Taking Selfies – ESW #216
This week, in the Enterprise Security News, A new Open-source tool helps discover public Azure blobs, A New Eclypsium Integration with Kenna.VM, Armis Raises $125 Million, Okta launches its new open-source design system, Enterprise selfie biometrics solutions from Ping Identity, Bitglass announces technical integrations between SD-WAN providers and its SASE offering, Cisco AppDynamics strengthens security posture, RSA NetWitness Detect AI claims to provide advanced analytics for actionable threat detection, Jetstack Secure delivers protection and visibility of machine identities, Obsidian SaaS security solution now available on AWS Marketplace, and SentinelOne Acquires Scalyr! In the second segment, we welcome HD Moore from Rumble, Inc! In the final segment, Kelley Mak from Work-Bench joins us for a discussion on work-bench ventures!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
1. ‘Selfie Biometrics’, NetWitness, Okta, & Jetstack Secure – ESW #216
A new Open-source tool helps discover public Azure blobs, A New Eclypsium Integration with Kenna.VM, Armis Raises $125 Million, Okta launches its new open-source design system, Enterprise selfie biometrics solutions from Ping Identity, Bitglass announces technical integrations between SD-WAN providers and its SASE offering, Cisco AppDynamics strengthens security posture, RSA NetWitness Detect AI claims to provide advanced analytics for actionable threat detection, Jetstack Secure delivers protection and visibility of machine identities, Obsidian SaaS security solution now available on AWS Marketplace, and SentinelOne Acquires Scalyr, & more!
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
- 1. Open-source tool BlobHunter helps pinpoint public Azure blobs that might contain sensitive files"The result of their research was dishearthening – they found some 2.5 million records and files that included personally identifiable information (PII), 2,300 files related to individuals’ health status, 2,000 files containing financial information, one million invoice files, half a million log files, as well as files containing encryption and firmware keys, SSH, SSL VPN, SMTP and MySQL usernames and passwords, and more."
- 2. Customer Demand Drives New Eclypsium Integration with Kenna.VM"The integration enables Eclypsium firmware security data to be imported into Kenna.VM, where it is combined with real-world threat and exploit intelligence and advanced data science to determine which vulnerabilities pose the highest risk and which can be deprioritized."
- 3. Cybersecurity Company Armis Raises $125 Million At A $2 Billion Valuation"Israeli cybersecurity company Armis has announced the closing of a $125 million financing round led by Brookfield Asset Management at a company valuation of $2 billion. This latest financing round comes a year after US venture capital firm Insight Partners acquired control of Armis for almost half the current valuation - $1.1 billion."
- 4. Okta launches its new open-source design system with a focus on accessibility"Identity and access management service Okta today launched its new design system, both for its own corporate and brand use, but also as an open-source project under the Apache 2.0 license. The Odyssey Design System, as the company calls it, is similar to the likes of Google’s Material Design or Microsoft’s Fluent Design. It may not have quite the same number of features, but what makes it stand out is a focus on accessibility, with every element of the design system being compliant with the W3’s Web Content Accessibility Guidelines."
- 5. Enterprise selfie biometrics solutions from Ping Identity, Ipsidy-LoginID partnership launched"The new PingOne Verify cloud service validates a government-issued ID and matches it to a selfie with facial recognition and biometric liveness detection to strengthen fraud prevention without adding unnecessary friction into the process."
- 6. Bitglass announces technical integrations between SD-WAN providers and its SASE offering"This enables any organization to integrate its existing SD-WAN fabric with the leading SASE platform from Bitglass. Traffic destined for the web, the cloud, and even on-premises resources can automatically be routed to Bitglass for real-time security enforcement. This stands in stark contrast to competing SASE offerings which integrate with a limited set of SD-WAN solutions. These alternatives then require security teams to build and maintain complex, resource-intensive integrations."
- 7. Cisco AppDynamics strengthens security posture while achieving peak app performanceI want to believe, I really do: "Built natively into the AppDynamics platform, users benefit from reduced alert fatigue, real-time threat detection, and automatic breach prevention. "
- 8. RSA NetWitness Detect AI provides advanced analytics for actionable threat detectionI really want to believe this too: "RSA NetWitness Detect AI applies cloud-scale processing for behavior analytics and uses unsupervised machine-learning to detect and respond to threats without manual oversight. The all-new SaaS solution provides high-fidelity, actionable insights on data captured by the RSA NetWitness Platform that empowers security teams to find, prioritize, and resolve threats faster and more efficiently." But, like, I really don't believe it until I see it...
- 9. Jetstack Secure delivers protection and visibility of machine identities to cloud native platformsSounds hot: "Jetstack Secure delivers comprehensive protection and full visibility of machine identities to cloud-native platform and security teams, including public trusted certificates for ingress TLS, as well as private certificates for internal workloads using mTLS across a service mesh."
- 10. Obsidian SaaS security solution now available on AWS MarketplaceThis team is great, I hope they are doing this and kicking butt in the market: "Obsidian protects against account compromise, insider threats, access misuse, data leaks, excessive privileges and weak posture in SaaS applications with its cloud detection and response platform."
- 11. SentinelOne Acquires Scalyr to Revolutionize XDR and Security AnalyticsBold claims: "the autonomous cybersecurity platform company, today announced the acquisition of Scalyr, a leading cloud-native, cloud-scale data analytics platform. With this acquisition, SentinelOne will be able to ingest, correlate, search, and action data from any source, delivering the industry’s most advanced integrated XDR platform for realtime threat mitigation across the enterprise and cloud."
2. Network Discovery & IT Asset Inventory – HD Moore – ESW #216
HD has been focused on research related to network discovery and IT asset inventory for the past three years. This work has led to new techniques for device fingerprinting and topology mapping that show enterprise networks in an entirely new light. He will walk through some visualizations of public IP networks (all of Greece, Iceland, etc.) and highlight the weird and unexpected stuff you can find through clever unauthenticated scans.
If you missed Security Weekly Unlocked, you can now access all of the content on-demand, whether you registered before the live event or not, by visiting https://securityweekly.com/unlocked and clicking either the button to register or the button to login!
HD is the Co-Founder and CEO of Rumble, Inc. Best known as the creator of Metasploit, HD has been building security companies since 1999 with a mix of services, research, and product development roles that focus on applying research to real-world security challenges. In addition to his work at Rumble, HD advises and invests in startups, contributes to open source projects, and continues to present new research at security conferences.
3. Work-Bench Ventures – Kelley Mak – ESW #216
Kelley will discuss his investment thesis in security, his opinions on the cybersecurity investment market in general. He will also review some good and bad investments, stories from the real world, and what companies he likes going forward.
Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!
Kelley is a Principal at Work-Bench, where he focuses on early stage enterprise technology investments in areas including security, cloud and developer tools. Investments that Kelley works closely with include Appland, Arthur, Algorithmia, FireHydrant, Tilt, and VISO Trust.
Kelley also leads corporate engagement at Work-Bench, where he is the key point for the firm’s relationship with forward-thinking technology executives across the Fortune 1000 and web-scale organizations.
Prior to Work-Bench, Kelley covered the security market as an industry analyst at Forrester Research.