Security Weekly
Enterprise Security WeeklySubscribe
Vulnerability Management, Application security, DevSecOps, Threat Management

Hope & Pray – ESW #233

Full Audio

View Show Index

Segments

1. Why DAST – from Project Management Perspective – Suha Akyuz – ESW #233

More than 96% of software development projects fail across the globe because too many businesses rely on the legacy DevOps process which allows us to run security testing right before going to production. Using the legacy DevOps can lead to a downfall of the project management triangle (Budget, Scope, and Time). However, with more efficient use of dynamic application security testing tools (DAST) in every single stage/sprint, the legacy DevOps can be transformed into DevSecOps, in turn preventing our projects from failing.

This segment is sponsored by Netsparker.

Visit https://securityweekly.com/netsparker to learn more about them!

Sponsored By

Netsparker

Announcements

  • Security Weekly is more than happy to announce that we will be at InfoSec World 2021 IN PERSON October 25th-27th, 2021! This year, our annual partnership with InfoSec World is extra special, as we are both business units under the CyberRisk Alliance brand! What does that mean for Security Weekly listeners & InfoSec World attendees? You will get to see and hear from many of the Security Weekly team at the event AND you will save 20% off on your world pass! Visit https://securityweekly.com/isw2021 to register using our discount code!

  • Security Weekly Unlocked will be held IN PERSON this December 5-8 at the Hilton Lake Buena Vista! Our Call For Presentations Deadline has been extended through July 23rd at 11:59 pm ET! Visit securityweekly.com/unlocked to submit your presentation!

Guest

Suha Akyuz
Application Security Manager at Invicti Security

A Security / Networking Consultant with more than 25 years of experience
in IT Security, Network and VoIP, leading and directing information
technology operations across broad disciplines, including security,
network technologies and project management. Experience has been
in a variety of sectors including, but not limited to, IT Security /
Networking Services and VoIP consultancy in several countries.
Resourceful and creative problem-solving skills with proven ability to
gain customers’ confidence and trust have resulted in repeat business
and client satisfaction. Ability to proactively acquire quick new skills,
a wealth of experience of working within a collaborative team
environments as well as with minimum supervision have ensured timely
issue resolution and appropriate escalation when needed.

Hosts

Principal Researcher at The Defenders Initiative
Principal Security Evangelist at Eclypsium
Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element

2. Noname Security, JFrog Acquires Vdoo, Micro Segmentation, & AWS Buys Wickr – ESW #233

This week, In the Enterprise News, Atos launches thinkAI, AWS welcomes Wickr to the team, U.S. DoD approves two (ISC)² certifications as requirements for staff, JFrog to acquire Vdoo, & more!

Announcements

  • Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.

  • Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!

Hosts

Principal Researcher at The Defenders Initiative
  1. 1. FUNDING: Noname Security closes $60M Series B to eliminate API flaws
    Along with HUMAN and [redacted], this is another startup that's getting perhaps too clever with branding...
  2. 2. FUNDING: Symmetry Systems Pushes Data Security After $15M Series A
    The company makes DataGuard, a product that aims to provide a holistic view of data for compliance and security use cases
  3. 3. FUNDING: Drata raises $25M Series A to expand its security compliance platform – TechCrunch
  4. 4. FUNDING: Zero trust unicorn Illumio closes $225M Series F led by Thoma Bravo – TechCrunch
    Is microsegmentation a thing yet? If it was, I think we'd be talking about Illumio's S-1, not a Series F from a private equity firm. IMO, any efforts that might be spent on microsegmentation has likely now been redirected to Zero Trust projects.
  5. 5. FUNDING: Deduce raises $10M to protect accounts from takeover
    Startup focused on account takeover fraud, using the most common product name in InfoSec: "Insight"
  6. 6. FUNDING: Phylum Closes $4.5M in Seed Funding and Comes Out of Stealth Mode
  7. 7. FUNDING: Bit Discovery Raises $4 Million Series B as Attack Surface Management Gains Momentum – Bit Discovery Blog
    Wasn't expecting to see a record size for a Series B on the lower end, but knowing the Bit Discovery team and their approach, it's a positive thing and totally makes sense.
  8. 8. FUNDING: Symmetry Systems nabs $15M to block data breaches
    https://venturebeat-com.cdn.ampproject.org/c/s/venturebeat.com/2021/06/23/symmetry-systems-nabs-15m-to-block-data-breaches/amp/
  9. 9. IPO: SentinelOne aiming to raise over $1 billion at more than $8 billion valuation after hiking IPO price range
    That's a heck of a valuation...
  10. 10. ACQUISITION: AWS is buying encrypted messaging service Wickr – TechCrunch
    https://techcrunch.com/2021/06/25/aws-is-buying-encrypted-messaging-service-wickr/
  11. 11. TRENDS: Investors Eye Emerging Cybersecurity Space As APIs Explode
  12. 12. TOOLS: Tines: Automate any repetitive process
Principal Security Evangelist at Eclypsium
  1. 1. 42Crunch integrates with Postman to provide enterprises with continuous API protection
    Okay, so nothing other than this on the integration: "42Crunch has announced an integration of its API security services with Postman, the API collaboration platform for developers." Would love to hear more about how this helps...
  2. 2. EclecticIQ Platform delivers threat intelligence, hunting, and response capabilities
    "This intelligence focuses on attackers’ tools, techniques, and procedures (TTPs) – not just indicators of compromise (IOCs) – to reduce alerts and reveal asymptomatic threats that may lurk in the environment. Collaboration is another vital aspect of intelligence. To reduce isolation and encourage sharing of insights and findings, the platform provides tools that promote collaboration internally – within security operations, across teams – and externally across organizations and industries."
  3. 3. U.S. DoD approves two (ISC)² certifications as requirements for cybersecurity staff
    "Following approval by the DoD Senior Information Security Officer and a recommendation by the Cyber Workforce Advisory Group (CWAG) Certification Committee, the HealthCare Information Security and Privacy Practitioner (HCISPP) and the Certified Cloud Security Professional (CCSP) certifications are the latest additions to the DoD 8570 Approved Baseline Certifications table that is publicly available on the DoD Cyber Exchange website."
  4. 4. JFrog to acquire Vdoo to expand its end-to-end DevOps platform offering
    "As part of the JFrog Platform, Vdoo will accelerate JFrog’s vision of becoming the company behind all software updates and creating a world of Liquid Software by expanding its end-to-end DevOps Platform offering, providing holistic security from the development environment all the way to edges, IoT and devices. Vdoo’s security experts and vulnerability researchers will join the JFrog team to continue to develop advanced security solutions for developers and security engineers."
  5. 5. Zero trust unicorn Illumio closes $225M Series F led by Thoma Bravo
    Best description ever: "Illumio, a self-styled zero trust unicorn, has closed a $225 million Series F funding round at a $2.75 billion valuation. The round was led by Thoma Bravo, which recently bought cybersecurity vendor Proofpoint for $12.3 billion, and supported by Franklin Templeton, Hamilton Lane and Blue Owl Capital. The round lands more than two years after Illumio’s Series E funding round in which it raised $65 million and fueled speculation of an impending IPO." - I really want a self-styled, zero-trust unicorn, where can I buy one?
  6. 6. AWS welcomes Wickr to the team
    We've always needed to communicate securely: "With the move to hybrid work environments, due in part to the COVID-19 pandemic, enterprises and government agencies have a growing desire to protect their communications across many remote locations"
  7. 7. eSentire Acquires CyFIR; Launches Cyber Investigation Services – MSSP Alert
    "CyFIR, founded in 2018, has 16 employees listed on LinkedIn, and was backed by debt funding of under $1 million, according to PitchBook. The company’s headquarters in Washington, D.C., will become eSentire’s second U.S.-based Technical Center of Excellence."
  8. 8. Untangle Addresses Need For Threat Prevention at the Network Edge with Launch of SD-WAN Router 3.1
    "New security package that prevents malware, viruses, and other malicious traffic with minimal visibility into network traffic. Threat Prevention will assess and block dangerous types of network traffic even when the traffic is encrypted. Other types of protective features often require SSL Inspection which adds undesired CPU overheads."
  9. 9. SonicWall launches three enterprise-grade firewalls
  10. 10. Atos launches ThinkAI to power artificial intelligence applications
    "ThinkAI is for organizations using traditional high-performance computing that want to run more accurate and faster simulations thanks to AI applications, and also for those developing AI applications that need more computing power."
Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element

3. MalWare Labs and Why You Should Challenge Shift-Left Testing – Mario Vuksan, Rickard Carlsson – ESW #233

Threat hunters are under increased pressure to rapidly analyze, classify, detect and respond to malicious files. ReversingLabs is stepping forward to address these needs with its new Malware Lab Solution. The ReversingLabs Malware Lab solution powers the next generation of threat hunting by delivering a unique combination of static and dynamic analysis capabilities at scale to identify malicious files including those in the software supply chain.

This segment is sponsored by Reversing Labs.

Visit https://securityweekly.com/ReversingLabs to learn more about them!

The development life cycle as we know it is rapidly changing, and today’s AppSec testing needs to keep up with shorter and faster processes. A shift-left approach is no longer enough to protect web assets - you need much more dynamic tools and ways of working.

This segment is sponsored by Detectify.

Visit https://securityweekly.com/detectify to learn more about them!

Guests

Mario Vuksan
CEO & Co-Founder at ReversingLabs

Mario founded ReversingLabs in 2009 and currently serves as CEO. In this role he drives all aspects of the company’s strategy, operations and implementation. Prior to ReversingLabs Mario has held senior technical positions at Bit9 (now Carbon-Black), Microsoft, Groove Networks, and PictureTel (now Polycom). He is the author of numerous research studies, speaking regularly at FS-ISAC, RSA, Black Hat and other leading security conferences.

Rickard Carlsson
Co-founder & CEO at Detectify

Entrepreneurial tech nerd Rickard Carlsson has grown Detectify from a group of ethical hackers with an idea on how to make the internet safer, to an international industry challenger of 140+ people. Rickard has a background in tech and management consulting, and has lived and worked in Sweden, India and the US.

Host

Principal Security Evangelist at Eclypsium

Related

5G Hackathons – Casey Ellis – BTS #28

Casey recently was involved in an event that brought hackers and 5G technology together, tune-in to learn about the results and how we can use bug bounty programs to improve the security of "things". This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!