Rainbow Hands – ESW #192
This week, we talk Enterprise News, discussing how Attivo Networks EDN enhancements prevent attackers from fingerprinting an endpoint, CloudPassage Expands Cloud Security Capabilities for Docker, Kubernetes, and Container-related Services on AWS, Digital Shadows announces integration with Atlassian Jira, LogRhythm Releases Version 7.5 of NextGen SIEM Platform and New Open Collector Technology, Cloudflare releases Workers Unbound, a secure serverless computing platform, and more! In our second segment, we welcome Om Moolchandani, Chief Technology Officer of Accurics, to Learn about a new paradigm dubbed immutable security! In our final segment, we air a pre recorded interview with Neira Jones, Ambassador at Emerging payments Association, discussing Compliance and Fraud Prevention in FinTech!
Visit https://securityweekly.com/accurics to learn more!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Attivo Networks EDN enhancements prevent attackers from fingerprinting an endpoint, CloudPassage Expands Cloud Security Capabilities for Docker, Kubernetes, and Container-related Services on AWS, Digital Shadows announces integration with Atlassian Jira, LogRhythm Releases Version 7.5 of NextGen SIEM Platform and New Open Collector Technology, Cloudflare releases Workers Unbound, a secure serverless computing platform, and more!
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!
- 1. Fortinet Buys Cloud Security Firm OPAQ - Fortinet has acquired Secure Access Service Edge (SASE) provider OPAQ in a move to add SASE capabilities to the Fortinet Security Platform and Security Fabric architecture. OPAQ brings the cloud-based Zero Trust Network Access (ZTNA) solution to Fortinet's existing SASE offering. The company has focused on security for widely distributed networks and endpoints, including branch offices, remote users, and IoT devices.
- 2. Attivo Networks EDN enhancements prevent attackers from fingerprinting an endpoint – Help Net Security - Unlike traditional security solutions, these new capabilities proactively redirect suspicious endpoint inbound or outbound traffic to decoys for attacker engagement. The new EDN Deflect functionality provides alerts to unauthorized host and service scanning, which is critical because other security controls typically do not generate an alert for these types of activities.
- 3. Risk Assessment Company CyCognito Raises $30 Million
- 4. CloudPassage Expands Cloud Security Capabilities for Docker, Kubernetes, and Container-related Services on AWS
- 5. Attivo Networks integrates with FireEye for advanced threat protection
- 6. Tanium Brings Intelligence to the Edge with Zero Infrastructure Endpoint Management and Security
- 7. VMware Cloud on AWS drives app modernization, business continuity and better cloud economics – Help Net Security - These new offerings include the new Amazon Elastic Compute Cloud (Amazon EC2) i3en instances that can deliver nearly 50% lower cost per GB of raw storage, a 2-host SDDC configuration that lowers the entry price for production environments by 33%, and a new multi-tenant cloud management service that enables partners to support 5-10x more customers with no additional upfront costs, while enabling smaller organizations to purchase VMware Cloud on AWS on a per VM rather than per host basis.
- 8. Portshift unveils new K8SHIELD Framework and introduces context aware security policy enablement – Help Net Security
- 9. Sequitur Labs Launches EmSPARK 2.0 Security
- 10. Artificial Intelligence Cybersecurity Company CalypsoAI Announces $13 Million in Series A Funding
- 11. Digital Shadows announces integration with Atlassian Jira
- 12. LogRhythm Releases Version 7.5 of NextGen SIEM Platform and New Open Collector Technology - Neat: Quickly onboard Cloud services: While customers can choose to manually create and customise collection interfaces if desired, Open Collector also provides several premade Beats. This allows analysts to onboard many popular cloud services with minimal administration work. Out-of-the-box Beats include those for Google G Suite, AWS S3, Event Hub and Sophos.
- 13. Attivo Networks Announces Endpoint Capabilities that Catch Attackers at Hello
- 14. RiskSense platform now provides visibility across both infrastructure and application vulnerability risk – Help Net Security
- 15. Sysdig Cuts Container and Kubernetes Visibility and Security Onboarding to 5 Minutes
- 16. Aqua Security Unveils New Platform to Secure the Build, Infrastructure, and Workloads of Cloud Native Applications - Auto-Remediation of many common weaknesses in configuration, in addition to remediation advice that can be applied manually, Additional public cloud support is now generally available for Google Cloud Platform (GCP) and Oracle Cloud, Infrastructure as Code (IaC) scanning of Terraform and AWS CloudFormation to find weaknesses in deployment templates
- 17. Dragos and Fortinet partner to broaden cybersecurity across industrial networks - Dragos announced that through a partnership with Fortinet it has released an initial integration of the Dragos Platform with FortiSIEM, giving cyber defenders at industrial organizations a unified view of threats and events across the converged enterprise IT and industrial OT (operational technology) environment. Threats detected on OT networks via the Dragos Platform can now be visualized in FortiSIEM.
- 18. Cloudflare releases Workers Unbound, a secure serverless computing platform - "Cloudflare announced the release of Cloudflare Workers Unbound, offering a serverless platform for developers with unparalleled flexibility, performance, security, ease of use, and pricing." - So priced cheap, fast, secure AND easy to use? I don't believe it..
- 19. Sysdig Secure DevOps Platform offers onboarding, out-of-the-box dashboards and integrations – Help Net Security
- 20. Amazon Fraud Detector: Use machine learning in the fight against online fraud – Help Net Security
Learn about a new paradigm dubbed immutable security. What is immutable security? Why has it become more important than before? Infrastructure is being build and deployed with code, hence we can use this to our advantage and build security in from the start as we've always intended! This segment is sponsored by Accurics.
Visit https://securityweekly.com/accurics to learn more!
Security Weekly is an official media partner for Virtual BlackHat 2020! To register and save $200, visit https://securityweekly.com/summercamp2020 and click the register button. Discount code: "20SecWeekbh" Alongside Virtual BlackHat, we will be running our conference micro-interviews, you guessed it, virtually, in an event called Security Weekly Virtual Hacker Summer Camp, August 3 - August 6, 2020. Options, pricing and availability are all listed on the same page! Reserve your slot now to get your message out to BlackHat attendees!
Om is co-founder and Chief Technology Officer at Accurics where he sets the technology strategy for the company. Prior to Accurics, Om was Chief Security Officer at AutoGrid, leading cloud security for its Energy SaaS cloud. Om was also head of cybersecurity for General Electric’s Industrial Cloud and Edge platform, Predix. He built edge, cloud and ICS cybersecurity products to protect critical infrastructure and industrial clouds. Om is an inventor at heart and has been a key contributor to multiple technology startups including CipherCloud where he architected the world’s first Cloud Access Security Broker (CASB ) product. Om holds a Masters and a Bachelors in Computer Applications from University of Technology in India, a specialization in Business Strategy from Harvard, and a specialization in IoT Business from MIT-Sloan. He also holds several specializations in cybersecurity and is a lifetime member of ISACA.
Neira Jones discusses how financial services deals with PCI-DSS, other compliance standards, fraud and cyber crime.
Join us June 29th for a webcast with Tyler Robinson and Beau Bullock to learn how to pivot into the world of Crypto security. Visit https://securityweekly.com/webcasts to register with only your name and email! Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
Neira advises organisations of all sizes on payments, fintech, regtech, cybercrime, information security, regulations (e.g. PSD2, GDPR, AML) and digital innovation. More than 20 years in financial services and technology made her believe in change through innovation and partnerships. She always strives to demystify the hype surrounding current issues and also enjoys her work as an expert witness, as well as cybersecurity due diligence on M&As. Neira likes engaging on social media and regularly addresses global audiences as a keynote speaker or chair person.