Security Weekly
Enterprise Security WeeklySubscribe

Truly Special – ESW #215

Full Audio

View Show Index

Segments

1. Imperva Updates WAAP, SonicWall Confirms 0-Day, & Arista Zero Trust – ESW #215

This week in the Enterprise News, Mission Secure Announces Series B, Akamai Technologies Acquires Inverse, for Microsoft, Security is a $10 Billion Business, Sontiq acquires Cyberscout, IRONSCALES improves the ability to detect phishing attacks, Imperva updates its WAAP and Data Security offerings, SonicWall Confirms A Zero-Day Vulnerability with NO other details, Arista intros Multi-Domain Macro-Segmentation Service (I don't know what it means, but its provocative), & more!

Announcements

  • Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!

  • We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!

Hosts

Principal Researcher at The Defenders Initiative
  1. 1. Mission Secure Announces Series B Venture Funding to Further Advance Its Patented OT Cybersecurity Protection Platform
    This is a surprisingly low number for a Series B, unless you consider that the OT security market is also relatively small when compared to the IT security market.
  2. 2. TPG Agrees to Acquire a Majority Stake in Centrify from Thoma Bravo
    Thoma Bravo, well known for turning around some handy 2-3 year profits on many well-known security brands is handing off Centrify to TPG, who is probably best known in recent years for helping Intel divest McAfee and take it public.
  3. 3. Akamai Technologies Acquires Inverse Inc., Adds to Zero Trust Security Platform
    Zero Trust? That could mean 50 different things! First off, it's great to see good exits for Montreal-based companies - last year, Montreal-based vuln mgmt startup Delve Labs got picked up by SecureWorks. Interestingly, it looks like Inverse is basically an acqui-hire, but not your typical acqui-hire. It looks like, instead of developing a commercial product, they specialize in creating and maintaining open source products (specifically, Akamai is likely interested in Packetfence here). Instead of making money on commercial software licensing, they get paid to handle all the integration work. This is interesting, because this is likely one of the most common places where product deployments fail and purchases become shelfware. The average customer doesn't have 5 python experts sitting around, waiting to work on the latest SIEM, threat intel or, in this case, NAC.
  4. 4. Israeli security startup Bridgecrew in negotiations for sale to Palo Alto Networks for over $100m
    Another CSPM getting acquired here - I guess CSPM wasn't part of one of the four acquisitions that went into Prisma Cloud already? Aporeto was microsegmentation, CloudGenix was SD-WAN, Twistlock was container security and PureSec was serverless security, so yeah, I guess they needed a CSPM acquisition. Also, in researching this story, I discovered that Lacework has an absolutely BRUTAL anti Prisma marketing campaign. It's so aggressive, it's kinda funny.
  5. 5. Gartner Forecasts Worldwide Security and Risk Management Spending Growth to Slow but Remain Positive in 2020
    This story is here just as context for the news that Microsoft's security revenue is $10bn annually. With the industry product revenue TAM at ~$60bn, that means Microsoft accounts for one sixth of ALL security product revenue!
  6. 6. For Microsoft, Security is a $10 Billion Business
    Huge, if true. If Microsoft's security business is $10bn... that could put them in the number one spot as the largest security company in terms of product revenue, and ignoring the fact that Microsoft Security isn't a separate pure play company. By comparison, Cisco's security business is only doing ~$3bn annually and they've done a TON of security acquisitions in the past decade - SourceFire, OpenDNS, Duo, CloudLock, Threatgrid...
  7. 7. U.S. based Rapid7 acquires Israeli cyber startup Alcide.io for $50M
    Another container/Kubernetes-inspired acquisition! They picked up DivvyCloud less than 10 months ago, but from what I can tell, that was more of a broad CSPM play, whereas Alcide seems to be more specifically focused on Kubernetes. We'll probably continue to see Kubes-related acquisitions for a while.
  8. 8. Amazon, Alphabet and Salesforce are all investing in a $28 billion company (DataBricks) that crunches big data
    While not a security company, I think we should always have an eye out for big data/data-related companies, as they tend to have an impact on the data-hungry (and alert-fatigued) security space.
  9. 9. HelpSystems Acquires Digital Defense to Enhance Cybersecurity Portfolio – Security Boulevard
    HelpSystems, the parent company that also acquired Core Security and Cobalt Strike, picked up Digital Defense. It makes a lot of sense as an acquisition, as (unless I've missed something), Core never had its own scan engine and depended on customers owning other tools to do the actual vulnerability scanning. While many might not know Digital Defense's name, they're a longtime IBM partner, providing the vulnerability scanning engine for QRadar.
Principal Security Evangelist at Eclypsium
  1. 1. Sontiq acquires Cyberscout to expand its cyber products and services to the insurance industry
    "This acquisition unites three best-of-breed products focused on delivering world-class services, as shown in the excellent customer ratings we all have collectively earned." Except, there is no mention (or even a hint) at what all these products ACTUALLY do!
  2. 2. IRONSCALES further improves ability to detect advanced and highly targeted phishing attacks
    Okay, but like what does it do? Also important: What does it do that my existing solutions don't do? "Using a democratized approach to threat hunting, IRONSCALES makes anti-phishing effortless and seamless for both security professionals and end users."
  3. 3. Arista launches a zero trust security framework for the digital enterprise
    I have no idea what this means, what problem it solves, or why it may be better than anything else: " Arista Multi-Domain Macro-Segmentation Service is a suite of capabilities for integrating security policy with the network through an open and consistent network segmentation approach across network domains."
  4. 4. Cymulate Integrates with Microsoft Defender for Endpoint
    I like the honest marketing: "Cymulate, one of the only SaaS-based Continuous Security Validation platform to operationalize the entire MITRE ATT&CK® framework" I'm also a huge fan of testing this way: "Cymulate correlates EDR findings with hacking techniques, behavior-based attacks and malware launched from the Cymulate platform to validate endpoint protection efficacy against new threats and accurate detection and alerts of possible attacks."
  5. 5. Tenable Empowers MSSPs to Launch Cloud-Based Vulnerability Management Services within Minutes
    "Tenable®, Inc. announced an enhanced Managed Security Service Provider (MSSP) portal to supercharge partners’ cloud-based vulnerability management offerings with Tenable.io®. The updated portal will enable MSSPs to self-provision and self-service their own Tenable.io instances, up to 1,000 assets, empowering partners to build and launch vulnerability management services in the cloud within minutes."
  6. 6. Ping Identity Launches Face-Based Onboarding Solution
  7. 7. StackPath Launches Direct Connect
    "StackPath Direct Connect for StackPath content delivery network (CDN), providing dedicated network connections from customers’ private networks to the StackPath edge platform. Traffic from customers’ on-premises origin servers can travel to and from the StackPath CDN without using the public internet." Also, not so sure it does this: "decrease exposure to malicious activity and threats"
  8. 8. Barracuda launches high-speed expandable backup platform for Microsoft Office 365
    "Barracuda announced the latest version of Barracuda Cloud-to-Cloud Backup with a new platform that delivers a fast search and restore experience for Office 365 data, including Teams, Exchange Online, SharePoint, and OneDrive. Compared to traditional backup and recovery solutions, a cloud-native solution provides scale and resiliency, fast performance, and wide global coverage to protect Office 365 data born in the cloud."
  9. 9. Rapid7 acquires Alcide.IO to extend cloud security
    "these acquisitions will enhance Rapid7’s ability to provide a cloud native security platform to its customers and facilitate continuous management of risk and compliance across their cloud environments...Alcide’s industry leading cloud workload protection platform (CWPP) provides broad, real-time visibility and governance, container runtime and network monitoring, as well as the ability to detect, audit and investigate known and unknown security threats."
  10. 10. Imperva updates WAAP and Data Security offerings with emphasis on simplicity
    Sounds like some re-packaging of existing products.
  11. 11. SonicWall Confirms Zero-Day Vulnerability
    "SonicWall has confirmed a zero-day vulnerability affecting its SMA 100 Series. Its disclosure arrives as NCC Group researchers report an observation of attacks exploiting a SonicWall flaw." - No details have been published, other than "watch for IPs connecting to the management interface".
  12. 12. Arista intros Multi-Domain Macro-Segmentation Service
    "Available on EOS-based switches, MSS-Group implements security policy enforcement based on logical groups rather than traditional approaches based on interfaces, subnets or physical ports. "
VP Traceable.ai, Cyber Angel Investor and Advisor at 90 Degree Ventures

2. Attack Surface Management – Jonathan Cran – ESW #215

Attack Surface Management is an important and growing field within Information Security. In this segment, we discuss how security teams can frame the problem and what can be done to get a handle on the ever-growing attack surface of enterprises!

Announcements

  • Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.

Guest

Jonathan Cran
Founder & CEO at Intrigue.io

Having provided penetration testing and security assessment services for the world’s largest organizations and government agencies, Jonathan’s extensive background includes experience as an executive, consultant, engineer, developer, investor, and researcher.

While working in foundational leadership roles at at Rapid7, Bugcrowd, and Kenna Security, Jonathan, also known as “Jcran” was the driving force behind the success of multiple industry-leading security technologies, standards and frameworks. Jonathan is also the inventor and owner of multiple security assessment patents, and is the originator of the Intrigue Core open source collection engine.

He is a member of a number of technology and security groups, including Exploit Prediction Scoring System (EPSS) Working Group , Cyber Policy Working Group (CFAA) and Austin Hackers (AHA). A frequent speaker at industry conferences, including Black Hat, RSA, Derbycon, Security BSides and DEFCON, Jonathan has also been quoted, and publicly recognized in numerous publications and is recognized as an information security trailblazer.

Hosts

Principal Researcher at The Defenders Initiative
Principal Security Evangelist at Eclypsium
VP Traceable.ai, Cyber Angel Investor and Advisor at 90 Degree Ventures

3. The Cyber Defense Matrix, the DIE Triad, and Cybersecurity Startups – Sounil Yu – ESW #215

The Cyber Defense Matrix is a framework to help systematically organize they many things that we buy and do in cybersecurity. The DIE Triad offers a new way of thinking about resiliency, how we secure the future, and what startups should focus on to help us get there.

Announcements

  • If you missed Security Weekly Unlocked, you can now access all of the content on-demand, whether you registered before the live event or not, by visiting https://securityweekly.com/unlocked and clicking either the button to register or the button to login!

Guest

Sounil Yu
CISO & Head of Research at JupiterOne

Sounil Yu is the CISO and Head of Research at JupiterOne. He created the Cyber Defense Matrix and the DIE Triad, which are reshaping approaches to cybersecurity. He’s a Board Member of the FAIR Institute; co-chairs Art into Science: A Conference on Defense; is a visiting fellow at GMU Scalia Law School’s National Security Institute; teaches at Yeshiva University; and advises many startups. Sounil previously served as the CISO-in-Residence at YL Ventures and Chief Security Scientist at Bank of America. Before Bank of America, he helped improve information security at several Fortune 100 companies and Federal Government agencies. Sounil has over 20 granted patents and was recognized as one of the most influential people in security in 2020 by Security Magazine, Influencer of the Year in 2021 by SC Awards, and a 2021 Top 10 CISO by Black Unicorn Awards. He has an MS in Electrical Engineering from Virginia Tech and a BS in Electrical Engineering and a BA in Economics from Duke University.

Hosts

Principal Researcher at The Defenders Initiative
Principal Security Evangelist at Eclypsium
VP Traceable.ai, Cyber Angel Investor and Advisor at 90 Degree Ventures

Related