The Worst Metaphor – ESW #254
This week, we welcome Shoshana Gourdin, to discuss how Morale Is a Safety Control! Up next, we welcome Scott Crawford, Research Director at 451 Research / S&P Global Market Intelligence, to talk about The Evolution & Future of XDR & the SOC! In the Enterprise News: Is the art of VC valuations a lie?, Noname Security hits unicorn status, Dazz sounds like an 80's cartoon character and is the latest to join the CSPM category with a mega Series A, LogMeIn spins out Lastpass, We'll talk about Log4Shell for a little bit, but not too much, Everyone forgot that AWS had an outage last week, at least, until they had an outage this week, 83% of IT professionals can't guarantee infrastructure is safe from ex-employees, & Senate approves cyber-loaded defense bill but stripped out incident reporting! All that and more, on this episode of Enterprise Security Weekly!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Not all security is complicated--many aspects boil down to noticing that something is off. Attentive and curious employees are an overlooked safety mechanism, as is handling problems in a constructive way.
Throughout 2022, CRA's Business Intelligence Unit will be releasing research reports on the top topics across the security industry. Our first report will be on Third-Party Risk and the Supply Chain. To participate in the survey, please visit https://securityweekly.com/thirdpartyrisk. The results will be shared at our Third-Party Risk eSummit in January.
Like our interview with Allie Mellen last week (episode 253, check it out also), we have another analyst roundtable here (all ESW hosts are former analysts), discussing one of the hottest new cybersecurity categories - XDR.
This discussion will touch on why the only thing about XDR that was a surprise was maybe the name - we all saw this coming, partly due to the failure of other, less effective products and technologies. Perhaps more interesting will be to get Scott's thoughts on where we're going from a macro perspective. Distributed SOC? Automated remediation? Next-gen XDR?
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
Scott Crawford is an industry analyst and heads the Information Security team at 451 Research, a technology industry analyst firm now part of S&P Global Market Intelligence. He was the first information security officer for the Comprehensive Nuclear-Test-Ban Treaty organization in Vienna, Austria, and served as a senior strategist with IBM Security before joining 451.
This week in the Enterprise News: Is the art of VC valuations a lie?, Noname Security hits unicorn status, Dazz sounds like an 80's cartoon character and is the latest to join the CSPM category with a mega Series A, LogMeIn spins out Lastpass, We'll talk about Log4Shell for a little bit, but not too much, Everyone forgot that AWS had an outage last week, at least, until they had an outage this week, 83% of IT professionals can't guarantee infrastructure is safe from ex-employees, & Senate approves cyber-loaded defense bill but stripped out incident reporting! All that and more, on this episode of Enterprise Security Weekly!
Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!
- 1. TRENDS: The ‘art’ of VC startup valuations is a forgery – TechCrunch - https://techcrunch.com/2021/12/10/the-art-of-vc-startup-valuations-is-a-forgery/
- 2. FUNDING: Noname Security achieves unicorn status, one year after exiting stealth, with $135 million Series C
- 3. FUNDING: Ermetic raises $70M for ‘identity-first’ cloud security
- 4. FUNDING: Dazz, from ex-Microsoft team, gets $60M to automate cloud security - $50m Series A + $10m Seed. Sounds like a CSPM play, and who can blame them with all the money getting raised there? Founding team includes former general manager of Microsoft's cloud business and a few other ex-Microsoft folks with backgrounds in IoT security (Armis and Claroty). Founding crew looks to be mostly Israeli and funding comes from Insight Partners, Greylock Partners, Index Ventures, and Cyberstarts.
- 5. SPIN-OUT: LogMeIn spins LastPass out as an independent company once more - https://blog.lastpass.com/2021/12/lastpass-investing-even-more-in-your-password-security-in-2022/
- 6. VULNS: Log4Shell: RCE 0-day exploit found in log4j, a popular Java logging package
- 7. POST-MORTEM: Summary of the AWS Service Event in the Northern Virginia (US-EAST-1) Region
- 8. REPORTS: Cisco Secure Outcomes Study Report 2021 - Part 2 of an excellent series funded by Cisco and put together by the excellent Cyentia Labs. It studies security outcomes - I highly recommend reading both!
- 9. TRENDS: Report: 83% of IT professionals can’t guarantee infrastructure is safe from ex-employees
- 10. STANDARDS: SP 800-160 Vol. 2 Rev. 1, Developing Cyber-Resilient Systems: SSE Approach - Even NIST is ready to admit the security team can't do all the lifting.
- 11. REGULATIONS: Democrats accuse GOP of scuttling incident reporting in massive defense bill - https://therecord.media/democrats-accused-gop-of-scuttling-incident-reporting-in-massive-defense-bill/
- 12. REGULATIONS: Senate approves cyber-loaded defense bill loaded - https://therecord.media/senate-approves-cyber-loaded-defense-bill-loaded/
- 13. SQUIRREL: What’s the jankiest piece of tech you’ve seen a company depend on? - Brandon Rohrer asks on Twitter: War stories please. What’s the jankiest piece of tech you’ve seen a company depend on?