Incident response, Social engineering, Vulnerability management

Congress Goes Cyber-Crazy, Emotet Returns, SnapAttack, & Netography – ESW #251

This week in the Enterprise Security News: NDR startup Netography raises a $45m Series A with Martin Roesch at the helm! Data Security startup Laminar comes out of stealth with a $32m Series A Threat Intel divestment SnapAttack spins out of Booz Allen Cloud Security startup Lacework raises $1.3bn in a single round, Lacework acquires Soluble, You can make some cash if you're willing to delete the NPM modules you manage, Congress goes Cyber Crazy - 18 new cybersecurity-related bills introduced, Emotet returns, but there are tracking tools, All that and more, on this episode of Enterprise Security Weekly!

Full episode and show notes

Announcements

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

  • Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.

Hosts

Adrian Sanabria
Adrian Sanabria
Director of Product Management at Tenchi Security
  1. 1. FUNDING: Netography Raises $45 Million in Series A Funding, Led by Bessemer and SYN Ventures, to Secure the Atomized Network - A whopper of a Series A! For... yet another NDR product? I'm getting heavy Protectwise (acq by Verizon) vibes here - both SaaS-based NDR, with the biggest difference that Protectwise consumed full PCAPs, while Netography aims to only consume netflow, arguing that there's less and less value in deep packet inspection going forward. Even if the product doesn't look all that impressive or compelling, I suspect it's the leadership that brought the VCs to the yard on this one - Martin Roesch was the founder and CEO of Sourcefire. Martin guided the $2.7bn sale of Sourcefire to Cisco in 2013, and was key in turning Cisco into a legitimate security vendor, which picked up a ton of notable security acquisitions following Sourcefire, including ThreatGRID, Neohapsis, OpenDNS, Lancope, CloudLock, and Duo Security. Cisco had security products before Sourcefire, but it didn't *feel* like a security company until after Sourcefire. It will be interesting to see where Roesch takes this one.
  2. 2. FUNDING: Israeli Data Security Startup Laminar Emerges from Stealth with $32 Million Series A – Laminar
  3. 3. FUNDING: Threat intel startup SnapAttack lands $8M Series A following Booz Allen spinout – TechCrunch
  4. 4. FUNDING: Cloud security firm Lacework secures $1.3 billion in new funding round - As you do your double-take, I'll point out that $1.3bn is the size of the ROUND. The valuation is $8.3bn.
  5. 5. ACQUISITION: Lacework acquires Soluble to strengthen its data-driven cloud security platform – Help Net Security
  6. 6. TRENDS: I will pay you cash to delete your npm module
  7. 7. TRENDS: GitHub’s commitment to npm ecosystem security - https://github.blog/2021-11-15-githubs-commitment-to-npm-ecosystem-security/
  8. 8. TRENDS: Emotet botnet returns after law enforcement mass-uninstall operation
  9. 9. TRENDS: “As tech M&A soars into the stratosphere, one sector is doing more than its share to boost it toward those previously unimaginable heights: #Informationsecurity.” - One of my mentors when I was learning the business and investment side of the industry, Brenon Daly. He always has some interesting takes on the market. It's good to see that the current market looks just as nuts to him as it has to us. It's also shocking to see it quantified on a bar graph, zoomed out to an annual time scale!
  10. 10. LEGISLATION: 18 new cybersecurity bills introduced as US congressional interest heats up - We won (by losing)! People are finally taking cybersecurity seriously. So now we're swamped with proposed cybersecurity legislation, and some of it is... not well thought out.
  11. 11. LEGISLATION: Congress Mulls Banning Big Ransomware Payouts - Utter idiocy.
  12. 12. RESEARCH: Mapping ATT&CK to CVE for Impact
  13. 13. TOOLS: Feodo Tracker (botnet tracker)
  14. 14. TOOLS?: SS7 Hack Software – How to hack SS7 and Intercept SMS
  15. 15. REPORTS: McAfee – Hidden Costs of Cybercrime
  16. 16. REPORTS: Inside the Mind of a Hacker 2021 Edition
  17. 17. SQUIRREL: The Mysterious Case of the F*cking Good Pizza
Katie Teitler
Katie Teitler
Senior Security Strategist at Axonius
Tyler Shields
Tyler Shields
CMO at JupiterOne
prestitial ad