Hope & Pray – ESW #233
Full Audio
View Show IndexSegments
1. Why DAST – from Project Management Perspective – Suha Akyuz – ESW #233
More than 96% of software development projects fail across the globe because too many businesses rely on the legacy DevOps process which allows us to run security testing right before going to production. Using the legacy DevOps can lead to a downfall of the project management triangle (Budget, Scope, and Time). However, with more efficient use of dynamic application security testing tools (DAST) in every single stage/sprint, the legacy DevOps can be transformed into DevSecOps, in turn preventing our projects from failing.
This segment is sponsored by Netsparker.
Visit https://securityweekly.com/netsparker to learn more about them!
Announcements
Security Weekly is more than happy to announce that we will be at InfoSec World 2021 IN PERSON October 25th-27th, 2021! This year, our annual partnership with InfoSec World is extra special, as we are both business units under the CyberRisk Alliance brand! What does that mean for Security Weekly listeners & InfoSec World attendees? You will get to see and hear from many of the Security Weekly team at the event AND you will save 20% off on your world pass! Visit https://securityweekly.com/isw2021 to register using our discount code!
Security Weekly Unlocked will be held IN PERSON this December 5-8 at the Hilton Lake Buena Vista! Our Call For Presentations Deadline has been extended through July 23rd at 11:59 pm ET! Visit securityweekly.com/unlocked to submit your presentation!
Guest
A Security / Networking Consultant with more than 25 years of experience
in IT Security, Network and VoIP, leading and directing information
technology operations across broad disciplines, including security,
network technologies and project management. Experience has been
in a variety of sectors including, but not limited to, IT Security /
Networking Services and VoIP consultancy in several countries.
Resourceful and creative problem-solving skills with proven ability to
gain customers’ confidence and trust have resulted in repeat business
and client satisfaction. Ability to proactively acquire quick new skills,
a wealth of experience of working within a collaborative team
environments as well as with minimum supervision have ensured timely
issue resolution and appropriate escalation when needed.
Hosts
2. Noname Security, JFrog Acquires Vdoo, Micro Segmentation, & AWS Buys Wickr – ESW #233
This week, In the Enterprise News, Atos launches thinkAI, AWS welcomes Wickr to the team, U.S. DoD approves two (ISC)² certifications as requirements for staff, JFrog to acquire Vdoo, & more!
Announcements
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
Hosts
- 1. FUNDING: Noname Security closes $60M Series B to eliminate API flawsAlong with HUMAN and [redacted], this is another startup that's getting perhaps too clever with branding...
- 2. FUNDING: Symmetry Systems Pushes Data Security After $15M Series AThe company makes DataGuard, a product that aims to provide a holistic view of data for compliance and security use cases
- 3. FUNDING: Drata raises $25M Series A to expand its security compliance platform – TechCrunch
- 4. FUNDING: Zero trust unicorn Illumio closes $225M Series F led by Thoma Bravo – TechCrunchIs microsegmentation a thing yet? If it was, I think we'd be talking about Illumio's S-1, not a Series F from a private equity firm. IMO, any efforts that might be spent on microsegmentation has likely now been redirected to Zero Trust projects.
- 5. FUNDING: Deduce raises $10M to protect accounts from takeoverStartup focused on account takeover fraud, using the most common product name in InfoSec: "Insight"
- 6. FUNDING: Phylum Closes $4.5M in Seed Funding and Comes Out of Stealth Mode
- 7. FUNDING: Bit Discovery Raises $4 Million Series B as Attack Surface Management Gains Momentum – Bit Discovery BlogWasn't expecting to see a record size for a Series B on the lower end, but knowing the Bit Discovery team and their approach, it's a positive thing and totally makes sense.
- 8. FUNDING: Symmetry Systems nabs $15M to block data breacheshttps://venturebeat-com.cdn.ampproject.org/c/s/venturebeat.com/2021/06/23/symmetry-systems-nabs-15m-to-block-data-breaches/amp/
- 9. IPO: SentinelOne aiming to raise over $1 billion at more than $8 billion valuation after hiking IPO price rangeThat's a heck of a valuation...
- 10. ACQUISITION: AWS is buying encrypted messaging service Wickr – TechCrunchhttps://techcrunch.com/2021/06/25/aws-is-buying-encrypted-messaging-service-wickr/
- 11. TRENDS: Investors Eye Emerging Cybersecurity Space As APIs Explode
- 12. TOOLS: Tines: Automate any repetitive process
- 1. 42Crunch integrates with Postman to provide enterprises with continuous API protectionOkay, so nothing other than this on the integration: "42Crunch has announced an integration of its API security services with Postman, the API collaboration platform for developers." Would love to hear more about how this helps...
- 2. EclecticIQ Platform delivers threat intelligence, hunting, and response capabilities"This intelligence focuses on attackers’ tools, techniques, and procedures (TTPs) – not just indicators of compromise (IOCs) – to reduce alerts and reveal asymptomatic threats that may lurk in the environment. Collaboration is another vital aspect of intelligence. To reduce isolation and encourage sharing of insights and findings, the platform provides tools that promote collaboration internally – within security operations, across teams – and externally across organizations and industries."
- 3. U.S. DoD approves two (ISC)² certifications as requirements for cybersecurity staff"Following approval by the DoD Senior Information Security Officer and a recommendation by the Cyber Workforce Advisory Group (CWAG) Certification Committee, the HealthCare Information Security and Privacy Practitioner (HCISPP) and the Certified Cloud Security Professional (CCSP) certifications are the latest additions to the DoD 8570 Approved Baseline Certifications table that is publicly available on the DoD Cyber Exchange website."
- 4. JFrog to acquire Vdoo to expand its end-to-end DevOps platform offering"As part of the JFrog Platform, Vdoo will accelerate JFrog’s vision of becoming the company behind all software updates and creating a world of Liquid Software by expanding its end-to-end DevOps Platform offering, providing holistic security from the development environment all the way to edges, IoT and devices. Vdoo’s security experts and vulnerability researchers will join the JFrog team to continue to develop advanced security solutions for developers and security engineers."
- 5. Zero trust unicorn Illumio closes $225M Series F led by Thoma BravoBest description ever: "Illumio, a self-styled zero trust unicorn, has closed a $225 million Series F funding round at a $2.75 billion valuation. The round was led by Thoma Bravo, which recently bought cybersecurity vendor Proofpoint for $12.3 billion, and supported by Franklin Templeton, Hamilton Lane and Blue Owl Capital. The round lands more than two years after Illumio’s Series E funding round in which it raised $65 million and fueled speculation of an impending IPO." - I really want a self-styled, zero-trust unicorn, where can I buy one?
- 6. AWS welcomes Wickr to the teamWe've always needed to communicate securely: "With the move to hybrid work environments, due in part to the COVID-19 pandemic, enterprises and government agencies have a growing desire to protect their communications across many remote locations"
- 7. eSentire Acquires CyFIR; Launches Cyber Investigation Services – MSSP Alert"CyFIR, founded in 2018, has 16 employees listed on LinkedIn, and was backed by debt funding of under $1 million, according to PitchBook. The company’s headquarters in Washington, D.C., will become eSentire’s second U.S.-based Technical Center of Excellence."
- 8. Untangle Addresses Need For Threat Prevention at the Network Edge with Launch of SD-WAN Router 3.1"New security package that prevents malware, viruses, and other malicious traffic with minimal visibility into network traffic. Threat Prevention will assess and block dangerous types of network traffic even when the traffic is encrypted. Other types of protective features often require SSL Inspection which adds undesired CPU overheads."
- 9. SonicWall launches three enterprise-grade firewalls
- 10. Atos launches ThinkAI to power artificial intelligence applications"ThinkAI is for organizations using traditional high-performance computing that want to run more accurate and faster simulations thanks to AI applications, and also for those developing AI applications that need more computing power."
3. MalWare Labs and Why You Should Challenge Shift-Left Testing – Mario Vuksan, Rickard Carlsson – ESW #233
Threat hunters are under increased pressure to rapidly analyze, classify, detect and respond to malicious files. ReversingLabs is stepping forward to address these needs with its new Malware Lab Solution. The ReversingLabs Malware Lab solution powers the next generation of threat hunting by delivering a unique combination of static and dynamic analysis capabilities at scale to identify malicious files including those in the software supply chain.
This segment is sponsored by Reversing Labs.
Visit https://securityweekly.com/ReversingLabs to learn more about them!
The development life cycle as we know it is rapidly changing, and today’s AppSec testing needs to keep up with shorter and faster processes. A shift-left approach is no longer enough to protect web assets - you need much more dynamic tools and ways of working.
This segment is sponsored by Detectify.
Visit https://securityweekly.com/detectify to learn more about them!
Guests
Mario founded ReversingLabs in 2009 and currently serves as CEO. In this role he drives all aspects of the company’s strategy, operations and implementation. Prior to ReversingLabs Mario has held senior technical positions at Bit9 (now Carbon-Black), Microsoft, Groove Networks, and PictureTel (now Polycom). He is the author of numerous research studies, speaking regularly at FS-ISAC, RSA, Black Hat and other leading security conferences.
Entrepreneurial tech nerd Rickard Carlsson has grown Detectify from a group of ethical hackers with an idea on how to make the internet safer, to an international industry challenger of 140+ people. Rickard has a background in tech and management consulting, and has lived and worked in Sweden, India and the US.