Markets
  14. 14. TRENDS: China wants 30 percent CAGR for its infosec industry

    Sounds challenging, though I imagine the Chinese government is going to lend a lot of help to ensure it happens...

  15. 15. TRENDS?: Our cloud spend in 2022

    Is anyone else moving out of the cloud and back into datacenter/colo, or is it just 37Signals/Basecamp?

    I'll be REALLY interested to see the one year update from this move. Basecamp's email product, HEY, was born in the cloud and has always been cloud. It almost had to be, as they had no idea how much attention it would get at launch (it was a LOT more than they expected). But now that things have settled down, they're thinking the cloud is unreasonably expensive for running a service like this. Will there be a private datacenter/colo renaissance? Time will tell.

  16. 16. CYBERINSURANCE: Cyber Insurance Themes to Look Out for in 2023
  17. 17. SQUIRREL: Panicked Google to unveil over 20 AI products, including a Pixel wallpaper maker

    Wait, AI is big now? We've got TONS of AI here at Google! [blows dust off crates]

Founder & CTO at Trimarc
VP Traceable.ai, Cyber Angel Investor and Advisor at 90 Degree Ventures

3. Enterprise News Part 2, Everything Else – ESW #303

This is the 2nd segment in our 2 segment Enterprise News special!

Hosts

Principal Researcher at The Defenders Initiative
  1. 1. NEW FEATURES: Orca Security to offer first ChatGPT extension for cloud security purposes

    Innovation? Innovation!

  2. 2. NEW FEATURES: Amazon S3 Encrypts New Objects By Default
  3. 3. NEW FEATURES: Swipe right on our new credit card tokens!

    Credit card honey tokens! And they're free!

  4. 4. NEW COMPANIES: I Left Graylog to Work on nzyme Full Time – Lennart Koopmann
  5. 5. TRENDS: Security pros say third parties are increasingly the cause of cybersecurity incidents

    Makes sense - hack once, pwn many.

  6. 6. TRENDS: Ransomware revenue drops 40.3% in 2022 as victims show less interest in paying up

    Ransomware proceeds never quite hit the big $1B mark before going back down, but sure, Cybersecurity Ventures still thinks we're going to hit $10T+ in damages by 2025.

  7. 7. TRENDS: Lares Research Highlights Top 5 Penetration Test Findings from 2022
    1. Brute forcing accounts with weak and guessable passwords
    2. Kerberroasting
    3. Excessive file system permissions
    4. WannaCry/EternalBlue (really???)
    5. WMI Lateral Movement
  8. 8. TRENDS: I will never click another sponsored link on Google again

    And for a direct, VERY PERSONAL example of this occurring, check out this thread: https://twitter.com/NFTGOD/status/1614442000958324739?t=4BcSeJ9nHAx4PTFJhKxfQ&s=09

  9. 9. ESSAYS: Security FOMO by Helen Patton

    No matter how much security leaders try to keep on top of things, they always feel like they're behind...

  10. 10. ESSAYS: Who should make cyber risk management decisions?

    Hint: it's not information security professionals.

  11. 11. REPORTS: 2023 World Economic Forum Global Security Outlook
  12. 12. POST MORTEMS: CircleCI incident report for January 4, 2023 security incident

    But still, I wonder - what was the engineer doing that got him compromised with macOS malware? Did he fall for a malicious Google ad?

  13. 13. SQUIRREL: Abstracts written by ChatGPT fool scientists

    Sure, this is a squirrel story, but bears serious thought. If professionals and experts can't tell ChatGPT from a human, what kinds of problems is this going to cause?

Founder & CTO at Trimarc
VP Traceable.ai, Cyber Angel Investor and Advisor at 90 Degree Ventures

Related